helium-3rd-party/meta-openembedded
1
0
Fork 0
mirror of git://git.openembedded.org/meta-openembedded synced 2026-04-02 02:49:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

modphp: Security Advisory - php - CVE-2014-5120

Browse Source 
gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before
5.5.16 does not ensure that pathnames lack %00 sequences, which might
allow remote attackers to overwrite arbitrary files via crafted input to
an application that calls the (1) imagegd, (2) imagegd2, (3) imagegif,
(4) imagejpeg, (5) imagepng, (6) imagewbmp, or (7) imagewebp function.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5120

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
This commit is contained in:
Yue Tao 2014-10-23 16:29:13 +08:00 committed by Martin Jansa
parent d47b4c7ca0
commit 81aecee0ed
2 changed files with 36 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
meta-webserver/recipes-php/modphp/files/php-CVE-2014-5120.patch Normal file
View File

@ -0,0 +1,35 @@
modphp: Security Advisory - php - CVE-2014-5120
Upstream-Status: Backport
Signed-off-by Yue Tao <yue.tao@windriver.com>
From 706aefb78112a44d4932d4c9430c6a898696f51f Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <stas@php.net>
Date: Mon, 18 Aug 2014 22:49:10 -0700
Subject: [PATCH] Fix bug #67730 - Null byte injection possible with imagexxx
functions
---
ext/gd/gd_ctx.c | 5 +++++
2 files changed, 7 insertions(+)
diff --git a/ext/gd/gd_ctx.c b/ext/gd/gd_ctx.c
index bff691f..eafbab5 100644
--- a/ext/gd/gd_ctx.c
+++ b/ext/gd/gd_ctx.c
@@ -124,6 +124,11 @@ static void _php_image_output_ctx(INTERNAL_FUNCTION_PARAMETERS, int image_type,
RETURN_FALSE;
}
} else if (Z_TYPE_P(to_zval) == IS_STRING) {
+ if (CHECK_ZVAL_NULL_PATH(to_zval)) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid 2nd parameter, filename must not contain null bytes");
+ RETURN_FALSE;
+ }
+
stream = php_stream_open_wrapper(Z_STRVAL_P(to_zval), "wb", REPORT_ERRORS|IGNORE_PATH|IGNORE_URL_WIN, NULL);
if (stream == NULL) {
RETURN_FALSE;
--
1.7.9.5

1
meta-webserver/recipes-php/modphp/modphp5.inc
View File

@ -9,6 +9,7 @@ SRC_URI = "http://www.php.net/distributions/php-${PV}.tar.bz2 \
file://pthread-check-threads-m4.patch \
file://70_mod_php5.conf \
file://0001-using-pkgconfig-to-check-libxml.patch \
file://php-CVE-2014-5120.patch \
"
S = "${WORKDIR}/php-${PV}"