1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
$NetBSD: patch-ak,v 1.1 2002/02/28 15:07:18 jlam Exp $
--- functions/mime.c.orig Mon Oct 16 21:30:59 2000
+++ functions/mime.c Thu Feb 28 09:20:34 2002
@@ -1,4 +1,14 @@
/*
+ * This file is patched with the security fix for the file-upload bug
+ * taken from:
+ *
+ * http://www.php.net/do_download.php?download_file=mime.c.diff-3.0.gz
+ *
+ * and fixes the security problem noted in
+ *
+ * http://security.e-matters.de/advisories/012002.html
+ */
+/*
+----------------------------------------------------------------------+
| PHP HTML Embedded Scripting Language Version 3.0 |
+----------------------------------------------------------------------+
@@ -85,7 +95,9 @@
SAFE_RETURN;
}
loc = memchr(ptr, '\n', rem);
+ rem -= loc - ptr;
name = strstr(ptr, " name=");
+ ptr = loc;
if (name && name < loc) {
name += 6;
s = memchr(name, '\"', loc - name);
@@ -138,6 +150,10 @@
sprintf(lbuf, "%s_name[]", abuf);
sbuf=estrdup(abuf);
} else {
+ if (abuf) {
+ efree(abuf);
+ abuf = NULL;
+ }
sprintf(lbuf, "%s_name", namebuf);
sbuf=estrdup(namebuf);
}
|
