blob: 02a8a9e1b01c666d1167357c63e6029e3f74e260 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
$NetBSD: patch-au,v 1.3 2006/10/22 13:16:41 adrianp Exp $
# CVE-2006-4625
--- Zend/zend_ini.c.orig 2005-09-02 22:09:03.000000000 +0100
+++ Zend/zend_ini.c
@@ -256,7 +256,8 @@ ZEND_API int zend_restore_ini_entry(char
zend_ini_entry *ini_entry;
TSRMLS_FETCH();
- if (zend_hash_find(EG(ini_directives), name, name_length, (void **) &ini_entry)==FAILURE) {
+ if (zend_hash_find(EG(ini_directives), name, name_length, (void **) &ini_entry)==FAILURE ||
+ (stage == ZEND_INI_STAGE_RUNTIME && (ini_entry->modifyable & ZEND_INI_USER) == 0)) { return FAILURE;
return FAILURE;
}
|