← Back to branch summary

~ubuntu-branches/ubuntu/gutsy/php5/gutsy

« back to all changes in this revision

Viewing changes to ext/sysvshm/sysvshm.c

  • Committer: Bazaar Package Importer
  • Author(s): Martin Pitt, CVE-2007-0905, CVE-2007-0906, CVE-2007-0909, CVE-2007-0910
  • Date: 2007-02-20 17:54:46 UTC
  • mfrom: (1.1.6 upstream)
  • Revision ID: james.westby@ubuntu.com-20070220175446-nudqyuv0dfowel3r
Tags: 5.2.1-0ubuntu1
* New upstream security/bugfix release:
  - safe_mode & open_basedir bypasses inside the session extension
    [CVE-2007-0905]
  - multiple buffer overflows in various extensions and functions
    [CVE-2007-0906]
  - underflow in the internal sapi_header_op() function [CVE-2007-0907]
  - information disclosure in the wddx extension [CVE-2007-0908]
  - string format vulnerability in *print() functions on 64 bit systems
    [CVE-2007-0909]
  - possible clobbering of super-globals in several code paths
    [CVE-2007-0910]
* Adapted patches to new upstream release:
  - 006-debian_quirks.patch
  - 034-apache2_umask_fix.patch
  - 044-strtod_arm_fix.patch
* Drop 109-libdb4.4.patch: Obsolete, upstream now checks for db 4.5 and 4.4.
* Drop 114-zend_alloc.c_m68k_alignment.patch and
  115-zend_alloc.c_memleak.patch: Applied upstream.
* Add debian/patches/000upstream-str_ireplace_offbyone.patch:
  - Fix off-by-one in str_ireplace(), a regression introduced in 5.2.1.
  - Patch taken from upstream CVS:
    http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.630&r2=1.631
  - CVE-2007-0911
* debian/control: Set Ubuntu maintainer.

Show diffs side-by-side

added added

removed removed

Lines of Context:
ext/sysvshm/sysvshm.c
2
2
   +----------------------------------------------------------------------+
3
3
   | PHP Version 5                                                        |
4
4
   +----------------------------------------------------------------------+
5
 
   | Copyright (c) 1997-2006 The PHP Group                                |
 
5
   | Copyright (c) 1997-2007 The PHP Group                                |
6
6
   +----------------------------------------------------------------------+
7
7
   | This source file is subject to version 3.01 of the PHP license,      |
8
8
   | that is bundled with this package in the file LICENSE, and is        |
16
16
   +----------------------------------------------------------------------+
17
17
 */
18
18
 
19
 
/* $Id: sysvshm.c,v 1.70.2.2.2.1 2006/06/29 09:03:27 tony2001 Exp $ */
 
19
/* $Id: sysvshm.c,v 1.70.2.2.2.3 2007/01/01 09:36:09 sebastian Exp $ */
20
20
 
21
21
/* This has been built and tested on Linux 2.2.14 
22
22
 *
216
216
        id = Z_LVAL_PP(arg_id);
217
217
        shm_list_ptr = (sysvshm_shm *) zend_list_find(id, &type);
218
218
 
219
 
        if (!shm_list_ptr) {
 
219
        if (!shm_list_ptr || type != php_sysvshm.le_shm) {
220
220
                php_error_docref(NULL TSRMLS_CC, E_WARNING, "The parameter is not a valid shm_identifier");
221
221
                RETURN_FALSE;
222
222
        }
252
252
        key = Z_LVAL_PP(arg_key);
253
253
 
254
254
        shm_list_ptr = (sysvshm_shm *) zend_list_find(id, &type);
255
 
        if (type != php_sysvshm.le_shm) {
 
255
        if (!shm_list_ptr || type != php_sysvshm.le_shm) {
256
256
                php_error_docref(NULL TSRMLS_CC, E_WARNING, "%ld is not a SysV shared memory index", id);
257
257
                RETURN_FALSE;
258
258
        }
299
299
        key = Z_LVAL_PP(arg_key);
300
300
 
301
301
        shm_list_ptr = (sysvshm_shm *) zend_list_find(id, &type);
302
 
        if (type != php_sysvshm.le_shm) {
 
302
        if (!shm_list_ptr || type != php_sysvshm.le_shm) {
303
303
                php_error_docref(NULL TSRMLS_CC, E_WARNING, "%ld is not a SysV shared memory index", id);
304
304
                RETURN_FALSE;
305
305
        }
345
345
        key = Z_LVAL_PP(arg_key);
346
346
 
347
347
        shm_list_ptr = (sysvshm_shm *) zend_list_find(id, &type);
348
 
        if (type != php_sysvshm.le_shm) {
 
348
        if (!shm_list_ptr || type != php_sysvshm.le_shm) {
349
349
                php_error_docref(NULL TSRMLS_CC, E_WARNING, "%ld is not a SysV shared memory index", id);
350
350
                RETURN_FALSE;
351
351
        }