Hi, Ilia Alshanetsky discovered a casting bug in PHP which can lead to negative memory usage reported by php to the suhosin module. Since suhosin didn't checked for negative memory usage this can be used to bypass the hard_memory_limit. Since the diff is very small I want to upload an update to t-p-u if there a no objections. The patch has been tested and I attached the dif, since its very small I don't expect any side effects. Thanks Alex
diff -u php-suhosin-0.9.12/debian/changelog php-suhosin-0.9.12/debian/changelog --- php-suhosin-0.9.12/debian/changelog +++ php-suhosin-0.9.12/debian/changelog @@ -1,3 +1,10 @@ +php-suhosin (0.9.12-1etch1) testing-proposed-updates; urgency=low + + * Fixed a hard_memory_limit check that together with a casting bug in PHP + can be used to bypass the memory limit. + + -- Alexander Wirt <formorer@debian.org> Mon, 12 Mar 2007 21:19:09 +0100 + php-suhosin (0.9.12-1) unstable; urgency=low * new upstream only in patch2: unchanged: --- php-suhosin-0.9.12.orig/memory_limit.c +++ php-suhosin-0.9.12/memory_limit.c @@ -47,7 +47,7 @@ } if (new_value) { PG(memory_limit) = zend_atoi(new_value, new_value_length); - if (PG(memory_limit) > hard_memory_limit) { + if (PG(memory_limit) > hard_memory_limit || PG(memory_limit) < 0) { suhosin_log(S_MISC, "script tried to increase memory_limit to %u bytes which is above the allowed value", PG(memory_limit)); if (!SUHOSIN_G(simulation)) { PG(memory_limit) = hard_memory_limit;
Attachment:
signature.asc
Description: Digital signature