Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:GA
php5.10310
php-CVE-2015-6831.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File php-CVE-2015-6831.patch of Package php5.10310
X-Git-Url: http://72.52.91.13:8000/?p=php-src.git;a=blobdiff_plain;f=ext%2Fspl%2Fspl_array.c;h=86608c0d5296616327c50d93fe280d03b5dbba4a;hp=a37eced00253e005366a7d5087e174572b28e547;hb=7381b6accc5559b2de039af3a22f6ec1003b03b3;hpb=c7d3c027d5ce45c96c8450a7f074ab2dfbcaa0c4 Index: ext/spl/spl_array.c =================================================================== --- ext/spl/spl_array.c.orig 2014-10-01 11:17:38.000000000 +0200 +++ ext/spl/spl_array.c 2015-08-20 09:16:26.594618824 +0200 @@ -1774,6 +1774,7 @@ goto outexcept; } + var_push_dtor(&var_hash, &pflags); --p; /* for ';' */ flags = Z_LVAL_P(pflags); zval_ptr_dtor(&pflags); @@ -1798,6 +1799,7 @@ if (!php_var_unserialize(&intern->array, &p, s + buf_len, &var_hash TSRMLS_CC)) { goto outexcept; } + var_push_dtor(&var_hash, &intern->array); } if (*p != ';') { goto outexcept; @@ -1816,6 +1818,7 @@ goto outexcept; } + var_push_dtor(&var_hash, &pmembers); /* copy members */ if (!intern->std.properties) { rebuild_object_properties(&intern->std); Index: ext/spl/spl_observer.c =================================================================== --- ext/spl/spl_observer.c.orig 2014-10-01 11:17:38.000000000 +0200 +++ ext/spl/spl_observer.c 2015-08-20 10:15:57.164329814 +0200 @@ -848,6 +848,7 @@ goto outexcept; } + var_push_dtor(&var_hash, &pcount); --p; /* for ';' */ count = Z_LVAL_P(pcount); @@ -919,6 +920,7 @@ goto outexcept; } + var_push_dtor(&var_hash, &pmembers); /* copy members */ if (!intern->std.properties) { rebuild_object_properties(&intern->std); commit e9d961ee18c6dba28a3a7670a3de29dfa349148e Author: Stanislav Malyshev <stas@php.net> Date: Sat Aug 1 21:51:08 2015 -0700 Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList) --- ext/spl/spl_dllist.c +++ ext/spl/spl_dllist.c @@ -1209,6 +1209,7 @@ SPL_METHOD(SplDoublyLinkedList, unserialize) zval_ptr_dtor(&flags); goto error; } + var_push_dtor(&var_hash, &flags); intern->flags = Z_LVAL_P(flags); zval_ptr_dtor(&flags);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor