File php-5.3.5-CVE-2012-1823-impr.patch of Package php5.512

Overview Repositories Revisions Requests Users Attributes Meta

File php-5.3.5-CVE-2012-1823-impr.patch of Package php5.512

http://git.php.net/?p=php-src.git;a=commitdiff;h=000e84aa88ce16deabbf61e7086fc8db63ca88aa
Index: sapi/cgi/cgi_main.c
===================================================================
--- sapi/cgi/cgi_main.c.orig
+++ sapi/cgi/cgi_main.c
@@ -1555,10 +1555,15 @@ int main(int argc, char *argv[])
 		}
 	}
 
-	if(query_string = getenv("QUERY_STRING")) {
+	if((query_string = getenv("QUERY_STRING")) != NULL && strchr(query_string, '=') == NULL) {
+                /* we've got query string that has no = - apache CGI will pass it to command line */
+                unsigned char *p;
 		decoded_query_string = strdup(query_string);
 		php_url_decode(decoded_query_string, strlen(decoded_query_string));
-		if(*decoded_query_string == '-' && strchr(query_string, '=') == NULL) {
+               for (p = decoded_query_string; *p &&  *p <= ' '; p++) {
+                       /* skip all leading spaces */
+               }
+               if(*p == '-') {
 			skip_getopt = 1;
 		}
 		free(decoded_query_string);
@@ -1813,7 +1818,7 @@ consult the installation file that came
 	}
 
 	zend_first_try {
-		while ((c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 1, 2)) != -1) {
+		while (!skip_getopt && (c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 1, 2)) != -1) {
 			switch (c) {
 				case 'T':
 					benchmark = 1;

Places

File php-5.3.5-CVE-2012-1823-impr.patch of Package php5.512

Places