Date: Mon, 24 Oct 2011 06:14:09 GMT From: Ruslan Mahmatkhanov <cvs-src@yandex.ru> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/161954: [PATCH] net/phpldapadmin: PHP Code Injection Vulnerability Message-ID: <201110240614.p9O6E9jK051827@red.freebsd.org> Resent-Message-ID: <201110240620.p9O6K2VK072215@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 161954 >Category: ports >Synopsis: [PATCH] net/phpldapadmin: PHP Code Injection Vulnerability >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Mon Oct 24 06:20:02 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Ruslan Mahmatkhanov >Release: 10.0-CURRENT >Organization: >Environment: 10.0-CURRENT i386 >Description: Fix PHP Code Injection Vulnerability (upstream patch). Versions 1.2.0-1.2.1.1 are affected. Advisory: http://packetstormsecurity.org/files/106120/phpldapadmin-inject.txt Patch: http://phpldapadmin.git.sourceforge.net/git/gitweb.cgi?p=phpldapadmin/phpldapadmin;a=blobdiff;f=lib/functions.php;h=eb160dc9f7d74e563131e21d4c85d7849a0c6638;hp=19fde9974d4e5eb3bfac04bb223ccbefdb98f9a0;hb=76e6dad;hpb=5d4245f93ae6f065e7535f268e3cd87a23b07744 Should be committed asap. >How-To-Repeat: >Fix: Patch attached with submission follows: diff --git a/Makefile b/Makefile index f8f3f6a..4e3d5d6 100644 --- a/Makefile +++ b/Makefile @@ -7,6 +7,7 @@ PORTNAME= phpldapadmin PORTVERSION= 1.2.1.1 +PORTREVISION= 1 PORTEPOCH= 1 CATEGORIES= net www MASTER_SITES= SF/${PORTNAME}/${PORTNAME}-php5/${PORTVERSION} diff --git a/files/patch-lib_functions.php b/files/patch-lib_functions.php new file mode 100644 index 0000000..fda15b8 --- /dev/null +++ b/files/patch-lib_functions.php @@ -0,0 +1,18 @@ +X-Git-Url: http://phpldapadmin.git.sourceforge.net/git/gitweb.cgi?p=phpldapadmin%2Fphpldapadmin;a=blobdiff_plain;f=lib%2Ffunctions.php;h=eb160dc9f7d74e563131e21d4c85d7849a0c6638;hp=19fde9974d4e5eb3bfac04bb223ccbefdb98f9a0;hb=76e6dad;hpb=5d4245f93ae6f065e7535f268e3cd87a23b07744 + +diff --git a/lib/functions.php b/lib/functions.php +index 19fde99..eb160dc 100644 +--- ./lib/functions.php ++++ ./lib/functions.php +@@ -1003,8 +1003,9 @@ function masort(&$data,$sortby,$rev=0) { + if (defined('DEBUG_ENABLED') && DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS')) + debug_log('Entered (%%)',1,0,__FILE__,__LINE__,__METHOD__,$fargs); + +- # if the array to sort is null or empty +- if (! $data) return; ++ # if the array to sort is null or empty, or if we have some nasty chars ++ if (! preg_match('/^[a-zA-Z0-9_]+(\([a-zA-Z0-9_,]*\))?$/',$sortby) || ! $data) ++ return; + + static $CACHE = array(); + >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201110240614.p9O6E9jK051827>