Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15-SP1
php7.27849
php7-CVE-2022-31631.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File php7-CVE-2022-31631.patch of Package php7.27849
Index: php-7.2.34/ext/pdo_sqlite/sqlite_driver.c =================================================================== --- php-7.2.34.orig/ext/pdo_sqlite/sqlite_driver.c +++ php-7.2.34/ext/pdo_sqlite/sqlite_driver.c @@ -236,6 +236,9 @@ static char *pdo_sqlite_last_insert_id(p /* NB: doesn't handle binary strings... use prepared stmts for that */ static int sqlite_handle_quoter(pdo_dbh_t *dbh, const char *unquoted, size_t unquotedlen, char **quoted, size_t *quotedlen, enum pdo_param_type paramtype ) { + if (unquotedlen > (INT_MAX - 3) / 2) { + return 0; + } *quoted = safe_emalloc(2, unquotedlen, 3); sqlite3_snprintf(2*unquotedlen + 3, *quoted, "'%q'", unquoted); *quotedlen = strlen(*quoted); Index: php-7.2.34/ext/pdo/pdo_sql_parser.re =================================================================== --- php-7.2.34.orig/ext/pdo/pdo_sql_parser.re +++ php-7.2.34/ext/pdo/pdo_sql_parser.re @@ -233,6 +233,13 @@ safe: if (buf) { zend_string_release(buf); } + if (plc->quoted == NULL) { + /* bork */ + ret = -1; + strncpy(stmt->error_code, stmt->dbh->error_code, 6); + goto clean_up; + } + } else { pdo_raise_impl_error(stmt->dbh, stmt, "HY105", "Expected a stream resource"); ret = -1;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor