commit: ecf6ddfb4f0450fa626d15e2f771e4cc3f044fac Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> AuthorDate: Tue Nov 19 10:28:57 2019 +0000 Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> CommitDate: Tue Nov 19 10:28:57 2019 +0000 URL: https://gitweb.gentoo.org/proj/php-patches.git/commit/?id=ecf6ddfb
Add backports from 7.1.33 Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org> 00210_October2019-backports.patch | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/00210_October2019-backports.patch b/00210_October2019-backports.patch new file mode 100644 index 0000000..8d3612e --- /dev/null +++ b/00210_October2019-backports.patch @@ -0,0 +1,28 @@ +From af6607e207005b4757f7679d34f060b674da08c6 Mon Sep 17 00:00:00 2001 +From: Jakub Zelenka <[email protected]> +Date: Sat, 12 Oct 2019 15:56:16 +0100 +Subject: [PATCH] Fix bug #78599 (env_path_info underflow can lead to RCE) + (CVE-2019-11043) + +cheery-picked from ab061f95ca966731b1c84cf5b7b20155c0a1c06a +without the test as tester not available +--- + sapi/fpm/fpm/fpm_main.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/sapi/fpm/fpm/fpm_main.c b/sapi/fpm/fpm/fpm_main.c +index d12ac018..22b889c1 100644 +--- a/sapi/fpm/fpm/fpm_main.c ++++ b/sapi/fpm/fpm/fpm_main.c +@@ -1245,8 +1245,8 @@ static void init_request_info(TSRMLS_D) + path_info = script_path_translated + ptlen; + tflag = (slen != 0 && (!orig_path_info || strcmp(orig_path_info, path_info) != 0)); + } else { +- path_info = env_path_info ? env_path_info + pilen - slen : NULL; +- tflag = (orig_path_info != path_info); ++ path_info = (env_path_info && pilen > slen) ? env_path_info + pilen - slen : NULL; ++ tflag = path_info && (orig_path_info != path_info); + } + + if (tflag) { +
