File php7-CVE-2022-31631.patch of Package php7

Overview Repositories Revisions Requests Users Attributes Meta

File php7-CVE-2022-31631.patch of Package php7

Index: php-7.4.33/ext/pdo_sqlite/sqlite_driver.c
===================================================================
--- php-7.4.33.orig/ext/pdo_sqlite/sqlite_driver.c
+++ php-7.4.33/ext/pdo_sqlite/sqlite_driver.c
@@ -233,6 +233,9 @@ static char *pdo_sqlite_last_insert_id(p
 /* NB: doesn't handle binary strings... use prepared stmts for that */
 static int sqlite_handle_quoter(pdo_dbh_t *dbh, const char *unquoted, size_t unquotedlen, char **quoted, size_t *quotedlen, enum pdo_param_type paramtype )
 {
+	if (unquotedlen > (INT_MAX - 3) / 2) {
+		return 0;
+	}
 	*quoted = safe_emalloc(2, unquotedlen, 3);
 	sqlite3_snprintf(2*unquotedlen + 3, *quoted, "'%q'", unquoted);
 	*quotedlen = strlen(*quoted);
Index: php-7.4.33/ext/pdo/pdo_sql_parser.re
===================================================================
--- php-7.4.33.orig/ext/pdo/pdo_sql_parser.re
+++ php-7.4.33/ext/pdo/pdo_sql_parser.re
@@ -257,6 +257,13 @@ safe:
 						if (buf) {
 							zend_string_release_ex(buf, 0);
 						}
+						if (plc->quoted == NULL) {
+							/* bork */
+							ret = -1;
+							strncpy(stmt->error_code, stmt->dbh->error_code, 6);
+							goto clean_up;
+						}
+
 					} else {
 						pdo_raise_impl_error(stmt->dbh, stmt, "HY105", "Expected a stream resource");
 						ret = -1;

Places

File php7-CVE-2022-31631.patch of Package php7

Places