diff options
Diffstat (limited to 'www/php4/patches/patch-av')
| -rw-r--r-- | www/php4/patches/patch-av | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/www/php4/patches/patch-av b/www/php4/patches/patch-av new file mode 100644 index 00000000000..18689fc693a --- /dev/null +++ b/www/php4/patches/patch-av @@ -0,0 +1,32 @@ +$NetBSD: patch-av,v 1.3 2006/11/04 11:19:41 adrianp Exp $ + +# CVE-2006-5465 + +--- ext/standard/html.c.orig 2006-02-25 21:33:06.000000000 +0000 ++++ ext/standard/html.c +@@ -878,7 +878,7 @@ PHPAPI char *php_escape_html_entities(un + + matches_map = 0; + +- if (len + 9 > maxlen) ++ if (len + 16 > maxlen) + replaced = erealloc (replaced, maxlen += 128); + + if (all) { +@@ -903,9 +903,15 @@ PHPAPI char *php_escape_html_entities(un + } + + if (matches_map) { ++ int l = strlen(rep); ++ /* increase the buffer size */ ++ if (len + 2 + l >= maxlen) { ++ replaced = erealloc(replaced, maxlen += 128); ++ } ++ + replaced[len++] = '&'; + strcpy(replaced + len, rep); +- len += strlen(rep); ++ len += l; + replaced[len++] = ';'; + } + } |