Miroirs/slackware-current
1
0
Fork 0
mirror of git://slackware.nl/current.git synced 2024-12-28 09:59:53 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
slackware-current/source/n/php/CVE-2023-0568.patch

63 lines
2.4 KiB
Diff
Raw Normal View History

Wed Feb 15 03:05:40 UTC 2023 a/kernel-firmware-20230214_a253a37-noarch-1.txz: Upgraded. a/kernel-generic-6.1.12-x86_64-1.txz: Upgraded. a/kernel-huge-6.1.12-x86_64-1.txz: Upgraded. a/kernel-modules-6.1.12-x86_64-1.txz: Upgraded. d/kernel-headers-6.1.12-x86-1.txz: Upgraded. d/rust-1.66.1-x86_64-1.txz: Upgraded. k/kernel-source-6.1.12-noarch-1.txz: Upgraded. kde/bluedevil-5.27.0-x86_64-1.txz: Upgraded. kde/breeze-5.27.0-x86_64-1.txz: Upgraded. kde/breeze-grub-5.27.0-x86_64-1.txz: Upgraded. kde/breeze-gtk-5.27.0-x86_64-1.txz: Upgraded. kde/drkonqi-5.27.0-x86_64-1.txz: Upgraded. kde/kactivitymanagerd-5.27.0-x86_64-1.txz: Upgraded. kde/kde-cli-tools-5.27.0-x86_64-1.txz: Upgraded. kde/kde-gtk-config-5.27.0-x86_64-1.txz: Upgraded. kde/kdecoration-5.27.0-x86_64-1.txz: Upgraded. kde/kdeplasma-addons-5.27.0-x86_64-1.txz: Upgraded. kde/kgamma5-5.27.0-x86_64-1.txz: Upgraded. kde/khotkeys-5.27.0-x86_64-1.txz: Upgraded. kde/kinfocenter-5.27.0-x86_64-1.txz: Upgraded. kde/kmenuedit-5.27.0-x86_64-1.txz: Upgraded. kde/kpipewire-5.27.0-x86_64-1.txz: Upgraded. kde/kscreen-5.27.0-x86_64-1.txz: Upgraded. kde/kscreenlocker-5.27.0-x86_64-1.txz: Upgraded. kde/ksshaskpass-5.27.0-x86_64-1.txz: Upgraded. kde/ksystemstats-5.27.0-x86_64-1.txz: Upgraded. kde/kwallet-pam-5.27.0-x86_64-1.txz: Upgraded. kde/kwayland-integration-5.27.0-x86_64-1.txz: Upgraded. kde/kwin-5.27.0-x86_64-1.txz: Upgraded. kde/kwrited-5.27.0-x86_64-1.txz: Upgraded. kde/layer-shell-qt-5.27.0-x86_64-1.txz: Upgraded. kde/libkscreen-5.27.0-x86_64-1.txz: Upgraded. kde/libksysguard-5.27.0-x86_64-1.txz: Upgraded. kde/milou-5.27.0-x86_64-1.txz: Upgraded. kde/oxygen-5.27.0-x86_64-1.txz: Upgraded. kde/oxygen-sounds-5.27.0-x86_64-1.txz: Upgraded. kde/plasma-browser-integration-5.27.0-x86_64-1.txz: Upgraded. kde/plasma-desktop-5.27.0-x86_64-1.txz: Upgraded. kde/plasma-disks-5.27.0-x86_64-1.txz: Upgraded. kde/plasma-firewall-5.27.0-x86_64-1.txz: Upgraded. kde/plasma-integration-5.27.0-x86_64-1.txz: Upgraded. kde/plasma-nm-5.27.0-x86_64-1.txz: Upgraded. kde/plasma-pa-5.27.0-x86_64-1.txz: Upgraded. kde/plasma-sdk-5.27.0-x86_64-1.txz: Upgraded. kde/plasma-systemmonitor-5.27.0-x86_64-1.txz: Upgraded. kde/plasma-vault-5.27.0-x86_64-1.txz: Upgraded. kde/plasma-workspace-5.27.0-x86_64-1.txz: Upgraded. kde/plasma-workspace-wallpapers-5.27.0-x86_64-1.txz: Upgraded. kde/polkit-kde-agent-1-5.27.0-x86_64-1.txz: Upgraded. kde/powerdevil-5.27.0-x86_64-1.txz: Upgraded. kde/qqc2-breeze-style-5.27.0-x86_64-1.txz: Upgraded. kde/sddm-kcm-5.27.0-x86_64-1.txz: Upgraded. kde/systemsettings-5.27.0-x86_64-1.txz: Upgraded. kde/xdg-desktop-portal-kde-5.27.0-x86_64-1.txz: Upgraded. l/mozjs102-102.8.0esr-x86_64-1.txz: Upgraded. n/php-7.4.33-x86_64-3.txz: Rebuilt. This update fixes security issues: Core: Password_verify() always return true with some hash. Core: 1-byte array overrun in common path resolve code. SAPI: DOS vulnerability when parsing multipart request body. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-0567 https://www.cve.org/CVERecord?id=CVE-2023-0568 https://www.cve.org/CVERecord?id=CVE-2023-0662 (* Security fix *) xap/mozilla-firefox-110.0-x86_64-1.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/110.