Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
php5.10310
php-CVE-2016-7124.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File php-CVE-2016-7124.patch of Package php5.10310
Index: php-5.6.1/ext/standard/var_unserializer.re =================================================================== --- php-5.6.1.orig/ext/standard/var_unserializer.re 2016-09-08 11:14:45.383620094 +0200 +++ php-5.6.1/ext/standard/var_unserializer.re 2016-09-08 11:59:20.272671867 +0200 @@ -435,9 +435,18 @@ static inline int object_common2(UNSERIA } if (!process_nested_data(UNSERIALIZE_PASSTHRU, Z_OBJPROP_PP(rval), elements, 1)) { + /* We've got partially constructed object on our hands here. Wipe it. */ + if(Z_TYPE_PP(rval) == IS_OBJECT) { + zend_hash_clean(Z_OBJPROP_PP(rval)); + } + ZVAL_NULL(*rval); return 0; } + if (Z_TYPE_PP(rval) != IS_OBJECT) { + return 0; + } + if (Z_OBJCE_PP(rval) != PHP_IC_ENTRY && zend_hash_exists(&Z_OBJCE_PP(rval)->function_table, "__wakeup", sizeof("__wakeup"))) { INIT_PZVAL(&fname);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor