Changeset 112

Timestamp:

06/27/05 13:53:08 (3 years ago)

Author:

zoeloelip

Message:

Fixed a buffer overflow in eaccelerator.c and cache.c. A string longer

then 8 bytes was copied in a char array of length 8. This isn't a
security risk because the overflowed bytes were directly overwritten
by other values. This fixes bug 1228096 which was caused by the
bufferoverflow detection in FC4.
http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html

Files:

• eaccelerator/trunk/ChangeLog (modified) (1 diff)
• eaccelerator/trunk/cache.c (modified) (1 diff)
• eaccelerator/trunk/eaccelerator.c (modified) (1 diff)

eaccelerator/trunk/ChangeLog

@@ +1 @@
+2005-06-27 Bart Vanbrabant <bart.vanbrabant at zoeloelip.be>
+        * Fixed a buffer overflow in eaccelerator.c and cache.c. A string longer
+          then 8 bytes was copied in a char array of length 8. This isn't a
+          security risk because the overflowed bytes were directly overwritten
+          by other values. This fixes bug 1228096 which was caused by the 
+          bufferoverflow detection in FC4. 
+          http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html
+
-2005-06-24 Bart Vanbrabant <bart.vanbrabant at zoeloelip.be>
-        * The future check is removed because mtime are only checked on changes

eaccelerator/trunk/cache.c

@@ -277 +277 @@
-                                mm_file_header hdr;
-                                EACCELERATOR_FLOCK (f, LOCK_EX);
-cpy (hdr.magic, "EACCELERATOR"
+ncpy (hdr.magic, "EACCELERATOR", 8
-                                hdr.eaccelerator_version = binary_eaccelerator_version;
-                                hdr.zend_version = binary_zend_version;

eaccelerator/trunk/eaccelerator.c

@@ -918 +918 @@
-  if (f > 0) {
-    EACCELERATOR_FLOCK(f, LOCK_EX);
-cpy(hdr.magic,"EACCELERATOR"
+ncpy(hdr.magic, "EACCELERATOR", 8
-    hdr.eaccelerator_version = binary_eaccelerator_version;
-    hdr.zend_version    = binary_zend_version;