Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP5:GA
php7
php-CVE-2016-10162.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File php-CVE-2016-10162.patch of Package php7
Index: php-7.0.7/ext/wddx/wddx.c =================================================================== --- php-7.0.7.orig/ext/wddx/wddx.c 2017-01-31 09:51:45.076861792 +0100 +++ php-7.0.7/ext/wddx/wddx.c 2017-01-31 09:53:25.534287162 +0100 @@ -955,22 +955,26 @@ static void php_wddx_pop_element(void *u php_error_docref(NULL, E_WARNING, "Class %s can not be unserialized", Z_STRVAL(ent1->data)); } else { /* Initialize target object */ - object_init_ex(&obj, pce); + if (object_init_ex(&obj, pce) != SUCCESS || EG(exception)) { + zval_ptr_dtor(&ent2->data); + ZVAL_UNDEF(&ent2->data); + php_error_docref(NULL, E_WARNING, "Class %s can not be instantiated", Z_STRVAL(ent1->data)); + } else { + /* Merge current hashtable with object's default properties */ + zend_hash_merge(Z_OBJPROP(obj), + Z_ARRVAL(ent2->data), + zval_add_ref, 0); - /* Merge current hashtable with object's default properties */ - zend_hash_merge(Z_OBJPROP(obj), - Z_ARRVAL(ent2->data), - zval_add_ref, 0); + if (incomplete_class) { + php_store_class_name(&obj, Z_STRVAL(ent1->data), Z_STRLEN(ent1->data)); + } - if (incomplete_class) { - php_store_class_name(&obj, Z_STRVAL(ent1->data), Z_STRLEN(ent1->data)); - } - - /* Clean up old array entry */ - zval_ptr_dtor(&ent2->data); + /* Clean up old array entry */ + zval_ptr_dtor(&ent2->data); - /* Set stack entry to point to the newly created object */ - ZVAL_COPY_VALUE(&ent2->data, &obj); + /* Set stack entry to point to the newly created object */ + ZVAL_COPY_VALUE(&ent2->data, &obj); + } } /* Clean up class name var entry */
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor