[gentoo-commits] gentoo-x86 commit in dev-php5/pecl-apc/files: pecl-apc-3.0.16-CVE-2008-1488.patch

[gentoo-commits] gentoo-x86 commit in dev-php5/pecl-apc/files: pecl-apc-3.0.16-CVE-2008-1488.patch

[Christian Hoffmann (hoffie)]

hoffie      08/03/28 19:19:43

  Added:                pecl-apc-3.0.16-CVE-2008-1488.patch
  Log:
  addpecl-apc-3.0.16-r1, including a fix for CVE-2008-1488, since 3.0.17 causes segfaults (thanks to jakub)
  (Portage version: 2.1.4.4)

Revision  Changes    Path
1.1                  dev-php5/pecl-apc/files/pecl-apc-3.0.16-CVE-2008-1488.patch

file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-php5/pecl-apc/files/pecl-apc-3.0.16-CVE-2008-1488.patch?rev=1.1&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-php5/pecl-apc/files/pecl-apc-3.0.16-CVE-2008-1488.patch?rev=1.1&content-type=text/plain

Index: pecl-apc-3.0.16-CVE-2008-1488.patch
===================================================================
--- apc.c.old	2008-03-26 19:22:02.000000000 +0100
+++ apc.c	2008-03-26 19:22:23.000000000 +0100
@@ -331,7 +331,7 @@
             /* not: [no active file] or no path */
             memcpy(fileinfo->fullpath, exec_fname, exec_fname_length);
             fileinfo->fullpath[exec_fname_length] = DEFAULT_SLASH;
-            strcpy(fileinfo->fullpath +exec_fname_length +1, filename);
+            strlcpy(fileinfo->fullpath +exec_fname_length +1, filename,sizeof(fileinfo->fullpath)-exec_fname_length-1);
             /* apc_wprint("filename: %s, exec_fname: %s, fileinfo->fullpath: %s", filename, exec_fname, fileinfo->fullpath); */
             if (apc_stat(fileinfo->fullpath, &fileinfo->st_buf) == 0) {
                 found = 1;




-- 
gentoo-commits@lists.gentoo.org mailing list