diff options
Diffstat (limited to 'meta-oe/recipes-devtools/php/php/CVE-2020-7070.patch')
-rw-r--r-- | meta-oe/recipes-devtools/php/php/CVE-2020-7070.patch | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/meta-oe/recipes-devtools/php/php/CVE-2020-7070.patch b/meta-oe/recipes-devtools/php/php/CVE-2020-7070.patch new file mode 100644 index 0000000000..e5b527f989 --- /dev/null +++ b/meta-oe/recipes-devtools/php/php/CVE-2020-7070.patch @@ -0,0 +1,24 @@ +Subject: Patch fix-urldecode for HTTP related Bug #79699 + +--- + main/php_variables.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/main/php_variables.c b/main/php_variables.c +index 1a40c2a1..cbdc7cf1 100644 +--- a/main/php_variables.c ++++ b/main/php_variables.c +@@ -514,7 +514,9 @@ SAPI_API SAPI_TREAT_DATA_FUNC(php_default_treat_data) + } + + val = estrndup(val, val_len); +- php_url_decode(var, strlen(var)); ++ if (arg != PARSE_COOKIE) { ++ php_url_decode(var, strlen(var)); ++ } + if (sapi_module.input_filter(arg, var, &val, val_len, &new_val_len)) { + php_register_variable_safe(var, val, new_val_len, &array); + } +-- +2.25.1 + |