Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
php5.16119
php-CVE-2016-7418.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File php-CVE-2016-7418.patch of Package php5.16119
X-Git-Url: http://72.52.91.13:8000/?p=php-src.git;a=blobdiff_plain;f=ext%2Fwddx%2Fwddx.c;h=0e77826ce8476ea0cb0186dd7cec95b0c0129685;hp=b02d2f07ded469c5ed8256e422428d3ce8bee637;hb=c4cca4c20e75359c9a13a1f9a36cb7b4e9601d29;hpb=f5a9592ad8d2b60cabbaff00662477528ecefb48 Index: php-5.6.1/ext/wddx/wddx.c =================================================================== --- php-5.6.1.orig/ext/wddx/wddx.c 2016-09-23 09:02:55.330571006 +0200 +++ php-5.6.1/ext/wddx/wddx.c 2016-09-23 09:04:15.843860839 +0200 @@ -780,10 +780,10 @@ static void php_wddx_push_element(void * int i; if (atts) for (i = 0; atts[i]; i++) { - if (!strcmp(atts[i], EL_CHAR_CODE) && atts[++i] && atts[i][0]) { + if (!strcmp(atts[i], EL_CHAR_CODE) && atts[i+1] && atts[i+1][0]) { char tmp_buf[2]; - snprintf(tmp_buf, sizeof(tmp_buf), "%c", (char)strtol(atts[i], NULL, 16)); + snprintf(tmp_buf, sizeof(tmp_buf), "%c", (char)strtol(atts[i+1], NULL, 16)); php_wddx_process_data(user_data, tmp_buf, strlen(tmp_buf)); break; } @@ -801,7 +801,7 @@ static void php_wddx_push_element(void * int i; if (atts) for (i = 0; atts[i]; i++) { - if (!strcmp(atts[i], EL_VALUE) && atts[++i] && atts[i][0]) { + if (!strcmp(atts[i], EL_VALUE) && atts[i+1] && atts[i+1][0]) { ent.type = ST_BOOLEAN; SET_STACK_VARNAME; @@ -809,7 +809,7 @@ static void php_wddx_push_element(void * INIT_PZVAL(ent.data); Z_TYPE_P(ent.data) = IS_BOOL; wddx_stack_push((wddx_stack *)stack, &ent, sizeof(st_entry)); - php_wddx_process_data(user_data, atts[i], strlen(atts[i])); + php_wddx_process_data(user_data, atts[i+1], strlen(atts[i+1])); break; } } @@ -842,8 +842,8 @@ static void php_wddx_push_element(void * int i; if (atts) for (i = 0; atts[i]; i++) { - if (!strcmp(atts[i], EL_NAME) && atts[++i] && atts[i][0]) { - stack->varname = estrdup(atts[i]); + if (!strcmp(atts[i], EL_NAME) && atts[i+1] && atts[i+1][0]) { + stack->varname = estrdup(atts[i+1]); break; } } @@ -856,11 +856,12 @@ static void php_wddx_push_element(void * array_init(ent.data); if (atts) for (i = 0; atts[i]; i++) { - if (!strcmp(atts[i], "fieldNames") && atts[++i] && atts[i][0]) { + if (!strcmp(atts[i], "fieldNames") && atts[i+1] && atts[i+1][0]) { zval *tmp; char *key; char *p1, *p2, *endp; + i++; endp = (char *)atts[i] + strlen(atts[i]); p1 = (char *)atts[i]; while ((p2 = php_memnstr(p1, ",", sizeof(",")-1, endp)) != NULL) { @@ -892,13 +893,13 @@ static void php_wddx_push_element(void * ent.data = NULL; if (atts) for (i = 0; atts[i]; i++) { - if (!strcmp(atts[i], EL_NAME) && atts[++i] && atts[i][0]) { + if (!strcmp(atts[i], EL_NAME) && atts[i+1] && atts[i+1][0]) { st_entry *recordset; zval **field; if (wddx_stack_top(stack, (void**)&recordset) == SUCCESS && recordset->type == ST_RECORDSET && - zend_hash_find(Z_ARRVAL_P(recordset->data), (char*)atts[i], strlen(atts[i])+1, (void**)&field) == SUCCESS) { + zend_hash_find(Z_ARRVAL_P(recordset->data), (char*)atts[i+1], strlen(atts[i+1])+1, (void**)&field) == SUCCESS) { ent.data = *field; }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor