[arch-commits] CVS update of extra/devel/php-apc (CVE-2008-1488.patch)
Pierre Schmitz
pierre at archlinux.org
Fri Mar 28 21:46:16 UTC 2008
Date: Friday, March 28, 2008 @ 17:46:16
Author: pierre
Path: /home/cvs-extra/extra/devel/php-apc
Removed: CVE-2008-1488.patch (1.1)
upgpkg: php-apc 3.0.18-1
---------------------+
CVE-2008-1488.patch | 96 --------------------------------------------------
1 file changed, 96 deletions(-)
Index: extra/devel/php-apc/CVE-2008-1488.patch
diff -u extra/devel/php-apc/CVE-2008-1488.patch:1.1 extra/devel/php-apc/CVE-2008-1488.patch:removed
--- extra/devel/php-apc/CVE-2008-1488.patch:1.1 Wed Mar 26 17:54:37 2008
+++ extra/devel/php-apc/CVE-2008-1488.patch Fri Mar 28 17:46:16 2008
@@ -1,96 +0,0 @@
---- apc.c 2007/11/29 22:15:53 3.18
-+++ apc.c 2008/03/25 18:04:53 3.18.2.1
-@@ -270,26 +270,13 @@
-
- /* }}} */
-
--/* {{{ filesystem functions */
--
--#ifdef PHP_WIN32
--int apc_win32_stat(const char *path, struct stat *buf TSRMLS_DC)
--{
-- char rpath[MAXPATHLEN];
-- BY_HANDLE_FILE_INFORMATION fi;
-- HANDLE f;
--
-- if (VCWD_STAT(path, buf)) {
-- return -1;
-- }
--
-- VCWD_REALPATH(path, rpath);
-- f = CreateFile(rpath, 0, 0, NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS | FILE_ATTRIBUTE_READONLY, NULL);
-- GetFileInformationByHandle(f, &fi);
-- buf->st_ino = (ino_t)fi.nFileIndexLow;
-- CloseHandle (f);
-- return 0;
--}
-+/* similar to php_stream_stat_path */
-+#ifdef ZEND_ENGINE_2
-+#define APC_URL_STAT(wrapper, filename, pstatbuf) \
-+ ((wrapper)->wops->url_stat((wrapper), (filename), 0, (pstatbuf), NULL TSRMLS_CC))
-+#else
-+#define APC_URL_STAT(wrapper, filename, pstatbuf) \
-+ ((wrapper)->wops->url_stat((wrapper), (filename), (pstatbuf) TSRMLS_CC))
- #endif
-
- int apc_search_paths(const char* filename, const char* path, apc_fileinfo_t* fileinfo)
-@@ -299,12 +286,33 @@
- int exec_fname_length;
- int found = 0;
- int i;
-+ php_stream_wrapper *wrapper = NULL;
-+ char *path_for_open = NULL;
-+
- TSRMLS_FETCH();
-
- assert(filename && fileinfo);
-
-- if (IS_ABSOLUTE_PATH(filename, strlen(filename)) && apc_stat(filename, &fileinfo->st_buf) == 0) {
-- strncpy(fileinfo->fullpath, filename, MAXPATHLEN);
-+
-+ wrapper = php_stream_locate_url_wrapper(filename, &path_for_open, 0 TSRMLS_CC);
-+
-+ if(!wrapper || !wrapper->wops || !wrapper->wops->url_stat) {
-+ return -1;
-+ }
-+
-+#ifdef ZEND_ENGINE_2
-+ if(wrapper != &php_plain_files_wrapper) {
-+ if(APC_URL_STAT(wrapper, path_for_open, &fileinfo->st_buf) == 0) {
-+ strncpy(fileinfo->fullpath, path_for_open, MAXPATHLEN);
-+ return 0;
-+ }
-+ return -1; /* cannot stat */
-+ }
-+#endif
-+
-+ if (IS_ABSOLUTE_PATH(path_for_open, strlen(path_for_open)) &&
-+ APC_URL_STAT(wrapper, path_for_open, &fileinfo->st_buf) == 0) {
-+ strncpy(fileinfo->fullpath, path_for_open, MAXPATHLEN);
- return 0;
- }
-
-@@ -314,8 +322,8 @@
-
- /* for each directory in paths, look for filename inside */
- for (i = 0; paths[i]; i++) {
-- snprintf(fileinfo->fullpath, sizeof(fileinfo->fullpath), "%s%c%s", paths[i], DEFAULT_SLASH, filename);
-- if (apc_stat(fileinfo->fullpath, &fileinfo->st_buf) == 0) {
-+ snprintf(fileinfo->fullpath, sizeof(fileinfo->fullpath), "%s%c%s", paths[i], DEFAULT_SLASH, path_for_open);
-+ if (APC_URL_STAT(wrapper, fileinfo->fullpath, &fileinfo->st_buf) == 0) {
- found = 1;
- break;
- }
-@@ -331,9 +339,9 @@
- /* not: [no active file] or no path */
- memcpy(fileinfo->fullpath, exec_fname, exec_fname_length);
- fileinfo->fullpath[exec_fname_length] = DEFAULT_SLASH;
-- strcpy(fileinfo->fullpath +exec_fname_length +1, filename);
-- /* apc_wprint("filename: %s, exec_fname: %s, fileinfo->fullpath: %s", filename, exec_fname, fileinfo->fullpath); */
-- if (apc_stat(fileinfo->fullpath, &fileinfo->st_buf) == 0) {
-+ strlcpy(fileinfo->fullpath +exec_fname_length +1, path_for_open,sizeof(fileinfo->fullpath)-exec_fname_length-1);
-+ /* apc_wprint("filename: %s, exec_fname: %s, fileinfo->fullpath: %s", path_for_open, exec_fname, fileinfo->fullpath); */
-+ if (APC_URL_STAT(wrapper, fileinfo->fullpath, &fileinfo->st_buf) == 0) {
- found = 1;
- }
- }
More information about the arch-commits
mailing list