equal
deleted
inserted
replaced
|
1 CVE-2015-2787 |
|
2 Community BUG: |
|
3 https://bugs.php.net/bug.php?id=68976 |
|
4 Community CODE: |
|
5 https://gist.github.com/smalyshev/eea9eafc7c88a4a6d10d |
|
6 Below is the community patch. |
|
7 |
|
8 |
|
9 diff --git a/ext/standard/var_unserializer.c b/ext/standard/var_unserializer.c |
|
10 index f114080..c7749a4 100644 |
|
11 --- a/ext/standard/var_unserializer.c |
|
12 +++ b/ext/standard/var_unserializer.c |
|
13 @@ -349,6 +349,7 @@ static inline int process_nested_data(UNSERIALIZE_PARAMETER, HashTable *ht, long |
|
14 zend_hash_update(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, &data, |
|
15 sizeof data, NULL); |
|
16 } |
|
17 + var_push_dtor(var_hash, &data); |
|
18 |
|
19 zval_dtor(key); |
|
20 FREE_ZVAL(key); |
|
21 diff --git a/ext/standard/var_unserializer.re b/ext/standard/var_unserializer.re |
|
22 index f04fc74..abac77c 100644 |
|
23 --- a/ext/standard/var_unserializer.re |
|
24 +++ b/ext/standard/var_unserializer.re |
|
25 @@ -353,6 +353,7 @@ static inline int process_nested_data(UNSERIALIZE_PARAMETER, HashTable *ht, long |
|
26 zend_hash_update(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, &data, |
|
27 sizeof data, NULL); |
|
28 } |
|
29 + var_push_dtor(var_hash, &data); |
|
30 |
|
31 zval_dtor(key); |
|
32 FREE_ZVAL(key); |