Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
php7.9549
php-CVE-2016-7125.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File php-CVE-2016-7125.patch of Package php7.9549
Index: php-7.0.7/ext/session/session.c =================================================================== --- php-7.0.7.orig/ext/session/session.c 2016-05-25 15:13:38.000000000 +0200 +++ php-7.0.7/ext/session/session.c 2016-09-08 10:15:28.044015765 +0200 @@ -963,11 +963,13 @@ PS_SERIALIZER_DECODE_FUNC(php_binary) /* int namelen; zend_string *name; php_unserialize_data_t var_hash; + int skip = 0; PHP_VAR_UNSERIALIZE_INIT(var_hash); for (p = val; p < endptr; ) { zval *tmp; + skip = 0; namelen = ((unsigned char)(*p)) & (~PS_BIN_UNDEF); if (namelen < 0 || namelen > PS_BIN_MAX || (p + namelen) >= endptr) { @@ -983,8 +985,7 @@ PS_SERIALIZER_DECODE_FUNC(php_binary) /* if ((tmp = zend_hash_find(&EG(symbol_table), name))) { if ((Z_TYPE_P(tmp) == IS_ARRAY && Z_ARRVAL_P(tmp) == &EG(symbol_table)) || tmp == &PS(http_session_vars)) { - zend_string_release(name); - continue; + skip = 1; } } @@ -992,8 +993,10 @@ PS_SERIALIZER_DECODE_FUNC(php_binary) /* zval *current, rv; current = var_tmp_var(&var_hash); if (php_var_unserialize(current, (const unsigned char **) &p, (const unsigned char *) endptr, &var_hash)) { - ZVAL_PTR(&rv, current); - php_set_session_var(name, &rv, &var_hash ); + if (!skip) { + ZVAL_PTR(&rv, current); + php_set_session_var(name, &rv, &var_hash ); + } } else { zend_string_release(name); php_session_normalize_vars(); @@ -1001,7 +1004,9 @@ PS_SERIALIZER_DECODE_FUNC(php_binary) /* return FAILURE; } } else { - PS_ADD_VARL(name); + if (!skip) { + PS_ADD_VARL(name); + } } zend_string_release(name); } @@ -1055,6 +1060,7 @@ PS_SERIALIZER_DECODE_FUNC(php) /* {{{ */ zend_string *name; int has_value, retval = SUCCESS; php_unserialize_data_t var_hash; + int skip = 0; PHP_VAR_UNSERIALIZE_INIT(var_hash); @@ -1063,6 +1069,7 @@ PS_SERIALIZER_DECODE_FUNC(php) /* {{{ */ while (p < endptr) { zval *tmp; q = p; + skip = 0; while (*q != PS_DELIMITER) { if (++q >= endptr) goto break_outer_loop; } @@ -1080,7 +1087,7 @@ PS_SERIALIZER_DECODE_FUNC(php) /* {{{ */ if ((tmp = zend_hash_find(&EG(symbol_table), name))) { if ((Z_TYPE_P(tmp) == IS_ARRAY && Z_ARRVAL_P(tmp) == &EG(symbol_table)) || tmp == &PS(http_session_vars)) { - goto skip; + skip = 1; } } @@ -1088,15 +1095,19 @@ PS_SERIALIZER_DECODE_FUNC(php) /* {{{ */ zval *current, rv; current = var_tmp_var(&var_hash); if (php_var_unserialize(current, (const unsigned char **)&q, (const unsigned char *)endptr, &var_hash)) { - ZVAL_PTR(&rv, current); - php_set_session_var(name, &rv, &var_hash); + if (!skip) { + ZVAL_PTR(&rv, current); + php_set_session_var(name, &rv, &var_hash); + } } else { zend_string_release(name); retval = FAILURE; goto break_outer_loop; } } else { - PS_ADD_VARL(name); + if (!skip) { + PS_ADD_VARL(name); + } } skip: zend_string_release(name);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor