You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
alpine-pkg/testing/php5.4/d06-u002-CVE-2016-7124.patch

46 lines
1.7 KiB

Index: php5-5.4.45/ext/standard/var_unserializer.c
===================================================================
--- php5-5.4.45.orig/ext/standard/var_unserializer.c 2016-12-09 15:38:15.403998513 +0100
+++ php5-5.4.45/ext/standard/var_unserializer.c 2016-12-09 15:38:15.395998734 +0100
@@ -437,9 +437,18 @@
}
if (!process_nested_data(UNSERIALIZE_PASSTHRU, Z_OBJPROP_PP(rval), elements, 1)) {
+ /* We've got partially constructed object on our hands here. Wipe it. */
+ if(Z_TYPE_PP(rval) == IS_OBJECT) {
+ zend_hash_clean(Z_OBJPROP_PP(rval));
+ }
+ ZVAL_NULL(*rval);
return 0;
}
+ if (Z_TYPE_PP(rval) != IS_OBJECT) {
+ return 0;
+ }
+
if (Z_OBJCE_PP(rval) != PHP_IC_ENTRY &&
zend_hash_exists(&Z_OBJCE_PP(rval)->function_table, "__wakeup", sizeof("__wakeup"))) {
INIT_PZVAL(&fname);
Index: php5-5.4.45/ext/standard/var_unserializer.re
===================================================================
--- php5-5.4.45.orig/ext/standard/var_unserializer.re 2016-12-09 15:38:15.403998513 +0100
+++ php5-5.4.45/ext/standard/var_unserializer.re 2016-12-09 15:38:15.399998623 +0100
@@ -443,9 +443,18 @@
}
if (!process_nested_data(UNSERIALIZE_PASSTHRU, Z_OBJPROP_PP(rval), elements, 1)) {
+ /* We've got partially constructed object on our hands here. Wipe it. */
+ if(Z_TYPE_PP(rval) == IS_OBJECT) {
+ zend_hash_clean(Z_OBJPROP_PP(rval));
+ }
+ ZVAL_NULL(*rval);
return 0;
}
+ if (Z_TYPE_PP(rval) != IS_OBJECT) {
+ return 0;
+ }
+
if (Z_OBJCE_PP(rval) != PHP_IC_ENTRY &&
zend_hash_exists(&Z_OBJCE_PP(rval)->function_table, "__wakeup", sizeof("__wakeup"))) {
INIT_PZVAL(&fname);