pkgsrc-bugs: pkg/36267: patch for CVE-2006-5178 bug in php4 package

Subject: pkg/36267: patch for CVE-2006-5178 bug in php4 package
To: None <pkg-manager@netbsd.org, gnats-admin@netbsd.org,>
From: None <cedric.devillers@script.univ-paris7.fr>
List: pkgsrc-bugs
Date: 05/03/2007 08:55:00

>Number:         36267
>Category:       pkg
>Synopsis:       patch for CVE-2006-5178 bug in php4 package
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu May 03 08:55:00 +0000 2007
>Originator:     Cedric DEVILLERS
>Release:        NetBSD-3.1
>Organization:
University Paris VII
>Environment:
NetBSD 3.1 NetBSD 3.1 (GENERIC.MPACPI) #0: Tue Oct 31 04:47:22 UTC 2006  builds@b0.netbsd.org:/home/builds/ab/netbsd-3-1-RELEASE/i386/200610302053Z-obj/home/builds/ab/netbsd-3-1-RELEASE/src/sys/arch/i386/compile/GENERIC.MPACPI i386
>Description:
It's just a patch for the php bug reference by CVE-2006-5178 for the php4 package.
>How-To-Repeat:

>Fix:
--------- Patch -- cut here ---------

--- ext/standard/link.c.orig    2007-01-01 09:46:48.000000000 +0000
+++ ext/standard/link.c
@@ -122,14 +122,15 @@
        convert_to_string_ex(topath);
        convert_to_string_ex(frompath);
 
-       expand_filepath(Z_STRVAL_PP(frompath), source_p TSRMLS_CC);
-       expand_filepath(Z_STRVAL_PP(topath), dest_p TSRMLS_CC);
+       if (!expand_filepath(Z_STRVAL_PP(frompath), source_p TSRMLS_CC) || !expand_filepath(Z_STRVAL_PP(topath), dest_p TSRMLS_CC)) {
+               RETURN_FALSE;
+       }
 
        if (php_stream_locate_url_wrapper(source_p, NULL, STREAM_LOCATE_WRAPPERS_ONLY TSRMLS_CC) ||
                php_stream_locate_url_wrapper(dest_p, NULL, STREAM_LOCATE_WRAPPERS_ONLY TSRMLS_CC) ) 
        {
                php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to symlink to a URL");
-               RETURN_FALSE;   
+               RETURN_FALSE;
        }
 
        if (PG(safe_mode) && !php_checkuid(dest_p, NULL, CHECKUID_CHECK_FILE_AND_DIR)) {
@@ -177,14 +178,15 @@
        convert_to_string_ex(topath);
        convert_to_string_ex(frompath);
 
-       expand_filepath(Z_STRVAL_PP(frompath), source_p TSRMLS_CC);
-       expand_filepath(Z_STRVAL_PP(topath), dest_p TSRMLS_CC);
+       if (!expand_filepath(Z_STRVAL_PP(frompath), source_p TSRMLS_CC) || !expand_filepath(Z_STRVAL_PP(topath), dest_p TSRMLS_CC)) {
+               RETURN_FALSE;
+       }
 
        if (php_stream_locate_url_wrapper(source_p, NULL, STREAM_LOCATE_WRAPPERS_ONLY TSRMLS_CC) ||
                php_stream_locate_url_wrapper(dest_p, NULL, STREAM_LOCATE_WRAPPERS_ONLY TSRMLS_CC) ) 
        {
                php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to link to a URL");
-               RETURN_FALSE;   
+               RETURN_FALSE;
        }
 
        if (PG(safe_mode) && !php_checkuid(dest_p, NULL, CHECKUID_CHECK_FILE_AND_DIR)) {


------- End of patch ------------