mirror/freebsd-ports
1
0
Fork 0
mirror of https://git.FreeBSD.org/ports.git synced 2024-11-21 00:25:50 +00:00
Code Issues Releases Activity

Merge a patch from php 5.4/5.5 to fix a security vulnerability. No CVE has

Browse Source 
been assigned (yet?).

More info on https://www.sektioneins.de/en/blog/14-07-04-phpinfo-infoleak.html

PR:		191638
Submitted by:	logan@elandsys.com
This commit is contained in:
Florian Smeets 2014-07-06 14:42:15 +00:00
parent cbfea8568d
commit 041923401e
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=360913
2 changed files with 24 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lang/php53/Makefile
View File

@ -3,7 +3,7 @@
PORTNAME= php53
PORTVERSION= 5.3.28
PORTREVISION?= 2
PORTREVISION?= 3
CATEGORIES?= lang devel www
MASTER_SITES= ${MASTER_SITE_PHP}
MASTER_SITE_SUBDIR= distributions

23
lang/php53/files/patch-ext_standard_info.c Normal file
View File

@ -0,0 +1,23 @@
--- ext/standard/info.c.orig 2014-07-06 14:16:21.785793323 +0200
+++ ext/standard/info.c 2014-07-06 14:20:20.630549152 +0200
@@ -999,16 +999,16 @@
php_info_print_table_start();
php_info_print_table_header(2, "Variable", "Value");
- if (zend_hash_find(&EG(symbol_table), "PHP_SELF", sizeof("PHP_SELF"), (void **) &data) != FAILURE) {
+ if (zend_hash_find(&EG(symbol_table), "PHP_SELF", sizeof("PHP_SELF"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) {
php_info_print_table_row(2, "PHP_SELF", Z_STRVAL_PP(data));
}
- if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_TYPE", sizeof("PHP_AUTH_TYPE"), (void **) &data) != FAILURE) {
+ if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_TYPE", sizeof("PHP_AUTH_TYPE"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) {
php_info_print_table_row(2, "PHP_AUTH_TYPE", Z_STRVAL_PP(data));
}
- if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_USER", sizeof("PHP_AUTH_USER"), (void **) &data) != FAILURE) {
+ if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_USER", sizeof("PHP_AUTH_USER"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) {
php_info_print_table_row(2, "PHP_AUTH_USER", Z_STRVAL_PP(data));
}
- if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_PW", sizeof("PHP_AUTH_PW"), (void **) &data) != FAILURE) {
+ if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_PW", sizeof("PHP_AUTH_PW"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) {
php_info_print_table_row(2, "PHP_AUTH_PW", Z_STRVAL_PP(data));
}
php_print_gpcse_array("_REQUEST", sizeof("_REQUEST")-1 TSRMLS_CC);