--- a/components/php/php56/patches/CVE-2015-4024.patch Wed Aug 31 15:13:45 2016 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,103 +0,0 @@
-# Source: upstream
-# https://bugs.php.net/patch-display.php?bug_id=69364&patch=patch-5.4&revision=1431237650
-# Fixed in 5.6.9
-
-diff --git a/main/rfc1867.c b/main/rfc1867.c
-index fab199b..9e2fbd5 100644
---- a/main/rfc1867.c
-+++ b/main/rfc1867.c
-@@ -33,6 +33,7 @@
- #include "php_variables.h"
- #include "rfc1867.h"
- #include "ext/standard/php_string.h"
-+#include "ext/standard/php_smart_str.h"
-
- #define DEBUG_FILE_UPLOAD ZEND_DEBUG
-
-@@ -398,8 +399,9 @@ static int find_boundary(multipart_buffer *self, char *boundary TSRMLS_DC)
- static int multipart_buffer_headers(multipart_buffer *self, zend_llist *header TSRMLS_DC)
- {
- char *line;
-- mime_header_entry prev_entry = {0}, entry;
-- int prev_len, cur_len;
-+ mime_header_entry entry = {0};
-+ smart_str buf_value = {0};
-+ char *key = NULL;
-
- /* didn't find boundary, abort */
- if (!find_boundary(self, self->boundary TSRMLS_CC)) {
-@@ -411,11 +413,10 @@ static int multipart_buffer_headers(multipart_buffer *self, zend_llist *header T
- while( (line = get_line(self TSRMLS_CC)) && strlen(line) > 0 )
- {
- /* add header to table */
-- char *key = line;
- char *value = NULL;
-
- if (php_rfc1867_encoding_translation(TSRMLS_C)) {
-- self->input_encoding = zend_multibyte_encoding_detector(line, strlen(line), self->detect_order, self->detect_order_size TSRMLS_CC);
-+ self->input_encoding = zend_multibyte_encoding_detector((unsigned char *)line, strlen(line), self->detect_order, self->detect_order_size TSRMLS_CC);
- }
-
- /* space in the beginning means same header */
-@@ -424,31 +425,33 @@ static int multipart_buffer_headers(multipart_buffer *self, zend_llist *header T
- }
-
- if (value) {
-- *value = 0;
-- do { value++; } while(isspace(*value));
--
-- entry.value = estrdup(value);
-- entry.key = estrdup(key);
--
-- } else if (zend_llist_count(header)) { /* If no ':' on the line, add to previous line */
--
-- prev_len = strlen(prev_entry.value);
-- cur_len = strlen(line);
--
-- entry.value = emalloc(prev_len + cur_len + 1);
-- memcpy(entry.value, prev_entry.value, prev_len);
-- memcpy(entry.value + prev_len, line, cur_len);
-- entry.value[cur_len + prev_len] = '\0';
-+ if(buf_value.c && key) {
-+ /* new entry, add the old one to the list */
-+ smart_str_0(&buf_value);
-+ entry.key = key;
-+ entry.value = buf_value.c;
-+ zend_llist_add_element(header, &entry);
-+ buf_value.c = NULL;
-+ key = NULL;
-+ }
-
-- entry.key = estrdup(prev_entry.key);
-+ *value = '\0';
-+ do { value++; } while(isspace(*value));
-
-- zend_llist_remove_tail(header);
-+ key = estrdup(line);
-+ smart_str_appends(&buf_value, value);
-+ } else if (buf_value.c) { /* If no ':' on the line, add to previous line */
-+ smart_str_appends(&buf_value, line);
- } else {
- continue;
- }
--
-+ }
-+ if(buf_value.c && key) {
-+ /* add the last one to the list */
-+ smart_str_0(&buf_value);
-+ entry.key = key;
-+ entry.value = buf_value.c;
- zend_llist_add_element(header, &entry);
-- prev_entry = entry;
- }
-
- return 1;
-@@ -884,7 +887,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */
- if (count == PG(max_input_vars) + 1) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars));
- }
--
-+
- if (php_rfc1867_callback != NULL) {
- multipart_event_formdata event_formdata;
-