diff options
| author | V3n3RiX <venerix@koprulu.sector> | 2023-01-06 00:10:03 +0000 |
|---|---|---|
| committer | V3n3RiX <venerix@koprulu.sector> | 2023-01-06 00:10:03 +0000 |
| commit | b256b4b120d8269d4415eac0c354eb603a7bf953 (patch) | |
| tree | 4a034d19dc148353dd4ed6094848d51387f8b07e /dev-lang/php/files | |
| parent | 8973f70e9a2ae4ea8a324e607ea1e8b96c7ff384 (diff) | |
gentoo auto-resync : 06:01:2023 - 00:10:03
Diffstat (limited to 'dev-lang/php/files')
| -rw-r--r-- | dev-lang/php/files/php-7.4.33-CVE-2022-31631.patch | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/dev-lang/php/files/php-7.4.33-CVE-2022-31631.patch b/dev-lang/php/files/php-7.4.33-CVE-2022-31631.patch new file mode 100644 index 000000000000..6aa309549c88 --- /dev/null +++ b/dev-lang/php/files/php-7.4.33-CVE-2022-31631.patch @@ -0,0 +1,50 @@ +From 921b6813da3237a83e908998483f46ae3d8bacba Mon Sep 17 00:00:00 2001 +From: "Christoph M. Becker" <cmbecker69@gmx.de> +Date: Mon, 31 Oct 2022 17:20:23 +0100 +Subject: [PATCH] Fix #81740: PDO::quote() may return unquoted string + +`sqlite3_snprintf()` expects its first parameter to be `int`; we need +to avoid overflow. +--- + ext/pdo_sqlite/sqlite_driver.c | 3 +++ + ext/pdo_sqlite/tests/bug81740.phpt | 17 +++++++++++++++++ + 2 files changed, 20 insertions(+) + create mode 100644 ext/pdo_sqlite/tests/bug81740.phpt + +diff --git a/ext/pdo_sqlite/sqlite_driver.c b/ext/pdo_sqlite/sqlite_driver.c +index 4233ff10ff2e..5a72a1eda23f 100644 +--- a/ext/pdo_sqlite/sqlite_driver.c ++++ b/ext/pdo_sqlite/sqlite_driver.c +@@ -232,6 +232,9 @@ static char *pdo_sqlite_last_insert_id(pdo_dbh_t *dbh, const char *name, size_t + /* NB: doesn't handle binary strings... use prepared stmts for that */ + static int sqlite_handle_quoter(pdo_dbh_t *dbh, const char *unquoted, size_t unquotedlen, char **quoted, size_t *quotedlen, enum pdo_param_type paramtype ) + { ++ if (unquotedlen > (INT_MAX - 3) / 2) { ++ return 0; ++ } + *quoted = safe_emalloc(2, unquotedlen, 3); + sqlite3_snprintf(2*unquotedlen + 3, *quoted, "'%q'", unquoted); + *quotedlen = strlen(*quoted); +diff --git a/ext/pdo_sqlite/tests/bug81740.phpt b/ext/pdo_sqlite/tests/bug81740.phpt +new file mode 100644 +index 000000000000..99fb07c3048b +--- /dev/null ++++ b/ext/pdo_sqlite/tests/bug81740.phpt +@@ -0,0 +1,17 @@ ++--TEST-- ++Bug #81740 (PDO::quote() may return unquoted string) ++--SKIPIF-- ++<?php ++if (!extension_loaded('pdo_sqlite')) print 'skip not loaded'; ++if (getenv("SKIP_SLOW_TESTS")) die("skip slow test"); ++?> ++--INI-- ++memory_limit=-1 ++--FILE-- ++<?php ++$pdo = new PDO("sqlite::memory:"); ++$string = str_repeat("a", 0x80000000); ++var_dump($pdo->quote($string)); ++?> ++--EXPECT-- ++bool(false) |