diff options
Diffstat (limited to 'lang/php53/patches/patch-ext_standard_var__unserializer.c')
-rw-r--r-- | lang/php53/patches/patch-ext_standard_var__unserializer.c | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/lang/php53/patches/patch-ext_standard_var__unserializer.c b/lang/php53/patches/patch-ext_standard_var__unserializer.c new file mode 100644 index 00000000000..f3c92e6ff76 --- /dev/null +++ b/lang/php53/patches/patch-ext_standard_var__unserializer.c @@ -0,0 +1,15 @@ +$NetBSD: patch-ext_standard_var__unserializer.c,v 1.1.2.2 2014/10/25 15:55:51 tron Exp $ + +* Fix for CVE-2014-3669. + +--- ext/standard/var_unserializer.c.orig 2014-08-13 19:27:30.000000000 +0000 ++++ ext/standard/var_unserializer.c +@@ -333,7 +333,7 @@ static inline int object_custom(UNSERIAL + + (*p) += 2; + +- if (datalen < 0 || (*p) + datalen >= max) { ++ if (datalen < 0 || (max - (*p)) <= datalen) { + zend_error(E_WARNING, "Insufficient data for unserializing - %ld required, %ld present", datalen, (long)(max - (*p))); + return 0; + } |