From: Stanislav Malyshev <stas@php.net>
Date: Tue, 18 Sep 2007 20:25:07 +0000 (+0000)
Subject: add dl() limit patch
X-Git-Tag: php-5.2.5RC1~135
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=08d3f07ced1eda388a2551196eef0d9de9a76ff0;p=php

add dl() limit patch
---

diff --git a/NEWS b/NEWS
index 7a2c79156d..1e722dc287 100644
--- a/NEWS
+++ b/NEWS
@@ -10,6 +10,8 @@ PHP                                                                        NEWS
   (Stas)
 - Fixed PDO crash when driver returns empty LOB stream. (Stas)
 - Fixed dl() to only accept filenames - reported by Laurent Gaffie. (Stas)
+- Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887).
+  (Christian Hoffmann)
 - Fixed missing brackets leading to build warning and error in the log.
   Win32 code). (Andrey)
 - Fixed leaks with multiple connects on one mysqli object. (Andrey)