20192108 problem in UTILITY/PHP
20231115 problem in UTILITY/PHP
20936509 problem in UTILITY/PHP
20804024 problem in UTILITY/PHP
20804061 problem in UTILITY/PHP
20804135 problem in UTILITY/PHP
20804363 problem in UTILITY/PHP
20804424 problem in UTILITY/PHP
20433657 problem in UTILITY/PHP
20803998 problem in UTILITY/PHP
20804391 problem in UTILITY/PHP
CVE-2015-2787
Community BUG:
https://bugs.php.net/bug.php?id=68976
Community CODE:
https://gist.github.com/smalyshev/eea9eafc7c88a4a6d10d
Below is the community patch.
diff --git a/ext/standard/var_unserializer.c b/ext/standard/var_unserializer.c
index f114080..c7749a4 100644
--- a/ext/standard/var_unserializer.c
+++ b/ext/standard/var_unserializer.c
@@ -349,6 +349,7 @@ static inline int process_nested_data(UNSERIALIZE_PARAMETER, HashTable *ht, long
zend_hash_update(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, &data,
sizeof data, NULL);
}
+ var_push_dtor(var_hash, &data);
zval_dtor(key);
FREE_ZVAL(key);
diff --git a/ext/standard/var_unserializer.re b/ext/standard/var_unserializer.re
index f04fc74..abac77c 100644
--- a/ext/standard/var_unserializer.re
+++ b/ext/standard/var_unserializer.re
@@ -353,6 +353,7 @@ static inline int process_nested_data(UNSERIALIZE_PARAMETER, HashTable *ht, long
zend_hash_update(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, &data,
sizeof data, NULL);
}
+ var_push_dtor(var_hash, &data);
zval_dtor(key);
FREE_ZVAL(key);