Search
j0ke.net Open Build Service
>
Projects
>
internetx
:
php5
>
php-5.3.29
> php-CVE-2015-0273.patch
Sign Up
|
Log In
Username
Password
Cancel
Overview
Repositories
Revisions
Requests
Users
Advanced
Attributes
Meta
File php-CVE-2015-0273.patch of Package php-5.3.29 (Revision 3)
Currently displaying revision
3
,
show latest
https://bugs.php.net/patch-display.php?bug=68942&patch=patch-5.4&revision=1422773336 commit a812c1f5bf3edc986d9ed0a3810cd7bb9eca1330 Author: Stanislav Malyshev <stas@php.net> Date: Sat Jan 31 22:40:08 2015 -0800 Fix bug #68942 (Use after free vulnerability in unserialize() with DateTimeZone) Conflicts: ext/date/php_date.c Index: ext/date/php_date.c =================================================================== --- ext/date/php_date.c.orig 2015-02-25 09:20:30.425481283 +0100 +++ ext/date/php_date.c 2015-02-25 09:24:57.483540522 +0100 @@ -2539,15 +2539,12 @@ timelib_tzinfo *tzi; php_timezone_obj *tzobj; - if (zend_hash_find(myht, "date", 5, (void**) &z_date) == SUCCESS) { - convert_to_string(*z_date); - if (zend_hash_find(myht, "timezone_type", 14, (void**) &z_timezone_type) == SUCCESS) { - convert_to_long(*z_timezone_type); - if (zend_hash_find(myht, "timezone", 9, (void**) &z_timezone) == SUCCESS) { + if (zend_hash_find(myht, "date", 5, (void**) &z_date) == SUCCESS && Z_TYPE_PP(z_date) == IS_STRING) { + if (zend_hash_find(myht, "timezone_type", 14, (void**) &z_timezone_type) == SUCCESS && Z_TYPE_PP(z_timezone_type) == IS_LONG) { + if (zend_hash_find(myht, "timezone", 9, (void**) &z_timezone) == SUCCESS && Z_TYPE_PP(z_timezone) == IS_STRING) { zend_error_handling error_handling; zend_replace_error_handling(EH_THROW, NULL, &error_handling TSRMLS_CC); - convert_to_string(*z_timezone); switch (Z_LVAL_PP(z_timezone_type)) { case TIMELIB_ZONETYPE_OFFSET: @@ -2560,7 +2557,6 @@ } case TIMELIB_ZONETYPE_ID: - convert_to_string(*z_timezone); tzi = php_date_parse_tzfile(Z_STRVAL_PP(z_timezone), DATE_TIMEZONEDB TSRMLS_CC); @@ -2617,7 +2613,9 @@ myht = Z_OBJPROP_P(object); - php_date_initialize_from_hash(&return_value, &dateobj, myht TSRMLS_CC); + if (!php_date_initialize_from_hash(&return_value, &dateobj, myht TSRMLS_CC)) { + php_error(E_ERROR, "Invalid serialization data for DateTime object"); + } } /* }}} */
