oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request, php's shm

From: Tomas Hoger <thoger () redhat com>
Date: Tue, 8 Mar 2011 15:07:30 +0100
On Tue, 8 Mar 2011 14:36:49 +0100 Pierre Joye wrote:


This flaw has been discovered by Jose Carlos Norte, already fixed in
SVN by Felipe Pena (felipe () php net), see
http://svn.php.net/viewvc/?view=revision&revision=309018


It may be more readable to use the check as:

  if (count < 0 || count > shmop->size - size)

Previous size check gives you guarantees regarding shmop->size - size
result.

Just my 2c.

-- 
Tomas Hoger / Red Hat Security Response Team
Previous By Date Next
Previous By Thread Next

Current thread: