Search
j0ke.net Open Build Service
>
Projects
>
internetx
:
php5
>
php-5.2.17
> php-5.2.14-CVE-2011-1398,4388.patch
Sign Up
|
Log In
Username
Password
Cancel
Overview
Repositories
Revisions
Requests
Users
Advanced
Attributes
Meta
File php-5.2.14-CVE-2011-1398,4388.patch of Package php-5.2.17
Index: main/SAPI.c =================================================================== --- main/SAPI.c.orig +++ main/SAPI.c @@ -569,16 +569,27 @@ SAPI_API int sapi_header_op(sapi_header_ /* new line safety check */ { - char *s = header_line, *e = header_line + header_line_len, *p; - while (s < e && (p = memchr(s, '\n', (e - s)))) { - if (*(p + 1) == ' ' || *(p + 1) == '\t') { - s = p + 1; - continue; - } - efree(header_line); - sapi_module.sapi_error(E_WARNING, "Header may not contain more than a single header, new line detected."); - return FAILURE; - } + /* new line/NUL character safety check */ + int i; + for (i = 0; i < header_line_len; i++) { + /* RFC 2616 allows new lines if followed by SP or HT */ + int illegal_break = + (header_line[i+1] != ' ' && header_line[i+1] != '\t') + && ( + header_line[i] == '\n' + || (header_line[i] == '\r' && header_line[i+1] != '\n')); + if (illegal_break) { + efree(header_line); + sapi_module.sapi_error(E_WARNING, "Header may not contain " + "more than a single header, new line detected"); + return FAILURE; + } + if (header_line[i] == '\0') { + efree(header_line); + sapi_module.sapi_error(E_WARNING, "Header may not contain NUL bytes"); + return FAILURE; + } + } } sapi_header.header = header_line;