if you want to create and submit form in drupal form then make sure you give submit action as self. then only you can use drupal’s form function.
Drupal5 does not support PHP 5.4.3 and for those who have sites which are based on drupal 5, this causes major headache. so some guys has wrote a patch which you can apply to core files and use drupal 5 on php 5.4.3.
you can download the patch here:
Its a integer overflow vulnerability in LZ4 ‘lz4.c’. if we see the patch at https://code.google.com/p/lz4/source/diff?spec=svn119&r=119&format=side&path=/trunk/lz4.c
they have added following conditions:
|/* overflow detection */|
|926||if ((sizeof(void*)==4) && unlikely((size_t)(op+length)<(size_t)(op))) goto _output_error; /* quickfix issue 134 */|
|927||if ((endOnInput) && (sizeof(void*)==4) && unlikely((size_t)(ip+length)<(size_t)(ip))) goto _output_error; /* quickfix issue 134 */|
|//if ((sizeof(void*)==4) && unlikely(length>LZ4_MAX_INPUT_SIZE)) goto _output_error; /* overflow detection */|
|967||if ((sizeof(void*)==4) && unlikely((size_t)(op+length)<(size_t)op)) goto _output_error; /* quickfix issue 134 */|
as you may have figured out, we are adding some value to variable ip and then we are checking if some is less then the value of ip. this will be only true in case of integer overflow.simillar check is added for op variable.
Here is the packet:
so whats the issue? lets look in to the patched code:
if you look at the checks there are following checks:
1. if (1 + 2 + 16 > s->s3->rrec.length)
return 0; /* silently discard */
2.if (1 + 2 + payload + 16 > s->s3->rrec.length)
return 0; /* silently discard per RFC 6520 sec. 4 */
3.if (write_length > SSL3_RT_MAX_PLAIN_LENGTH)
first check make sure that it discard the packets where TLS length is less then 19 bytes. why? its because 1 byte denote msg type, 2 bytes denote length and 16 bytes is padding. so this will discard packet with 0 payload length.
second check will make sure that length of payload + header is equal to length mentioned in TLS packet.
third check will make sure that write length is not more then 16348 or 0x4000 which is SSL3_RT_MAX_PLAIN_LENGTH.
This is a quick post and hope it clarifies the things. if you have any questions feel free to mail me.
After long time i did some quick analysis. here are the details for CVE-2013-4232:
if you look at the patch here:
there is only 1 line of code added:
1. set $PYTHONPATH to the sulley dir
2. set $PATH to include python executable.
3.Install libdnet. go to python dir and run python setup.py install
then run any fuzzer from sulley_l2 main dir. should work.
bug fix is simple, remove the print code.