diff options
Diffstat (limited to 'bug70480.patch')
-rw-r--r-- | bug70480.patch | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/bug70480.patch b/bug70480.patch new file mode 100644 index 0000000..e39ea89 --- /dev/null +++ b/bug70480.patch @@ -0,0 +1,29 @@ +Adapted for 5.4, by Remi Collet, from: + + +From e1ba58f068f4bfc8ced75bb017cd31d8beddf3c2 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev <stas@php.net> +Date: Mon, 28 Sep 2015 11:31:14 -0700 +Subject: [PATCH] Fix bug #70480 (php_url_parse_ex() buffer overflow read) + +(cherry picked from commit 629e4da7cc8b174acdeab84969cbfc606a019b31) +--- + ext/standard/url.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ext/standard/url.c b/ext/standard/url.c +index fc3f080..b5739f0 100644 +--- a/ext/standard/url.c ++++ b/ext/standard/url.c +@@ -321,7 +321,7 @@ PHPAPI php_url *php_url_parse_ex(char co + nohost: + + if ((p = memchr(s, '?', (ue - s)))) { +- pp = strchr(s, '#'); ++ pp = memchr(s, '#', (ue - s)); + + if (pp && pp < p) { + if (pp - s) { +-- +2.1.4 + |