raven-rhel6/isp-php54/bug70480.patch

Adapted for 5.4, by Remi Collet, from:


From e1ba58f068f4bfc8ced75bb017cd31d8beddf3c2 Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <stas@php.net>
Date: Mon, 28 Sep 2015 11:31:14 -0700
Subject: [PATCH] Fix bug #70480 (php_url_parse_ex() buffer overflow read)

(cherry picked from commit 629e4da7cc8b174acdeab84969cbfc606a019b31)
---
 ext/standard/url.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ext/standard/url.c b/ext/standard/url.c
index fc3f080..b5739f0 100644
--- a/ext/standard/url.c
+++ b/ext/standard/url.c
@@ -321,7 +321,7 @@ PHPAPI php_url *php_url_parse_ex(char co
 	nohost:
 	
 	if ((p = memchr(s, '?', (ue - s)))) {
-		pp = strchr(s, '#');
+		pp = memchr(s, '#', (ue - s));
 
 		if (pp && pp < p) {
 			if (pp - s) {
-- 
2.1.4
first commit 2024-02-21 20:14:44 +06:00			`Adapted for 5.4, by Remi Collet, from:`


			`From e1ba58f068f4bfc8ced75bb017cd31d8beddf3c2 Mon Sep 17 00:00:00 2001`
			`From: Stanislav Malyshev <stas@php.net>`
			`Date: Mon, 28 Sep 2015 11:31:14 -0700`
			`Subject: [PATCH] Fix bug #70480 (php_url_parse_ex() buffer overflow read)`

			`(cherry picked from commit 629e4da7cc8b174acdeab84969cbfc606a019b31)`
			`---`
			`ext/standard/url.c \| 2 +-`
			`1 file changed, 1 insertion(+), 1 deletion(-)`

			`diff --git a/ext/standard/url.c b/ext/standard/url.c`
			`index fc3f080..b5739f0 100644`
			`--- a/ext/standard/url.c`
			`+++ b/ext/standard/url.c`
			`@@ -321,7 +321,7 @@ PHPAPI php_url *php_url_parse_ex(char co`
			`nohost:`

			`if ((p = memchr(s, '?', (ue - s)))) {`
			`- pp = strchr(s, '#');`
			`+ pp = memchr(s, '#', (ue - s));`

			`if (pp && pp < p) {`
			`if (pp - s) {`
			`--`
			`2.1.4`