diff options
Diffstat (limited to 'lang/php5/patches/patch-ext_shmop_shmop.c')
| -rw-r--r-- | lang/php5/patches/patch-ext_shmop_shmop.c | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/lang/php5/patches/patch-ext_shmop_shmop.c b/lang/php5/patches/patch-ext_shmop_shmop.c new file mode 100644 index 00000000000..f6395518d71 --- /dev/null +++ b/lang/php5/patches/patch-ext_shmop_shmop.c @@ -0,0 +1,15 @@ +$NetBSD: patch-ext_shmop_shmop.c,v 1.1.2.2 2011/03/22 06:22:18 sbd Exp $ + +Fix for CVE-2011-1092. + +--- ext/shmop/shmop.c.orig 2010-01-03 09:23:27.000000000 +0000 ++++ ext/shmop/shmop.c +@@ -223,7 +223,7 @@ PHP_FUNCTION(shmop_read) + RETURN_FALSE; + } + +- if (start + count > shmop->size || count < 0) { ++ if (count < 0 || start > (INT_MAX - count) || start + count > shmop->size) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "count is out of range"); + RETURN_FALSE; + } |