summaryrefslogtreecommitdiffstats
path: root/bug77380.patch
diff options
context:
space:
mode:
authorRemi Collet <remi@remirepo.net>2019-01-11 13:38:24 +0100
committerRemi Collet <remi@remirepo.net>2019-01-11 13:38:24 +0100
commitd86fc6e7b23f6fe389b22746f775b93d5d80d0ca (patch)
tree21553e6c08b92b5ba9cb39d356e8ea9ce4b30cae /bug77380.patch
parentdc48891fbc3cd62ab4f340fa6b2fa06ee6cce75b (diff)
Backport xmlrpc security fix from 5.6.40
- Fix #77242 heap out of bounds read in xmlrpc_decode - Fix #77380 Global out of bounds read in xmlrpc base64 code
Diffstat (limited to 'bug77380.patch')
-rw-r--r--bug77380.patch52
1 files changed, 52 insertions, 0 deletions
diff --git a/bug77380.patch b/bug77380.patch
new file mode 100644
index 0000000..d3db7db
--- /dev/null
+++ b/bug77380.patch
@@ -0,0 +1,52 @@
+Backported for 5.4 from:
+
+
+
+From 1cc2182bcc81e185c14837e659d12b268cb99d63 Mon Sep 17 00:00:00 2001
+From: Stanislav Malyshev <stas@php.net>
+Date: Tue, 1 Jan 2019 17:15:20 -0800
+Subject: [PATCH] Fix bug #77380 (Global out of bounds read in xmlrpc base64
+ code)
+
+---
+ ext/xmlrpc/libxmlrpc/base64.c | 4 ++--
+ ext/xmlrpc/tests/bug77380.phpt | 17 +++++++++++++++++
+ 2 files changed, 19 insertions(+), 2 deletions(-)
+ create mode 100644 ext/xmlrpc/tests/bug77380.phpt
+
+diff --git a/ext/xmlrpc/libxmlrpc/base64.c b/ext/xmlrpc/libxmlrpc/base64.c
+index 5ebdf31f7ade..a4fa19327b76 100644
+--- a/ext/xmlrpc/libxmlrpc/base64.c
++++ b/ext/xmlrpc/libxmlrpc/base64.c
+@@ -169,7 +169,7 @@ void base64_decode_xmlrpc(struct buffer_st *bfr, const char *source, int length)
+ return;
+ }
+
+- if (dtable[c] & 0x80) {
++ if (dtable[(unsigned char)c] & 0x80) {
+ /*
+ fprintf(stderr, "Offset %i length %i\n", offset, length);
+ fprintf(stderr, "character '%c:%x:%c' in input file.\n", c, c, dtable[c]);
+diff --git a/ext/xmlrpc/tests/bug77380.phpt b/ext/xmlrpc/tests/bug77380.phpt
+new file mode 100644
+index 000000000000..8559c07a5aea
+--- /dev/null
++++ b/ext/xmlrpc/tests/bug77380.phpt
+@@ -0,0 +1,17 @@
++--TEST--
++Bug #77380 (Global out of bounds read in xmlrpc base64 code)
++--SKIPIF--
++<?php
++if (!extension_loaded("xmlrpc")) print "skip";
++?>
++--FILE--
++<?php
++var_dump(xmlrpc_decode(base64_decode("PGJhc2U2ND7CkzwvYmFzZTY0Pgo=")));
++?>
++--EXPECT--
++object(stdClass)#1 (2) {
++ ["scalar"]=>
++ string(0) ""
++ ["xmlrpc_type"]=>
++ string(6) "base64"
++}