CVE-2014-9653
Community BUG:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9653
Community CODE:
https://github.com/file/file/commit/445c8fb0ebff85195be94cd9f7e1df89cade5c7f
This patch was adapted from the community reports above.
--- php-5.3.29/ext/fileinfo/libmagic/readelf.c_orig 2015-06-12 16:40:10.463458900 -0700
+++ php-5.3.29/ext/fileinfo/libmagic/readelf.c 2015-06-12 16:59:36.213626077 -0700
@@ -313,7 +313,7 @@
file_badseek(ms);
return -1;
}
- if (FINFO_READ_FUNC(fd, xph_addr, xph_sizeof) == -1) {
+ if (FINFO_READ_FUNC(fd, xph_addr, xph_sizeof) < (ssize_t)xph_sizeof) {
file_badread(ms);
return -1;
}
@@ -869,7 +869,7 @@
file_badseek(ms);
return -1;
}
- if (FINFO_READ_FUNC(fd, xsh_addr, xsh_sizeof) == -1) {
+ if (FINFO_READ_FUNC(fd, xsh_addr, xsh_sizeof) < (ssize_t)xsh_sizeof) {
file_badread(ms);
return -1;
}
@@ -901,7 +901,7 @@
efree(nbuf);
return -1;
}
- if (FINFO_READ_FUNC(fd, nbuf, (size_t)xsh_size) !=
+ if (FINFO_READ_FUNC(fd, nbuf, (size_t)xsh_size) <
(ssize_t)xsh_size) {
efree(nbuf);
file_badread(ms);
@@ -1058,7 +1058,7 @@
return -1;
}
- if (FINFO_READ_FUNC(fd, xph_addr, xph_sizeof) == -1) {
+ if (FINFO_READ_FUNC(fd, xph_addr, xph_sizeof) < (ssize_t)xph_sizeof) {
file_badread(ms);
return -1;
}