Fix null pointer dereference in imap_mail CVE-2018-19935
(cherry picked from commit 2a1aff30e5
)
This commit is contained in:
parent
99b784ef3f
commit
6766a38ffb
|
@ -0,0 +1,71 @@
|
||||||
|
From d8765852e0400ee2ce8ae9e2177c42731d4539d8 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Stanislav Malyshev <stas@php.net>
|
||||||
|
Date: Wed, 28 Nov 2018 15:45:51 -0800
|
||||||
|
Subject: [PATCH] Add DISPLAY_INI_ENTRIES for imap
|
||||||
|
|
||||||
|
---
|
||||||
|
ext/imap/php_imap.c | 2 ++
|
||||||
|
1 file changed, 2 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/ext/imap/php_imap.c b/ext/imap/php_imap.c
|
||||||
|
index f6feebe9f769..a23e84c08521 100644
|
||||||
|
--- a/ext/imap/php_imap.c
|
||||||
|
+++ b/ext/imap/php_imap.c
|
||||||
|
@@ -1153,6 +1153,8 @@ PHP_MINFO_FUNCTION(imap)
|
||||||
|
php_info_print_table_row(2, "Kerberos Support", "enabled");
|
||||||
|
#endif
|
||||||
|
php_info_print_table_end();
|
||||||
|
+
|
||||||
|
+ DISPLAY_INI_ENTRIES();
|
||||||
|
}
|
||||||
|
/* }}} */
|
||||||
|
|
||||||
|
From 7edc639b9ff1c3576773d79d016abbeed1f93846 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Stanislav Malyshev <stas@php.net>
|
||||||
|
Date: Sun, 11 Nov 2018 10:04:01 -0800
|
||||||
|
Subject: [PATCH] Fix #77020: null pointer dereference in imap_mail
|
||||||
|
|
||||||
|
If an empty $message is passed to imap_mail(), we must not set message
|
||||||
|
to NULL, since _php_imap_mail() is not supposed to handle NULL pointers
|
||||||
|
(opposed to pointers to NUL).
|
||||||
|
---
|
||||||
|
NEWS | 1 +
|
||||||
|
ext/imap/php_imap.c | 1 -
|
||||||
|
ext/imap/tests/bug77020.phpt | 15 +++++++++++++++
|
||||||
|
3 files changed, 16 insertions(+), 1 deletion(-)
|
||||||
|
create mode 100644 ext/imap/tests/bug77020.phpt
|
||||||
|
|
||||||
|
diff --git a/ext/imap/php_imap.c b/ext/imap/php_imap.c
|
||||||
|
index a23e84c08521..b30440f000f3 100644
|
||||||
|
--- a/ext/imap/php_imap.c
|
||||||
|
+++ b/ext/imap/php_imap.c
|
||||||
|
@@ -4125,7 +4125,6 @@ PHP_FUNCTION(imap_mail)
|
||||||
|
if (!ZSTR_LEN(message)) {
|
||||||
|
/* this is not really an error, so it is allowed. */
|
||||||
|
php_error_docref(NULL, E_WARNING, "No message string in mail command");
|
||||||
|
- message = NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (_php_imap_mail(ZSTR_VAL(to), ZSTR_VAL(subject), ZSTR_VAL(message), headers?ZSTR_VAL(headers):NULL, cc?ZSTR_VAL(cc):NULL,
|
||||||
|
diff --git a/ext/imap/tests/bug77020.phpt b/ext/imap/tests/bug77020.phpt
|
||||||
|
new file mode 100644
|
||||||
|
index 000000000000..8a65232eec6d
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/ext/imap/tests/bug77020.phpt
|
||||||
|
@@ -0,0 +1,15 @@
|
||||||
|
+--TEST--
|
||||||
|
+Bug #77020 (null pointer dereference in imap_mail)
|
||||||
|
+--SKIPIF--
|
||||||
|
+<?php
|
||||||
|
+if (!extension_loaded('imap')) die('skip imap extension not available');
|
||||||
|
+?>
|
||||||
|
+--FILE--
|
||||||
|
+<?php
|
||||||
|
+imap_mail('1', 1, NULL);
|
||||||
|
+?>
|
||||||
|
+===DONE===
|
||||||
|
+--EXPECTF--
|
||||||
|
+Warning: imap_mail(): No message string in mail command in %s on line %d
|
||||||
|
+%s
|
||||||
|
+===DONE===
|
||||||
|
|
7
php.spec
7
php.spec
|
@ -63,7 +63,7 @@
|
||||||
Summary: PHP scripting language for creating dynamic web sites
|
Summary: PHP scripting language for creating dynamic web sites
|
||||||
Name: php
|
Name: php
|
||||||
Version: %{upver}
|
Version: %{upver}
|
||||||
Release: 1%{?dist}
|
Release: 2%{?dist}
|
||||||
# All files licensed under PHP version 3.01, except
|
# All files licensed under PHP version 3.01, except
|
||||||
# Zend is licensed under Zend
|
# Zend is licensed under Zend
|
||||||
# TSRM is licensed under BSD
|
# TSRM is licensed under BSD
|
||||||
|
@ -114,6 +114,7 @@ Patch48: php-7.2.8-getallheaders.patch
|
||||||
# Upstream fixes (100+)
|
# Upstream fixes (100+)
|
||||||
|
|
||||||
# Security fixes (200+)
|
# Security fixes (200+)
|
||||||
|
Patch200: php-imap.patch
|
||||||
|
|
||||||
# Fixes for tests (300+)
|
# Fixes for tests (300+)
|
||||||
# Factory is droped from system tzdata
|
# Factory is droped from system tzdata
|
||||||
|
@ -716,6 +717,7 @@ low-level PHP extension for the libsodium cryptographic library.
|
||||||
# upstream patches
|
# upstream patches
|
||||||
|
|
||||||
# security patches
|
# security patches
|
||||||
|
%patch200 -p1 -b .imap
|
||||||
|
|
||||||
# Fixes for tests
|
# Fixes for tests
|
||||||
%patch300 -p1 -b .datetests
|
%patch300 -p1 -b .datetests
|
||||||
|
@ -1555,6 +1557,9 @@ systemctl try-restart php-fpm.service >/dev/null 2>&1 || :
|
||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Sat Dec 8 2018 Remi Collet <remi@remirepo.net> - 7.2.13-2
|
||||||
|
- Fix null pointer dereference in imap_mail CVE-2018-19935
|
||||||
|
|
||||||
* Wed Dec 5 2018 Remi Collet <remi@remirepo.net> - 7.2.13-1
|
* Wed Dec 5 2018 Remi Collet <remi@remirepo.net> - 7.2.13-1
|
||||||
- Update to 7.2.13 - http://www.php.net/releases/7_2_13.php
|
- Update to 7.2.13 - http://www.php.net/releases/7_2_13.php
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue