iliaa Sun May 21 16:10:28 2006 UTC
Modified files: (Branch: PHP_4_4)
/php-src/ext/mysql/libmysql libmysql.c
/php-src NEWS
Log:
Fixed a possible buffer overflow inside create_named_pipe() for Win32
systems in libmysql.c.
http://cvs.php.net/viewcvs.cgi/php-src/ext/mysql/libmysql/libmysql.c?r1=1.11.2.3&r2=1.11.2.3.4.1&diff_format=u
Index: php-src/ext/mysql/libmysql/libmysql.c
diff -u php-src/ext/mysql/libmysql/libmysql.c:1.11.2.3
php-src/ext/mysql/libmysql/libmysql.c:1.11.2.3.4.1
--- php-src/ext/mysql/libmysql/libmysql.c:1.11.2.3 Mon Jul 28 07:28:55 2003
+++ php-src/ext/mysql/libmysql/libmysql.c Sun May 21 16:10:28 2006
@@ -213,6 +213,10 @@
if (!host || !strcmp(host,LOCAL_HOST))
host=LOCAL_HOST_NAMEDPIPE;
+ if (sizeof(szPipeName) <= (strlen(host) + strlen(unix_socket) +
sizeof("\\\\\\pipe\\"))) {
+ return INVALID_HANDLE_VALUE;
+ }
+
sprintf( szPipeName, "\\\\%s\\pipe\\%s", host, unix_socket);
DBUG_PRINT("info",("Server name: '%s'. Named Pipe: %s",
host, unix_socket));
http://cvs.php.net/viewcvs.cgi/php-src/NEWS?r1=1.1247.2.920.2.129&r2=1.1247.2.920.2.130&diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.1247.2.920.2.129 php-src/NEWS:1.1247.2.920.2.130
--- php-src/NEWS:1.1247.2.920.2.129 Thu May 18 22:16:27 2006
+++ php-src/NEWS Sun May 21 16:10:28 2006
@@ -1,6 +1,8 @@
PHP 4 NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
?? ??? 2006, Version 4.4.3
+- Fixed a possible buffer overflow inside create_named_pipe() for Win32 systems
+ in libmysql.c. (Ilia)
- Updated PCRE to version 6.6. (Andrei)
- Added overflow checks to wordwrap() function. (Ilia)
- Added a check for special characters in the session name. (Ilia)
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
