diff options
Diffstat (limited to 'www/php3/patches/patch-ak')
-rw-r--r-- | www/php3/patches/patch-ak | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/www/php3/patches/patch-ak b/www/php3/patches/patch-ak new file mode 100644 index 00000000000..3ebaa00cf11 --- /dev/null +++ b/www/php3/patches/patch-ak @@ -0,0 +1,40 @@ +$NetBSD: patch-ak,v 1.1 2002/02/28 15:07:18 jlam Exp $ + +--- functions/mime.c.orig Mon Oct 16 21:30:59 2000 ++++ functions/mime.c Thu Feb 28 09:20:34 2002 +@@ -1,4 +1,14 @@ + /* ++ * This file is patched with the security fix for the file-upload bug ++ * taken from: ++ * ++ * http://www.php.net/do_download.php?download_file=mime.c.diff-3.0.gz ++ * ++ * and fixes the security problem noted in ++ * ++ * http://security.e-matters.de/advisories/012002.html ++ */ ++/* + +----------------------------------------------------------------------+ + | PHP HTML Embedded Scripting Language Version 3.0 | + +----------------------------------------------------------------------+ +@@ -85,7 +95,9 @@ + SAFE_RETURN; + } + loc = memchr(ptr, '\n', rem); ++ rem -= loc - ptr; + name = strstr(ptr, " name="); ++ ptr = loc; + if (name && name < loc) { + name += 6; + s = memchr(name, '\"', loc - name); +@@ -138,6 +150,10 @@ + sprintf(lbuf, "%s_name[]", abuf); + sbuf=estrdup(abuf); + } else { ++ if (abuf) { ++ efree(abuf); ++ abuf = NULL; ++ } + sprintf(lbuf, "%s_name", namebuf); + sbuf=estrdup(namebuf); + } |