From aae3fef56b0850352e715a7e860a69b33c34fe5d Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Wed, 9 Nov 2016 18:12:33 +0100 Subject: PHP 5.5.38 with minor security fix from 5.6.28 --- bug73418.patch | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 bug73418.patch (limited to 'bug73418.patch') diff --git a/bug73418.patch b/bug73418.patch new file mode 100644 index 0000000..d85e4a6 --- /dev/null +++ b/bug73418.patch @@ -0,0 +1,26 @@ +Backported from 5.6.28 by Remi. + + +From b823b14e374251ad6ab437a9631e4b010ca09b68 Mon Sep 17 00:00:00 2001 +From: Anatol Belski +Date: Thu, 3 Nov 2016 17:03:23 +0100 +Subject: [PATCH] Fixed bug #73418 Integer Overflow in "_php_imap_mail" leads + to crash + +--- + ext/imap/php_imap.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ext/imap/php_imap.c b/ext/imap/php_imap.c +index 564473b..6c392fb 100644 +--- a/ext/imap/php_imap.c ++++ b/ext/imap/php_imap.c +@@ -3894,7 +3898,7 @@ int _php_imap_mail(char *to, char *subject, char *message, char *headers, char * + char *tsm_errmsg = NULL; + ADDRESS *addr; + char *bufferTo = NULL, *bufferCc = NULL, *bufferBcc = NULL, *bufferHeader = NULL; +- int offset, bufferLen = 0; ++ size_t offset, bufferLen = 0; + size_t bt_len; + + if (headers) { -- cgit