rpms/php
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import php-8.0.13-3.module+el8.6.0+15725+0c79e7c4

Browse Source
This commit is contained in:
CentOS Sources 2022-06-30 18:20:39 -04:00 committed by Stepan Oksanichenko
parent 904ae8c98a
commit 962415d61a
2 changed files with 30 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
SOURCES/php-CVE-2022-31626.patch Normal file
View File

@ -0,0 +1,23 @@
From 58006537fc5f133ae8549efe5118cde418b3ace9 Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <smalyshev@gmail.com>
Date: Mon, 6 Jun 2022 00:56:51 -0600
Subject: [PATCH] Fix bug #81719: mysqlnd/pdo password buffer overflow
---
ext/mysqlnd/mysqlnd_wireprotocol.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/ext/mysqlnd/mysqlnd_wireprotocol.c b/ext/mysqlnd/mysqlnd_wireprotocol.c
index 87b2e7c31331..e4a298adaea4 100644
--- a/ext/mysqlnd/mysqlnd_wireprotocol.c
+++ b/ext/mysqlnd/mysqlnd_wireprotocol.c
@@ -771,7 +771,8 @@ php_mysqlnd_change_auth_response_write(MYSQLND_CONN_DATA * conn, void * _packet)
MYSQLND_VIO * vio = conn->vio;
MYSQLND_STATS * stats = conn->stats;
MYSQLND_CONNECTION_STATE * connection_state = &conn->state;
- zend_uchar * const buffer = pfc->cmd_buffer.length >= packet->auth_data_len? pfc->cmd_buffer.buffer : mnd_emalloc(packet->auth_data_len);
+ size_t total_packet_size = packet->auth_data_len + MYSQLND_HEADER_SIZE;
+ zend_uchar * const buffer = pfc->cmd_buffer.length >= total_packet_size? pfc->cmd_buffer.buffer : mnd_emalloc(total_packet_size);
zend_uchar * p = buffer + MYSQLND_HEADER_SIZE; /* start after the header */
DBG_ENTER("php_mysqlnd_change_auth_response_write");

8
SPECS/php.spec
View File

@ -60,7 +60,7 @@
Summary: PHP scripting language for creating dynamic web sites
Name: php
Version: %{upver}%{?rcver:~%{rcver}}
Release: 2%{?dist}
Release: 3%{?dist}
# All files licensed under PHP version 3.01, except
# Zend is licensed under Zend
# TSRM is licensed under BSD
@ -119,6 +119,7 @@ Patch51: php-8.0.13-crypt.patch
# Upstream fixes (100+)
# Security fixes (200+)
Patch200: php-CVE-2022-31626.patch
# Fixes for tests (300+)
# Factory is droped from system tzdata
@ -709,6 +710,7 @@ in pure PHP.
# upstream patches
# security patches
%patch200 -p1 -b .cve31626
# Fixes for tests
%patch300 -p1 -b .datetests
@ -1504,6 +1506,10 @@ systemctl try-restart php-fpm.service >/dev/null 2>&1 || :
%changelog
* Wed Jun 22 2022 Remi Collet <rcollet@redhat.com> - 8.0.13-3
- fix password of excessive length triggers buffer overflow leading to RCE
CVE-2022-31626
* Tue Dec 14 2021 Remi Collet <rcollet@redhat.com> - 8.0.13-2
- refresh provided configuration from upstream