author | Craig Mohrman <craig.mohrman@oracle.com> |
Tue, 23 Jun 2015 13:44:01 -0700 | |
branch | s11u2-sru |
changeset 4534 | 058d7630f55f |
permissions | -rw-r--r-- |
4534
058d7630f55f
20192108 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
1 |
CVE-2015-2787 |
058d7630f55f
20192108 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
2 |
Community BUG: |
058d7630f55f
20192108 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
3 |
https://bugs.php.net/bug.php?id=68976 |
058d7630f55f
20192108 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
4 |
Community CODE: |
058d7630f55f
20192108 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
5 |
https://gist.github.com/smalyshev/eea9eafc7c88a4a6d10d |
058d7630f55f
20192108 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
6 |
Below is the community patch. |
058d7630f55f
20192108 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
7 |
|
058d7630f55f
20192108 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
8 |
|
058d7630f55f
20192108 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
9 |
diff --git a/ext/standard/var_unserializer.c b/ext/standard/var_unserializer.c |
058d7630f55f
20192108 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
10 |
index f114080..c7749a4 100644 |
058d7630f55f
20192108 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
11 |
--- a/ext/standard/var_unserializer.c |
058d7630f55f
20192108 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
12 |
+++ b/ext/standard/var_unserializer.c |
058d7630f55f
20192108 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
13 |
@@ -349,6 +349,7 @@ static inline int process_nested_data(UNSERIALIZE_PARAMETER, HashTable *ht, long |
058d7630f55f
20192108 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
14 |
zend_hash_update(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, &data, |
058d7630f55f
20192108 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
15 |
sizeof data, NULL); |
058d7630f55f
20192108 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
16 |
} |
058d7630f55f
20192108 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
17 |
+ var_push_dtor(var_hash, &data); |
058d7630f55f
20192108 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
18 |
|
058d7630f55f
20192108 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
19 |
zval_dtor(key); |
058d7630f55f
20192108 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
20 |
FREE_ZVAL(key); |
058d7630f55f
20192108 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
21 |
diff --git a/ext/standard/var_unserializer.re b/ext/standard/var_unserializer.re |
058d7630f55f
20192108 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
22 |
index f04fc74..abac77c 100644 |
058d7630f55f
20192108 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
23 |
--- a/ext/standard/var_unserializer.re |
058d7630f55f
20192108 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
24 |
+++ b/ext/standard/var_unserializer.re |
058d7630f55f
20192108 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
25 |
@@ -353,6 +353,7 @@ static inline int process_nested_data(UNSERIALIZE_PARAMETER, HashTable *ht, long |
058d7630f55f
20192108 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
26 |
zend_hash_update(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, &data, |
058d7630f55f
20192108 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
27 |
sizeof data, NULL); |
058d7630f55f
20192108 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
28 |
} |
058d7630f55f
20192108 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
29 |
+ var_push_dtor(var_hash, &data); |
058d7630f55f
20192108 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
30 |
|
058d7630f55f
20192108 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
31 |
zval_dtor(key); |
058d7630f55f
20192108 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
32 |
FREE_ZVAL(key); |