Projects
home:rottame:vhosts-ng:php53
php5
php-5.3.3-CVE-2014-3710.patch
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File php-5.3.3-CVE-2014-3710.patch of Package php5
From 1803228597e82218a8c105e67975bc50e6f5bf0d Mon Sep 17 00:00:00 2001 From: Remi Collet <remi@php.net> Date: Wed, 22 Oct 2014 15:37:04 +0200 Subject: [PATCH] Fix bug #68283: fileinfo: out-of-bounds read in elf note headers Upstream commit https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0 CVE -2014-3710 --- ext/fileinfo/libmagic/readelf.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ext/fileinfo/libmagic/readelf.c b/ext/fileinfo/libmagic/readelf.c index 1c3845f..bb6f70f 100644 --- a/ext/fileinfo/libmagic/readelf.c +++ b/ext/fileinfo/libmagic/readelf.c @@ -372,6 +372,13 @@ donote(struct magic_set *ms, void *vbuf, size_t offset, size_t size, #endif uint32_t namesz, descsz; + if (xnh_sizeof + offset > size) { + /* + * We're out of note headers. + */ + return xnh_sizeof + offset; + } + (void)memcpy(xnh_addr, &nbuf[offset], xnh_sizeof); offset += xnh_sizeof; -- 2.1.0
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.