From 77c3812cf5a6b8799c4d7a17d1aaad66b78b07d9 Mon Sep 17 00:00:00 2001 From: Eygene Ryabinkin Date: Sat, 6 Dec 2008 15:19:48 +0300 Original advisory: http://www.securityfocus.com/archive/1/498746/30/0/threaded Please note that 4.x branch has no such fix, but it is vulnerable as well (I had tested it locally). Vendor will be notified about this. Signed-off-by: Eygene Ryabinkin --- databases/php4-dba/Makefile | 1 + .../files/patch-fix-dba_replace-truncation | 17 +++++++++++++++++ databases/php5-dba/Makefile | 1 + .../files/patch-fix-dba_replace-truncation | 17 +++++++++++++++++ 4 files changed, 36 insertions(+), 0 deletions(-) create mode 100644 databases/php4-dba/files/patch-fix-dba_replace-truncation create mode 100644 databases/php5-dba/files/patch-fix-dba_replace-truncation diff --git a/databases/php4-dba/Makefile b/databases/php4-dba/Makefile index 9418475..6336c41 100644 --- a/databases/php4-dba/Makefile +++ b/databases/php4-dba/Makefile @@ -6,6 +6,7 @@ # CATEGORIES= databases +PORTREVISION= 1 MASTERDIR= ${.CURDIR}/../../lang/php4 diff --git a/databases/php4-dba/files/patch-fix-dba_replace-truncation b/databases/php4-dba/files/patch-fix-dba_replace-truncation new file mode 100644 index 0000000..0f6dab4 --- /dev/null +++ b/databases/php4-dba/files/patch-fix-dba_replace-truncation @@ -0,0 +1,17 @@ +Patch that fixes dba_replace() file truncation issue + +Adopted from: http://cvs.php.net/viewvc.cgi/php-src/ext/dba/libinifile/inifile.c?r1=1.14.2.1.2.5&r2=1.14.2.1.2.4&view=patch + +--- libinifile/inifile.c 2007/12/31 07:20:05 1.14.2.1.2.4 ++++ libinifile/inifile.c 2008/11/13 18:22:23 1.14.2.1.2.5 +@@ -508,7 +508,9 @@ + + /* 5 */ + if (ret == SUCCESS) { +- ret = inifile_truncate(dba, append ? pos_grp_next : pos_grp_start TSRMLS_CC); /* writes error on fail */ ++ if (!value || (key->name && strlen(key->name))) { ++ ret = inifile_truncate(dba, append ? pos_grp_next : pos_grp_start TSRMLS_CC); /* writes error on fail */ ++ } + } + + if (ret == SUCCESS) { diff --git a/databases/php5-dba/Makefile b/databases/php5-dba/Makefile index 7e4300b..8dc3456 100644 --- a/databases/php5-dba/Makefile +++ b/databases/php5-dba/Makefile @@ -6,6 +6,7 @@ # CATEGORIES= databases +PORTREVISION= 1 MASTERDIR= ${.CURDIR}/../../lang/php5 diff --git a/databases/php5-dba/files/patch-fix-dba_replace-truncation b/databases/php5-dba/files/patch-fix-dba_replace-truncation new file mode 100644 index 0000000..0f6dab4 --- /dev/null +++ b/databases/php5-dba/files/patch-fix-dba_replace-truncation @@ -0,0 +1,17 @@ +Patch that fixes dba_replace() file truncation issue + +Adopted from: http://cvs.php.net/viewvc.cgi/php-src/ext/dba/libinifile/inifile.c?r1=1.14.2.1.2.5&r2=1.14.2.1.2.4&view=patch + +--- libinifile/inifile.c 2007/12/31 07:20:05 1.14.2.1.2.4 ++++ libinifile/inifile.c 2008/11/13 18:22:23 1.14.2.1.2.5 +@@ -508,7 +508,9 @@ + + /* 5 */ + if (ret == SUCCESS) { +- ret = inifile_truncate(dba, append ? pos_grp_next : pos_grp_start TSRMLS_CC); /* writes error on fail */ ++ if (!value || (key->name && strlen(key->name))) { ++ ret = inifile_truncate(dba, append ? pos_grp_next : pos_grp_start TSRMLS_CC); /* writes error on fail */ ++ } + } + + if (ret == SUCCESS) { -- 1.6.0.4