File php7-CVE-2022-31631.patch of Package php73

Overview Repositories Revisions Requests Users Attributes Meta

File php7-CVE-2022-31631.patch of Package php73 (Revision 027d7e587ced9bd483cc3ec1b09938db)

Currently displaying revision 027d7e587ced9bd483cc3ec1b09938db , Show latest

diff -Pdpru php-7.3.33.orig/ext/pdo/pdo_sql_parser.c php-7.3.33/ext/pdo/pdo_sql_parser.c
--- php-7.3.33.orig/ext/pdo/pdo_sql_parser.c	2021-11-16 14:18:33.000000000 +0300
+++ php-7.3.33/ext/pdo/pdo_sql_parser.c	2023-01-13 13:17:18.344955270 +0300
@@ -46,7 +46,7 @@ static int scan(Scanner *s)
 	s->tok = cursor;
 
 
-	
+
 {
 	YYCTYPE yych;
 	if ((YYLIMIT - YYCURSOR) < 2) YYFILL(2);
@@ -525,6 +525,13 @@ safe:
 						if (buf) {
 							zend_string_release_ex(buf, 0);
 						}
+						if (plc->quoted == NULL) {
+							/* bork */
+							ret = -1;
+							strncpy(stmt->error_code, stmt->dbh->error_code, 6);
+							goto clean_up;
+						}
+
 					} else {
 						pdo_raise_impl_error(stmt->dbh, stmt, "HY105", "Expected a stream resource");
 						ret = -1;
diff -Pdpru php-7.3.33.orig/ext/pdo_sqlite/sqlite_driver.c php-7.3.33/ext/pdo_sqlite/sqlite_driver.c
--- php-7.3.33.orig/ext/pdo_sqlite/sqlite_driver.c	2021-11-16 14:18:38.000000000 +0300
+++ php-7.3.33/ext/pdo_sqlite/sqlite_driver.c	2023-01-13 13:13:45.900150431 +0300
@@ -233,6 +233,9 @@ static char *pdo_sqlite_last_insert_id(p
 /* NB: doesn't handle binary strings... use prepared stmts for that */
 static int sqlite_handle_quoter(pdo_dbh_t *dbh, const char *unquoted, size_t unquotedlen, char **quoted, size_t *quotedlen, enum pdo_param_type paramtype )
 {
+	if (unquotedlen > (INT_MAX - 3) / 2) {
+		return 0;
+	}
 	*quoted = safe_emalloc(2, unquotedlen, 3);
 	sqlite3_snprintf(2*unquotedlen + 3, *quoted, "'%q'", unquoted);
 	*quotedlen = strlen(*quoted);

Places

File php7-CVE-2022-31631.patch of Package php73 (Revision 027d7e587ced9bd483cc3ec1b09938db)

Places