aboutsummaryrefslogtreecommitdiffstats
path: root/meta-webserver/recipes-php/modphp/files/php-CVE-2014-5120.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta-webserver/recipes-php/modphp/files/php-CVE-2014-5120.patch')
-rw-r--r--meta-webserver/recipes-php/modphp/files/php-CVE-2014-5120.patch35
1 files changed, 35 insertions, 0 deletions
diff --git a/meta-webserver/recipes-php/modphp/files/php-CVE-2014-5120.patch b/meta-webserver/recipes-php/modphp/files/php-CVE-2014-5120.patch
new file mode 100644
index 00000000000..f2e23b3f09d
--- /dev/null
+++ b/meta-webserver/recipes-php/modphp/files/php-CVE-2014-5120.patch
@@ -0,0 +1,35 @@
+modphp: Security Advisory - php - CVE-2014-5120
+
+Upstream-Status: Backport
+
+Signed-off-by Yue Tao <yue.tao@windriver.com>
+
+From 706aefb78112a44d4932d4c9430c6a898696f51f Mon Sep 17 00:00:00 2001
+From: Stanislav Malyshev <stas@php.net>
+Date: Mon, 18 Aug 2014 22:49:10 -0700
+Subject: [PATCH] Fix bug #67730 - Null byte injection possible with imagexxx
+ functions
+
+---
+ ext/gd/gd_ctx.c | 5 +++++
+ 2 files changed, 7 insertions(+)
+
+diff --git a/ext/gd/gd_ctx.c b/ext/gd/gd_ctx.c
+index bff691f..eafbab5 100644
+--- a/ext/gd/gd_ctx.c
++++ b/ext/gd/gd_ctx.c
+@@ -124,6 +124,11 @@ static void _php_image_output_ctx(INTERNAL_FUNCTION_PARAMETERS, int image_type,
+ RETURN_FALSE;
+ }
+ } else if (Z_TYPE_P(to_zval) == IS_STRING) {
++ if (CHECK_ZVAL_NULL_PATH(to_zval)) {
++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid 2nd parameter, filename must not contain null bytes");
++ RETURN_FALSE;
++ }
++
+ stream = php_stream_open_wrapper(Z_STRVAL_P(to_zval), "wb", REPORT_ERRORS|IGNORE_PATH|IGNORE_URL_WIN, NULL);
+ if (stream == NULL) {
+ RETURN_FALSE;
+--
+1.7.9.5
+