You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
alpine-pkg/testing/php5.4/d06-u005-CVE-2016-7130.patch

58 lines
1.6 KiB

Index: php5-5.4.45/ext/wddx/tests/bug72750.phpt
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ php5-5.4.45/ext/wddx/tests/bug72750.phpt 2016-12-09 15:46:12.490805829 +0100
@@ -0,0 +1,34 @@
+--TEST--
+Bug #72750: wddx_deserialize null dereference
+--SKIPIF--
+<?php
+if (!extension_loaded('wddx')) {
+ die('skip. wddx not available');
+}
+?>
+--FILE--
+<?php
+
+$xml = <<< XML
+<?xml version='1.0'?>
+<!DOCTYPE wddxPacket SYSTEM 'wddx_0100.dtd'>
+<wddxPacket version='1.0'>
+<header/>
+ <data>
+ <struct>
+ <var name='aBinary'>
+ <binary length='11'>\\tYmluYXJRhdGE=</binary>
+ </var>
+ </struct>
+ </data>
+</wddxPacket>
+XML;
+
+$array = wddx_deserialize($xml);
+var_dump($array);
+?>
+--EXPECT--
+array(1) {
+ ["aBinary"]=>
+ string(0) ""
+}
Index: php5-5.4.45/ext/wddx/wddx.c
===================================================================
--- php5-5.4.45.orig/ext/wddx/wddx.c 2016-12-09 15:46:12.498805608 +0100
+++ php5-5.4.45/ext/wddx/wddx.c 2016-12-09 15:46:12.490805829 +0100
@@ -942,8 +942,12 @@
new_str = php_base64_decode(Z_STRVAL_P(ent1->data), Z_STRLEN_P(ent1->data), &new_len);
STR_FREE(Z_STRVAL_P(ent1->data));
- Z_STRVAL_P(ent1->data) = new_str;
- Z_STRLEN_P(ent1->data) = new_len;
+ if (new_str) {
+ Z_STRVAL_P(ent1->data) = new_str;
+ Z_STRLEN_P(ent1->data) = new_len;
+ } else {
+ ZVAL_EMPTY_STRING(ent1->data);
+ }
}
/* Call __wakeup() method on the object. */