ports/147163: [PATCH] graphics/php4-gd: [Security fix for gd remote buffer overflow vulnerability]
Michael Ranner
michael at ranner.eu
Fri May 28 14:20:03 UTC 2010
>Number: 147163
>Category: ports
>Synopsis: [PATCH] graphics/php4-gd: [Security fix for gd remote buffer overflow vulnerability]
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Fri May 28 14:20:01 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator: Michael Ranner
>Release: FreeBSD 8.0-RELEASE amd64
>Organization:
>Environment:
System: FreeBSD dwarf.jawa.at 8.0-RELEASE FreeBSD 8.0-RELEASE #0: Sat Nov 21 15:02:08 UTC 2009
>Description:
Security fix for gd -- '_gdGetColors' remote buffer overflow vulnerability
Obsoletes ports/145060
Added file(s):
- files/patch-gd_gd.c
Port maintainer (ale at FreeBSD.org) is cc'd.
Generated with FreeBSD Port Tools 0.99
>How-To-Repeat:
>Fix:
--- php4-gd-4.4.9_3.patch begins here ---
diff -ruN --exclude=CVS /usr/ports/graphics/php4-gd/Makefile /usr/ports/graphics/php4-gd.fixed/Makefile
--- /usr/ports/graphics/php4-gd/Makefile 2010-05-28 16:00:18.000000000 +0200
+++ /usr/ports/graphics/php4-gd.fixed/Makefile 2010-05-28 16:01:09.000000000 +0200
@@ -5,6 +5,7 @@
# $FreeBSD: ports/graphics/php4-gd/Makefile,v 1.1 2004/07/19 07:21:35 ale Exp $
#
+PORTREVISION= 3
CATEGORIES= graphics
MASTERDIR= ${.CURDIR}/../../lang/php4
diff -ruN --exclude=CVS /usr/ports/graphics/php4-gd/files/patch-gd_gd.c /usr/ports/graphics/php4-gd.fixed/files/patch-gd_gd.c
--- /usr/ports/graphics/php4-gd/files/patch-gd_gd.c 1970-01-01 01:00:00.000000000 +0100
+++ /usr/ports/graphics/php4-gd.fixed/files/patch-gd_gd.c 2010-05-28 16:01:52.000000000 +0200
@@ -0,0 +1,12 @@
+--- libgd/gd_gd.c.orig 2010-03-26 14:26:22.000000000 +0100
++++ libgd/gd_gd.c 2010-03-26 14:28:03.000000000 +0100
+@@ -40,6 +40,9 @@
+ if (!gdGetWord(&im->colorsTotal, in)) {
+ goto fail1;
+ }
++ if (im->colorsTotal > gdMaxColors) {
++ goto fail1;
++ }
+ }
+ /* Int to accommodate truecolor single-color transparency */
+ if (!gdGetInt(&im->transparent, in)) {
--- php4-gd-4.4.9_3.patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list