Home / os / solaris

PHP 5.5.37 php_url_parse_ex buffer overflow read

Posted on 30 November -0001

<HTML><HEAD><TITLE>PHP 5.5.37 php_url_parse_ex() buffer overflow read</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>php_url_prase_ex() read buffer exceeding its limits and segfaults. PHP function parse_url() is not affected since PHP string is terminated by null char always. Patch to fix this: @@ -319,8 +320,9 @@ PHPAPI php_url *php_url_parse_ex(char const *str, size_t length) nohost: if ((p = memchr(s, '?', (ue - s)))) { - pp = strchr(s, '#'); + pp = memchr(s, '#', (ue - s)); if (pp && pp < p) { if (pp - s) { </BODY></HTML>

 

TOP