diff options
Diffstat (limited to 'meta-webserver/recipes-php/modphp/files/php-CVE-2014-5120.patch')
-rw-r--r-- | meta-webserver/recipes-php/modphp/files/php-CVE-2014-5120.patch | 35 |
1 files changed, 0 insertions, 35 deletions
diff --git a/meta-webserver/recipes-php/modphp/files/php-CVE-2014-5120.patch b/meta-webserver/recipes-php/modphp/files/php-CVE-2014-5120.patch deleted file mode 100644 index f2e23b3f09..0000000000 --- a/meta-webserver/recipes-php/modphp/files/php-CVE-2014-5120.patch +++ /dev/null @@ -1,35 +0,0 @@ -modphp: Security Advisory - php - CVE-2014-5120 - -Upstream-Status: Backport - -Signed-off-by Yue Tao <yue.tao@windriver.com> - -From 706aefb78112a44d4932d4c9430c6a898696f51f Mon Sep 17 00:00:00 2001 -From: Stanislav Malyshev <stas@php.net> -Date: Mon, 18 Aug 2014 22:49:10 -0700 -Subject: [PATCH] Fix bug #67730 - Null byte injection possible with imagexxx - functions - ---- - ext/gd/gd_ctx.c | 5 +++++ - 2 files changed, 7 insertions(+) - -diff --git a/ext/gd/gd_ctx.c b/ext/gd/gd_ctx.c -index bff691f..eafbab5 100644 ---- a/ext/gd/gd_ctx.c -+++ b/ext/gd/gd_ctx.c -@@ -124,6 +124,11 @@ static void _php_image_output_ctx(INTERNAL_FUNCTION_PARAMETERS, int image_type, - RETURN_FALSE; - } - } else if (Z_TYPE_P(to_zval) == IS_STRING) { -+ if (CHECK_ZVAL_NULL_PATH(to_zval)) { -+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid 2nd parameter, filename must not contain null bytes"); -+ RETURN_FALSE; -+ } -+ - stream = php_stream_open_wrapper(Z_STRVAL_P(to_zval), "wb", REPORT_ERRORS|IGNORE_PATH|IGNORE_URL_WIN, NULL); - if (stream == NULL) { - RETURN_FALSE; --- -1.7.9.5 - |