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/ https://www.cve.org/CVERecord?id=CVE-2023-25728 https://www.cve.org/CVERecord?id=CVE-2023-25730 https://www.cve.org/CVERecord?id=CVE-2023-25743 https://www.cve.org/CVERecord?id=CVE-2023-0767 https://www.cve.org/CVERecord?id=CVE-2023-25735 https://www.cve.org/CVERecord?id=CVE-2023-25737 https://www.cve.org/CVERecord?id=CVE-2023-25738 https://www.cve.org/CVERecord?id=CVE-2023-25739 https://www.cve.org/CVERecord?id=CVE-2023-25729 https://www.cve.org/CVERecord?id=CVE-2023-25732 https://www.cve.org/CVERecord?id=CVE-2023-25734 https://www.cve.org/CVERecord?id=CVE-2023-25740 https://www.cve.org/CVERecord?id=CVE-2023-25731 https://www.cve.org/CVERecord?id=CVE-2023-25733 https://www.cve.org/CVERecord?id=CVE-2023-25736 https://www.cve.org/CVERecord?id=CVE-2023-25741 https://www.cve.org/CVERecord?id=CVE-2023-25742 https://www.cve.org/CVERecord?id=CVE-2023-25744 https://www.cve.org/CVERecord?id=CVE-2023-25745 (* Security fix *) extra/php80/php80-8.0.28-x86_64-1.txz: Upgraded. This update fixes security issues: Core: Password_verify() always return true with some hash. Core: 1-byte array overrun in common path resolve code. SAPI: DOS vulnerability when parsing multipart request body. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-0567 https://www.cve.org/CVERecord?id=CVE-2023-0568 https://www.cve.org/CVERecord?id=CVE-2023-0662 (* Security fix *) extra/php81/php81-8.1.16-x86_64-1.txz: Upgraded. This update fixes security issues: Core: Password_verify() always return true with some hash. Core: 1-byte array overrun in common path resolve code. SAPI: DOS vulnerability when parsing multipart request body. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-0567 https://www.cve.org/CVERecord?id=CVE-2023-0568 https://www.cve.org/CVERecord?id=CVE-2023-0662 (* Security fix *) isolinux/initrd.img: Rebuilt. kernels/*: Upgraded. testing/packages/rust-1.67.1-x86_64-1.txz: Upgraded. usb-and-pxe-installers/usbboot.img: Rebuilt.
2023-02-15 04:05:40 +01:00
From c0fceebfa195b8e56a7108cb731b5ea7afbef70c Mon Sep 17 00:00:00 2001
From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
Date: Fri, 27 Jan 2023 19:28:27 +0100
Subject: [PATCH] Fix array overrun when appending slash to paths
Fix it by extending the array sizes by one character. As the input is
limited to the maximum path length, there will always be place to append
the slash. As the php_check_specific_open_basedir() simply uses the
strings to compare against each other, no new failures related to too
long paths are introduced.
We'll let the DOM and XML case handle a potentially too long path in the
library code.
---
ext/dom/document.c | 2 +-
ext/xmlreader/php_xmlreader.c | 2 +-
main/fopen_wrappers.c | 6 +++---
3 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/ext/dom/document.c b/ext/dom/document.c
index 4dee5548f188..c60198a3be11 100644
--- a/ext/dom/document.c
+++ b/ext/dom/document.c
@@ -1182,7 +1182,7 @@ static xmlDocPtr dom_document_parser(zval *id, int mode, char *source, size_t so
int validate, recover, resolve_externals, keep_blanks, substitute_ent;
int resolved_path_len;
int old_error_reporting = 0;
- char *directory=NULL, resolved_path[MAXPATHLEN];
+ char *directory=NULL, resolved_path[MAXPATHLEN + 1];
if (id != NULL) {
intern = Z_DOMOBJ_P(id);
diff --git a/ext/xmlreader/php_xmlreader.c b/ext/xmlreader/php_xmlreader.c
index c17884d960cb..39141c8c1223 100644
--- a/ext/xmlreader/php_xmlreader.c
+++ b/ext/xmlreader/php_xmlreader.c
@@ -1017,7 +1017,7 @@ PHP_METHOD(XMLReader, XML)
xmlreader_object *intern = NULL;
char *source, *uri = NULL, *encoding = NULL;
int resolved_path_len, ret = 0;
- char *directory=NULL, resolved_path[MAXPATHLEN];
+ char *directory=NULL, resolved_path[MAXPATHLEN + 1];
xmlParserInputBufferPtr inputbfr;
xmlTextReaderPtr reader;
diff --git a/main/fopen_wrappers.c b/main/fopen_wrappers.c
index f6ce26e104be..12cc9c8b10c0 100644
--- a/main/fopen_wrappers.c
+++ b/main/fopen_wrappers.c
@@ -129,10 +129,10 @@ PHPAPI ZEND_INI_MH(OnUpdateBaseDir)
*/
PHPAPI int php_check_specific_open_basedir(const char *basedir, const char *path)
{
- char resolved_name[MAXPATHLEN];
- char resolved_basedir[MAXPATHLEN];
+ char resolved_name[MAXPATHLEN + 1];
+ char resolved_basedir[MAXPATHLEN + 1];
char local_open_basedir[MAXPATHLEN];
- char path_tmp[MAXPATHLEN];
+ char path_tmp[MAXPATHLEN + 1];
char *path_file;
size_t resolved_basedir_len;
size_t resolved_name_len;
Reference in a new issue Copy permalink