* [gentoo-commits] gentoo-x86 commit in dev-php5/pecl-apc/files: pecl-apc-3.0.16-CVE-2008-1488.patch
@ 2008-03-28 19:19 Christian Hoffmann (hoffie)
0 siblings, 0 replies; only message in thread
From: Christian Hoffmann (hoffie) @ 2008-03-28 19:19 UTC (permalink / raw
To: gentoo-commits
hoffie 08/03/28 19:19:43
Added: pecl-apc-3.0.16-CVE-2008-1488.patch
Log:
addpecl-apc-3.0.16-r1, including a fix for CVE-2008-1488, since 3.0.17 causes segfaults (thanks to jakub)
(Portage version: 2.1.4.4)
Revision Changes Path
1.1 dev-php5/pecl-apc/files/pecl-apc-3.0.16-CVE-2008-1488.patch
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-php5/pecl-apc/files/pecl-apc-3.0.16-CVE-2008-1488.patch?rev=1.1&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-php5/pecl-apc/files/pecl-apc-3.0.16-CVE-2008-1488.patch?rev=1.1&content-type=text/plain
Index: pecl-apc-3.0.16-CVE-2008-1488.patch
===================================================================
--- apc.c.old 2008-03-26 19:22:02.000000000 +0100
+++ apc.c 2008-03-26 19:22:23.000000000 +0100
@@ -331,7 +331,7 @@
/* not: [no active file] or no path */
memcpy(fileinfo->fullpath, exec_fname, exec_fname_length);
fileinfo->fullpath[exec_fname_length] = DEFAULT_SLASH;
- strcpy(fileinfo->fullpath +exec_fname_length +1, filename);
+ strlcpy(fileinfo->fullpath +exec_fname_length +1, filename,sizeof(fileinfo->fullpath)-exec_fname_length-1);
/* apc_wprint("filename: %s, exec_fname: %s, fileinfo->fullpath: %s", filename, exec_fname, fileinfo->fullpath); */
if (apc_stat(fileinfo->fullpath, &fileinfo->st_buf) == 0) {
found = 1;
--
gentoo-commits@lists.gentoo.org mailing list
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2008-03-28 19:19 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-03-28 19:19 [gentoo-commits] gentoo-x86 commit in dev-php5/pecl-apc/files: pecl-apc-3.0.16-CVE-2008-1488.patch Christian Hoffmann (hoffie)
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox