- Fixed a possible stack exaustion inside fnmatch(). Reporeted by Stefan Esser

author Ilia Alshanetsky <iliaa@php.net>

Sun, 2 May 2010 19:34:21 +0000 (19:34 +0000)

committer Ilia Alshanetsky <iliaa@php.net>

Sun, 2 May 2010 19:34:21 +0000 (19:34 +0000)
author Ilia Alshanetsky <iliaa@php.net>
Sun, 2 May 2010 19:34:21 +0000 (19:34 +0000)
committer Ilia Alshanetsky <iliaa@php.net>
Sun, 2 May 2010 19:34:21 +0000 (19:34 +0000)
diff --git a/NEWS b/NEWS

index a52393d738ab52e5daf56375e436ccfa381e346f..7b9a08b6e4e9c00b10a281aeaaddac90e63e84cb 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -8,6 +8,8 @@ PHP                                                                        NEWS
  
  - Updated timezone database to version 2010.5. (Derick)
  
+- Fixed a possible stack exaustion inside fnmatch(). Reporeted by Stefan
+  Esser (Ilia)
  - Reset error state in PDO::beginTransaction() reset error state. (Ilia)
  - Fixed a NULL pointer dereference when processing invalid XML-RPC
    requests (Fixes CVE-2010-0397, bug #51288). (Raphael Geissert)
diff --git a/ext/standard/file.c b/ext/standard/file.c

index 6fd1a4d9602ed436b0d12a6d920a1386df170d4d..24179aa76e536e4cd5ea329d58a2bff9eb8c9712 100644 (file)
--- a/ext/standard/file.c
+++ b/ext/standard/file.c
@@ -2551,6 +2551,10 @@ PHP_FUNCTION(fnmatch)
                 php_error_docref(NULL TSRMLS_CC, E_WARNING, "Filename exceeds the maximum allowed length of %d characters", MAXPATHLEN);
                 RETURN_FALSE;
         }
+       if (pattern_len >= MAXPATHLEN) {
+               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Pattern exceeds the maximum allowed length of %d characters", MAXPATHLEN);
+               RETURN_FALSE;
+       }
  
         RETURN_BOOL( ! fnmatch( pattern, filename, flags ));
  }
author	Ilia Alshanetsky <iliaa@php.net>
	Sun, 2 May 2010 19:34:21 +0000 (19:34 +0000)
committer	Ilia Alshanetsky <iliaa@php.net>
	Sun, 2 May 2010 19:34:21 +0000 (19:34 +0000)
NEWS		patch \| blob \| history
ext/standard/file.c		patch \| blob \| history