diff options
author | Stanislav Malyshev <stas@php.net> | 2015-06-09 16:23:45 -0700 |
---|---|---|
committer | Stanislav Malyshev <stas@php.net> | 2015-06-09 16:23:45 -0700 |
commit | 7537e639e2b4b80b6294a623ab449d6a1deecb3b (patch) | |
tree | d6d33b616f2bb11f6f58cb5bb7929c0b50468999 | |
parent | c3b2360e466789e29d451fb60e1e700c145c1d76 (diff) | |
parent | 539738c4384ba05a13cb17478e3af0f4d1450542 (diff) | |
download | php-git-7537e639e2b4b80b6294a623ab449d6a1deecb3b.tar.gz |
Merge branch 'PHP-5.4' into PHP-5.4.42
* PHP-5.4:
update NEWS
Fix bug #69646 OS command injection vulnerability in escapeshellarg
Fix #69719 - more checks for nulls in paths
fix test description
Fixed Buf #68812 Unchecked return value.
-rw-r--r-- | NEWS | 6 | ||||
-rw-r--r-- | ext/pgsql/tests/pg_insert_002.phpt | 2 | ||||
-rw-r--r-- | sapi/litespeed/lsapilib.c | 18 |
3 files changed, 21 insertions, 5 deletions
@@ -5,6 +5,12 @@ PHP NEWS - Core: . Imroved fix for bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow). (Max Spelsberg) + . Fixed bug #69646 (OS command injection vulnerability in escapeshellarg). + (Anatol Belski) + . Fixed bug #69719 (Incorrect handling of paths with NULs). (Stas) + +- Litespeed SAPI: + . Fixed bug #68812 (Unchecked return value). (George Wang) - Postgres: . Fixed bug #69667 (segfault in php_pgsql_meta_data). (Remi) diff --git a/ext/pgsql/tests/pg_insert_002.phpt b/ext/pgsql/tests/pg_insert_002.phpt index 87d87b8475..329f525b27 100644 --- a/ext/pgsql/tests/pg_insert_002.phpt +++ b/ext/pgsql/tests/pg_insert_002.phpt @@ -1,5 +1,5 @@ --TEST-- -PostgreSQL pg_select() - basic test using schema +PostgreSQL pg_insert() - test for CVE-2015-1532 --SKIPIF-- <?php include("skipif.inc"); ?> --FILE-- diff --git a/sapi/litespeed/lsapilib.c b/sapi/litespeed/lsapilib.c index baf0db3797..a109909c35 100644 --- a/sapi/litespeed/lsapilib.c +++ b/sapi/litespeed/lsapilib.c @@ -3131,10 +3131,20 @@ static int lsapi_initSuEXEC() if ( !s_defaultUid || !s_defaultGid ) { pw = getpwnam( "nobody" ); - if ( !s_defaultUid ) - s_defaultUid = pw->pw_uid; - if ( !s_defaultGid ) - s_defaultGid = pw->pw_gid; + if ( pw ) + { + if ( !s_defaultUid ) + s_defaultUid = pw->pw_uid; + if ( !s_defaultGid ) + s_defaultGid = pw->pw_gid; + } + else + { + if ( !s_defaultUid ) + s_defaultUid = 10000; + if ( !s_defaultGid ) + s_defaultGid = 10000; + } } return 0; } |