Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
php7.6517
php-CVE-2017-12934.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File php-CVE-2017-12934.patch of Package php7.6517
Index: php-7.0.7/ext/standard/var_unserializer.re =================================================================== --- php-7.0.7.orig/ext/standard/var_unserializer.re 2017-08-29 15:23:44.627769363 +0200 +++ php-7.0.7/ext/standard/var_unserializer.re 2017-08-29 15:23:44.639769540 +0200 @@ -500,6 +500,10 @@ static inline int object_common2(UNSERIA && zend_hash_str_exists(&Z_OBJCE_P(rval)->function_table, "__wakeup", sizeof("__wakeup")-1); ht = Z_OBJPROP_P(rval); + if (elements >= HT_MAX_SIZE - zend_hash_num_elements(ht)) { + return 0; + } + zend_hash_extend(ht, zend_hash_num_elements(ht) + elements, (ht->u.flags & HASH_FLAG_PACKED)); if (!process_nested_data(UNSERIALIZE_PASSTHRU, ht, elements, 1)) { if (has_wakeup) { @@ -760,7 +764,7 @@ use_double: *p = YYCURSOR; if (!var_hash) return 0; - if (elements < 0) { + if (elements < 0 || elements >= HT_MAX_SIZE) { return 0; } @@ -783,7 +787,7 @@ use_double: if (!var_hash) return 0; elements = object_common1(UNSERIALIZE_PASSTHRU, ZEND_STANDARD_CLASS_DEF_PTR); - if (elements < 0) { + if (elements < 0 || elements >= HT_MAX_SIZE) { return 0; } return object_common2(UNSERIALIZE_PASSTHRU, elements);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor