[gentoo-commits] gentoo-x86 commit in dev-php5/pecl-apc/files: pecl-apc-3.0.16-CVE-2008-1488.patch - gentoo-commits

From:	"Christian Hoffmann (hoffie)" <hoffie@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo-x86 commit in dev-php5/pecl-apc/files: pecl-apc-3.0.16-CVE-2008-1488.patch
Date:	Fri, 28 Mar 2008 19:19:46
Message-Id:	`E1JfK75-0003M4-IN@stork.gentoo.org`

hoffie      08/03/28 19:19:43

  Added:                pecl-apc-3.0.16-CVE-2008-1488.patch

  Log:

  addpecl-apc-3.0.16-r1, including a fix for CVE-2008-1488, since 3.0.17 causes segfaults (thanks to jakub)

  (Portage version: 2.1.4.4)

Revision  Changes    Path

1.1                  dev-php5/pecl-apc/files/pecl-apc-3.0.16-CVE-2008-1488.patch

file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-php5/pecl-apc/files/pecl-apc-3.0.16-CVE-2008-1488.patch?rev=1.1&view=markup

plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-php5/pecl-apc/files/pecl-apc-3.0.16-CVE-2008-1488.patch?rev=1.1&content-type=text/plain

Index: pecl-apc-3.0.16-CVE-2008-1488.patch

===================================================================

--- apc.c.old	2008-03-26 19:22:02.000000000 +0100

+++ apc.c	2008-03-26 19:22:23.000000000 +0100

@@ -331,7 +331,7 @@

             /* not: [no active file] or no path */

             memcpy(fileinfo->fullpath, exec_fname, exec_fname_length);

             fileinfo->fullpath[exec_fname_length] = DEFAULT_SLASH;

-            strcpy(fileinfo->fullpath +exec_fname_length +1, filename);

+            strlcpy(fileinfo->fullpath +exec_fname_length +1, filename,sizeof(fileinfo->fullpath)-exec_fname_length-1);

             /* apc_wprint("filename: %s, exec_fname: %s, fileinfo->fullpath: %s", filename, exec_fname, fileinfo->fullpath); */

             if (apc_stat(fileinfo->fullpath, &fileinfo->st_buf) == 0) {

                 found = 1;

--

gentoo-commits@l.g.o mailing list

1	hoffie 08/03/28 19:19:43
2
3	Added: pecl-apc-3.0.16-CVE-2008-1488.patch
4	Log:
5	addpecl-apc-3.0.16-r1, including a fix for CVE-2008-1488, since 3.0.17 causes segfaults (thanks to jakub)
6	(Portage version: 2.1.4.4)
7
8	Revision Changes Path
9	1.1 dev-php5/pecl-apc/files/pecl-apc-3.0.16-CVE-2008-1488.patch
10
11	file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-php5/pecl-apc/files/pecl-apc-3.0.16-CVE-2008-1488.patch?rev=1.1&view=markup
12	plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-php5/pecl-apc/files/pecl-apc-3.0.16-CVE-2008-1488.patch?rev=1.1&content-type=text/plain
13
14	Index: pecl-apc-3.0.16-CVE-2008-1488.patch
15	===================================================================
16	--- apc.c.old 2008-03-26 19:22:02.000000000 +0100
17	+++ apc.c 2008-03-26 19:22:23.000000000 +0100
18	@@ -331,7 +331,7 @@
19	/* not: [no active file] or no path */
20	memcpy(fileinfo->fullpath, exec_fname, exec_fname_length);
21	fileinfo->fullpath[exec_fname_length] = DEFAULT_SLASH;
22	- strcpy(fileinfo->fullpath +exec_fname_length +1, filename);
23	+ strlcpy(fileinfo->fullpath +exec_fname_length +1, filename,sizeof(fileinfo->fullpath)-exec_fname_length-1);
24	/* apc_wprint("filename: %s, exec_fname: %s, fileinfo->fullpath: %s", filename, exec_fname, fileinfo->fullpath); */
25	if (apc_stat(fileinfo->fullpath, &fileinfo->st_buf) == 0) {
26	found = 1;
27
28
29
30
31	--
32	gentoo-commits@l.g.o mailing list

Gentoo Archives: gentoo-commits