php-sapi/patches/370_php_20803826.patch

CVE-2013-6501
Community has no fix.
This patch was developed internally.
Will be offered upstream.


--- php-5.3.29/ext/soap/php_sdl.c_orig  2015-07-06 14:07:57.231116620 -0700
+++ php-5.3.29/ext/soap/php_sdl.c   2015-07-06 14:10:38.341928952 -0700
@@ -1544,6 +1544,7 @@
    int f;
    struct stat st;
    char *in, *buf;
+   uid_t euid;

    f = open(fn, O_RDONLY|O_BINARY);
    if (f < 0) {
@@ -1553,6 +1554,15 @@
        close(f);
        return NULL;
    }
+   /*
+    * If I'm not the owner of this file then someone might be
+    * trying to spoof me.
+    */
+   euid = geteuid();
+   if (st.st_uid != euid) {
+       close(f);
+       return NULL;
+   }
    buf = in = emalloc(st.st_size);
    if (read(f, in, st.st_size) != st.st_size) {
        close(f);