ports/161954: [PATCH] net/phpldapadmin: PHP Code Injection Vulnerability
Ruslan Mahmatkhanov
cvs-src at yandex.ru
Mon Oct 24 06:20:03 UTC 2011
>Number: 161954
>Category: ports
>Synopsis: [PATCH] net/phpldapadmin: PHP Code Injection Vulnerability
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Mon Oct 24 06:20:02 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator: Ruslan Mahmatkhanov
>Release: 10.0-CURRENT
>Organization:
>Environment:
10.0-CURRENT i386
>Description:
Fix PHP Code Injection Vulnerability (upstream patch).
Versions 1.2.0-1.2.1.1 are affected.
Advisory: http://packetstormsecurity.org/files/106120/phpldapadmin-inject.txt
Patch: http://phpldapadmin.git.sourceforge.net/git/gitweb.cgi?p=phpldapadmin/phpldapadmin;a=blobdiff;f=lib/functions.php;h=eb160dc9f7d74e563131e21d4c85d7849a0c6638;hp=19fde9974d4e5eb3bfac04bb223ccbefdb98f9a0;hb=76e6dad;hpb=5d4245f93ae6f065e7535f268e3cd87a23b07744
Should be committed asap.
>How-To-Repeat:
>Fix:
Patch attached with submission follows:
diff --git a/Makefile b/Makefile
index f8f3f6a..4e3d5d6 100644
--- a/Makefile
+++ b/Makefile
@@ -7,6 +7,7 @@
PORTNAME= phpldapadmin
PORTVERSION= 1.2.1.1
+PORTREVISION= 1
PORTEPOCH= 1
CATEGORIES= net www
MASTER_SITES= SF/${PORTNAME}/${PORTNAME}-php5/${PORTVERSION}
diff --git a/files/patch-lib_functions.php b/files/patch-lib_functions.php
new file mode 100644
index 0000000..fda15b8
--- /dev/null
+++ b/files/patch-lib_functions.php
@@ -0,0 +1,18 @@
+X-Git-Url: http://phpldapadmin.git.sourceforge.net/git/gitweb.cgi?p=phpldapadmin%2Fphpldapadmin;a=blobdiff_plain;f=lib%2Ffunctions.php;h=eb160dc9f7d74e563131e21d4c85d7849a0c6638;hp=19fde9974d4e5eb3bfac04bb223ccbefdb98f9a0;hb=76e6dad;hpb=5d4245f93ae6f065e7535f268e3cd87a23b07744
+
+diff --git a/lib/functions.php b/lib/functions.php
+index 19fde99..eb160dc 100644
+--- ./lib/functions.php
++++ ./lib/functions.php
+@@ -1003,8 +1003,9 @@ function masort(&$data,$sortby,$rev=0) {
+ if (defined('DEBUG_ENABLED') && DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
+ debug_log('Entered (%%)',1,0,__FILE__,__LINE__,__METHOD__,$fargs);
+
+- # if the array to sort is null or empty
+- if (! $data) return;
++ # if the array to sort is null or empty, or if we have some nasty chars
++ if (! preg_match('/^[a-zA-Z0-9_]+(\([a-zA-Z0-9_,]*\))?$/',$sortby) || ! $data)
++ return;
+
+ static $CACHE = array();
+
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list