Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP5:GA
php7
php-CVE-2016-7418.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File php-CVE-2016-7418.patch of Package php7
X-Git-Url: http://72.52.91.13:8000/?p=php-src.git;a=blobdiff_plain;f=ext%2Fwddx%2Fwddx.c;h=7d805e484f27e6dbda86a4f66a16976c4249813b;hp=ecbe153814c8cef90569f45a75db4ab5accbc863;hb=9528ce73156e2b6a5e96e371068b24a5975f4bcd;hpb=c5f34c9eca28769a3cc385501ee55bf153028dc4 Index: php-7.0.7/ext/wddx/wddx.c =================================================================== --- php-7.0.7.orig/ext/wddx/wddx.c 2016-09-23 08:58:02.133875079 +0200 +++ php-7.0.7/ext/wddx/wddx.c 2016-09-23 08:59:38.231414018 +0200 @@ -736,10 +736,10 @@ static void php_wddx_push_element(void * int i; if (atts) for (i = 0; atts[i]; i++) { - if (!strcmp((char *)atts[i], EL_CHAR_CODE) && atts[++i] && atts[i][0]) { + if (!strcmp((char *)atts[i], EL_CHAR_CODE) && atts[i+1] && atts[i+1][0]) { char tmp_buf[2]; - snprintf(tmp_buf, sizeof(tmp_buf), "%c", (char)strtol((char *)atts[i], NULL, 16)); + snprintf(tmp_buf, sizeof(tmp_buf), "%c", (char)strtol((char *)atts[i+1], NULL, 16)); php_wddx_process_data(user_data, (XML_Char *) tmp_buf, strlen(tmp_buf)); break; } @@ -754,13 +754,13 @@ static void php_wddx_push_element(void * int i; if (atts) for (i = 0; atts[i]; i++) { - if (!strcmp((char *)atts[i], EL_VALUE) && atts[++i] && atts[i][0]) { + if (!strcmp((char *)atts[i], EL_VALUE) && atts[i+1] && atts[i+1][0]) { ent.type = ST_BOOLEAN; SET_STACK_VARNAME; ZVAL_TRUE(&ent.data); wddx_stack_push((wddx_stack *)stack, &ent, sizeof(st_entry)); - php_wddx_process_data(user_data, atts[i], strlen((char *)atts[i])); + php_wddx_process_data(user_data, atts[i+1], strlen((char *)atts[i+1])); break; } } @@ -786,8 +786,8 @@ static void php_wddx_push_element(void * int i; if (atts) for (i = 0; atts[i]; i++) { - if (!strcmp((char *)atts[i], EL_NAME) && atts[++i] && atts[i][0]) { - stack->varname = estrdup((char *)atts[i]); + if (!strcmp((char *)atts[i], EL_NAME) && atts[i+1] && atts[i+1][0]) { + stack->varname = estrdup((char *)atts[i+1]); break; } } @@ -799,11 +799,12 @@ static void php_wddx_push_element(void * array_init(&ent.data); if (atts) for (i = 0; atts[i]; i++) { - if (!strcmp((char *)atts[i], "fieldNames") && atts[++i] && atts[i][0]) { + if (!strcmp((char *)atts[i], "fieldNames") && atts[i+1] && atts[i+1][0]) { zval tmp; char *key; const char *p1, *p2, *endp; + i++; endp = (char *)atts[i] + strlen((char *)atts[i]); p1 = (char *)atts[i]; while ((p2 = php_memnstr(p1, ",", sizeof(",")-1, endp)) != NULL) { @@ -833,13 +834,13 @@ static void php_wddx_push_element(void * ZVAL_UNDEF(&ent.data); if (atts) for (i = 0; atts[i]; i++) { - if (!strcmp((char *)atts[i], EL_NAME) && atts[++i] && atts[i][0]) { + if (!strcmp((char *)atts[i], EL_NAME) && atts[i+1] && atts[i+1][0]) { st_entry *recordset; zval *field; if (wddx_stack_top(stack, (void**)&recordset) == SUCCESS && recordset->type == ST_RECORDSET && - (field = zend_hash_str_find(Z_ARRVAL(recordset->data), (char*)atts[i], strlen((char *)atts[i]))) != NULL) { + (field = zend_hash_str_find(Z_ARRVAL(recordset->data), (char*)atts[i+1], strlen((char *)atts[i+1]))) != NULL) { ZVAL_COPY_VALUE(&ent.data, field); }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor