ports/161954: [PATCH] net/phpldapadmin: PHP Code Injection Vulnerability

Ruslan Mahmatkhanov cvs-src at yandex.ru
Mon Oct 24 06:20:03 UTC 2011 

>Number:         161954
>Category:       ports
>Synopsis:       [PATCH] net/phpldapadmin: PHP Code Injection Vulnerability
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Mon Oct 24 06:20:02 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator:     Ruslan Mahmatkhanov
>Release:        10.0-CURRENT
>Organization:
>Environment:
10.0-CURRENT i386
>Description:
Fix PHP Code Injection Vulnerability (upstream patch).
Versions 1.2.0-1.2.1.1 are affected.

Advisory: http://packetstormsecurity.org/files/106120/phpldapadmin-inject.txt
Patch: http://phpldapadmin.git.sourceforge.net/git/gitweb.cgi?p=phpldapadmin/phpldapadmin;a=blobdiff;f=lib/functions.php;h=eb160dc9f7d74e563131e21d4c85d7849a0c6638;hp=19fde9974d4e5eb3bfac04bb223ccbefdb98f9a0;hb=76e6dad;hpb=5d4245f93ae6f065e7535f268e3cd87a23b07744

Should be committed asap.
>How-To-Repeat:

>Fix:


Patch attached with submission follows:

diff --git a/Makefile b/Makefile
index f8f3f6a..4e3d5d6 100644
--- a/Makefile
+++ b/Makefile
@@ -7,6 +7,7 @@
 
 PORTNAME=	phpldapadmin
 PORTVERSION=	1.2.1.1
+PORTREVISION=	1
 PORTEPOCH=	1
 CATEGORIES=	net www
 MASTER_SITES=	SF/${PORTNAME}/${PORTNAME}-php5/${PORTVERSION}
diff --git a/files/patch-lib_functions.php b/files/patch-lib_functions.php
new file mode 100644
index 0000000..fda15b8
--- /dev/null
+++ b/files/patch-lib_functions.php
@@ -0,0 +1,18 @@
+X-Git-Url: http://phpldapadmin.git.sourceforge.net/git/gitweb.cgi?p=phpldapadmin%2Fphpldapadmin;a=blobdiff_plain;f=lib%2Ffunctions.php;h=eb160dc9f7d74e563131e21d4c85d7849a0c6638;hp=19fde9974d4e5eb3bfac04bb223ccbefdb98f9a0;hb=76e6dad;hpb=5d4245f93ae6f065e7535f268e3cd87a23b07744
+
+diff --git a/lib/functions.php b/lib/functions.php
+index 19fde99..eb160dc 100644
+--- ./lib/functions.php
++++ ./lib/functions.php
+@@ -1003,8 +1003,9 @@ function masort(&$data,$sortby,$rev=0) {
+ 	if (defined('DEBUG_ENABLED') && DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
+ 		debug_log('Entered (%%)',1,0,__FILE__,__LINE__,__METHOD__,$fargs);
+ 
+-	# if the array to sort is null or empty
+-	if (! $data) return;
++	# if the array to sort is null or empty, or if we have some nasty chars
++	if (! preg_match('/^[a-zA-Z0-9_]+(\([a-zA-Z0-9_,]*\))?$/',$sortby) || ! $data)
++		return;
+ 
+ 	static $CACHE = array();
+ 


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list