Bug#349985: various unfixed security bugs

Cameron Dale Sat, 01 Apr 2006 14:01:16 -0800

Attached are the patches I have prepared that backports the fixes of
these vulnerabilities to the version in sarge (4.52-1).


They're really attached this time.

-- 

Cameron Dale

diff -Nur libphp-adodb-4.52/build-tree/adodb/server.php 
libphp-adodb-4.52.new/build-tree/adodb/server.php
--- libphp-adodb-4.52/build-tree/adodb/server.php       2004-07-06 
01:32:26.000000000 -0700
+++ libphp-adodb-4.52.new/build-tree/adodb/server.php   2006-03-24 
15:32:39.000000000 -0800
@@ -26,7 +26,7 @@
  * Define the IP address you want to accept requests from 
  * as a security measure. If blank we accept anyone promisciously!
  */
-$ACCEPTIP = '';
+$ACCEPTIP = '127.0.0.1';
 
 /*
  * Connection parameters
@@ -34,7 +34,7 @@
 $driver = 'mysql';
 $host = 'localhost'; // DSN for odbc
 $uid = 'root';
-$pwd = '';
+$pwd = 'garbage-it-is';
 $database = 'test';
 
 /*============================ DO NOT MODIFY BELOW HERE 
=================================*/
@@ -67,13 +67,15 @@
 
 $remote = $HTTP_SERVER_VARS["REMOTE_ADDR"]; 
  
-if (empty($HTTP_GET_VARS['sql'])) err('No SQL');
 
 if (!empty($ACCEPTIP))
  if ($remote != '127.0.0.1' && $remote != $ACCEPTIP) 
        err("Unauthorised client: '$remote'");
 
 
+if (empty($HTTP_GET_VARS['sql'])) err('No SQL');
+
+
 $conn = &ADONewConnection($driver);
 
 if (!$conn->Connect($host,$uid,$pwd,$database)) err($conn->ErrorNo(). $sep . 
$conn->ErrorMsg());
@@ -95,4 +97,4 @@
 } else
        err($conn->ErrorNo(). $sep .$conn->ErrorMsg());
 
-?>
\ No newline at end of file
+?>

diff -Nur libphp-adodb-4.52/build-tree/adodb/tests/tmssql.php 
libphp-adodb-4.52.new/build-tree/adodb/tests/tmssql.php
--- libphp-adodb-4.52/build-tree/adodb/tests/tmssql.php 2003-04-15 
04:36:28.000000000 -0700
+++ libphp-adodb-4.52.new/build-tree/adodb/tests/tmssql.php     2006-03-24 
15:41:04.000000000 -0800
@@ -53,6 +53,16 @@
        $rs = $conn->Execute('delete from tester');
        print "date=".$conn->GetOne('select getdate()')."<br>";
 }
+
+
+$ACCEPTIP = '127.0.0.1';
+
+$remote = $HTTP_SERVER_VARS["REMOTE_ADDR"];
+
+if (!empty($ACCEPTIP))
+ if ($remote != '127.0.0.1' && $remote != $ACCEPTIP)
+       die("Unauthorised client: '$remote'");
+
 ?>
 <a href=tmssql.php?do=tmssql>mssql</a>
 <a href=tmssql.php?do=tpear>pear</a>
@@ -60,6 +70,11 @@
 <?php
 if (!empty($_GET['do'])) {
        $do = $_GET['do'];
-       $do();
+       switch($do) {
+       case 'tpear':
+       case 'tadodb':
+       case 'tmssql':
+               $do();
+       }
 }
-?>
\ No newline at end of file
+?>

diff -Nur libphp-adodb-4.52/build-tree/adodb/drivers/adodb-postgres64.inc.php 
libphp-adodb-4.52.new/build-tree/adodb/drivers/adodb-postgres64.inc.php
--- libphp-adodb-4.52/build-tree/adodb/drivers/adodb-postgres64.inc.php 
2004-08-10 01:26:27.000000000 -0700
+++ libphp-adodb-4.52.new/build-tree/adodb/drivers/adodb-postgres64.inc.php     
2006-03-24 15:49:22.000000000 -0800
@@ -214,7 +214,7 @@
                return $ret;
        }
        
-       /*
+       
        // if magic quotes disabled, use pg_escape_string()
        function qstr($s,$magic_quotes=false)
        {
@@ -223,7 +223,7 @@
                                return  "'".pg_escape_string($s)."'";
                        }
                        if ($this->replaceQuote[0] == '\\'){
-                               $s = 
adodb_str_replace(array('\\',"\0"),array('\\\\',"\\\0"),$s);
+                               $s = 
adodb_str_replace(array('\\',"\0"),array('\\\\',"\\\\000"),$s);
                        }
                        return  
"'".str_replace("'",$this->replaceQuote,$s)."'"; 
                }
@@ -232,7 +232,7 @@
                $s = str_replace('\\"','"',$s);
                return "'$s'";
        }
-       */
+       
        
        
        // Format date column in sql string given an input format that 
understands Y M D

signature.asc
Description: Digital signature

Bug#349985: various unfixed security bugs

Reply via email to