diff options
| author |   Li Zhou <li.zhou@windriver.com> | 2020-02-21 17:15:31 +0800 |
|---|---|---|
| committer |   Khem Raj <raj.khem@gmail.com> | 2020-02-21 08:50:36 -0800 |
| commit | 664f8e13736b610c091c7f3855f655158b09333a (patch) | |
| tree | 69968deccaee4a3aead5074263f85fceda4bd2bc /meta-oe/recipes-devtools/php | |
| parent | 90a1362303f5d793ad0ed946e39fd173357d8a5a (diff) | |
| download | meta-openembedded-664f8e13736b610c091c7f3855f655158b09333a.tar.gz | |
php: Security Advisory - php - CVE-2020-7059
Backport the patch <http://git.php.net/?p=php-src.git;a=commit;
h=0f79b1bf301f455967676b5129240140c5c45b09> to solve CVE-2020-7059.
Because of the version context, this porting mainly refers to the
version merging commit <http://git.php.net/?p=php-src.git;a=commit;
h=a8a6242db7c01bb2d87f29e9b8d5ff3f0f847645>
Signed-off-by: Li Zhou <li.zhou@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Diffstat (limited to 'meta-oe/recipes-devtools/php')
| -rw-r--r-- | meta-oe/recipes-devtools/php/php/CVE-2020-7059.patch | 86 | ||||
| -rw-r--r-- | meta-oe/recipes-devtools/php/php_7.3.11.bb | 1 |
2 files changed, 87 insertions, 0 deletions
diff --git a/meta-oe/recipes-devtools/php/php/CVE-2020-7059.patch b/meta-oe/recipes-devtools/php/php/CVE-2020-7059.patch new file mode 100644 index 0000000000..f7d3ab6b66 --- /dev/null +++ b/meta-oe/recipes-devtools/php/php/CVE-2020-7059.patch @@ -0,0 +1,86 @@ +From 1adaab3aa81fa9b48e351b5644d9fee70f2fe73f Mon Sep 17 00:00:00 2001 +From: Li Zhou <li.zhou@windriver.com> +Date: Thu, 20 Feb 2020 02:05:52 -0800 +Subject: [PATCH] Fix #79099: OOB read in php_strip_tags_ex + +Upstream-Status: Backport +CVE: CVE-2020-7059 +Signed-off-by: Li Zhou <li.zhou@windriver.com> +--- + ext/standard/string.c | 6 +++--- + ext/standard/tests/file/bug79099.phpt | 32 ++++++++++++++++++++++++++++++++ + 2 files changed, 35 insertions(+), 3 deletions(-) + create mode 100644 ext/standard/tests/file/bug79099.phpt + +diff --git a/ext/standard/string.c b/ext/standard/string.c +index dde97fa..2213d8d 100644 +--- a/ext/standard/string.c ++++ b/ext/standard/string.c +@@ -5163,7 +5163,7 @@ state_1: + } + + lc = '>'; +- if (is_xml && *(p -1) == '-') { ++ if (is_xml && p >= buf + 1 && *(p -1) == '-') { + break; + } + in_q = state = is_xml = 0; +@@ -5195,7 +5195,7 @@ state_1: + goto reg_char_1; + case '!': + /* JavaScript & Other HTML scripting languages */ +- if (*(p-1) == '<') { ++ if (p >= buf + 1 && *(p-1) == '<') { + state = 3; + lc = c; + p++; +@@ -5205,7 +5205,7 @@ state_1: + } + break; + case '?': +- if (*(p-1) == '<') { ++ if (p >= buf + 1 && *(p-1) == '<') { + br=0; + state = 2; + p++; +diff --git a/ext/standard/tests/file/bug79099.phpt b/ext/standard/tests/file/bug79099.phpt +new file mode 100644 +index 0000000..a1f2a33 +--- /dev/null ++++ b/ext/standard/tests/file/bug79099.phpt +@@ -0,0 +1,32 @@ ++--TEST-- ++Bug #79099 (OOB read in php_strip_tags_ex) ++--FILE-- ++<?php ++$stream = fopen('php://memory', 'w+'); ++fputs($stream, "<?\n\"\n"); ++rewind($stream); ++var_dump(@fgetss($stream)); ++var_dump(@fgetss($stream)); ++fclose($stream); ++ ++$stream = fopen('php://memory', 'w+'); ++fputs($stream, "<\0\n!\n"); ++rewind($stream); ++var_dump(@fgetss($stream)); ++var_dump(@fgetss($stream)); ++fclose($stream); ++ ++$stream = fopen('php://memory', 'w+'); ++fputs($stream, "<\0\n?\n"); ++rewind($stream); ++var_dump(@fgetss($stream)); ++var_dump(@fgetss($stream)); ++fclose($stream); ++?> ++--EXPECT-- ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" ++string(0) "" +-- +1.9.1 + diff --git a/meta-oe/recipes-devtools/php/php_7.3.11.bb b/meta-oe/recipes-devtools/php/php_7.3.11.bb index 0e76cbf75c..8dbaf8922c 100644 --- a/meta-oe/recipes-devtools/php/php_7.3.11.bb +++ b/meta-oe/recipes-devtools/php/php_7.3.11.bb @@ -18,6 +18,7 @@ SRC_URI = "http://php.net/distributions/php-${PV}.tar.bz2 \ file://0001-Use-pkg-config-for-libxml2-detection.patch \ file://debian-php-fixheader.patch \ file://CVE-2019-6978.patch \ + file://CVE-2020-7059.patch \ " SRC_URI_append_class-target = " \ |