kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

And more fix for memory leaks by revision 323013 from PHP's repository.

Browse source 
Hopefully, these 18 minutes is allowed to avoid to PKGREVISION bump.
This commit is contained in:
taca 2012-02-02 16:19:44 +00:00
parent 47047edb7c
commit c1134af3a6
2 changed files with 37 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
lang/php53/distinfo
View file

@ -1,4 +1,4 @@
$NetBSD: distinfo,v 1.33 2012/02/02 16:00:40 taca Exp $
$NetBSD: distinfo,v 1.34 2012/02/02 16:19:44 taca Exp $
SHA1 (php-5.3.9/php-5.3.9.tar.bz2) = fe0626735c3d9dd370cef9bdcfe9506629449f51
RMD160 (php-5.3.9/php-5.3.9.tar.bz2) = 428ed51982637f092c43369cf5cfb284d58da3f6
@ -17,6 +17,6 @@ SHA1 (patch-ah) = b20c29c64b3099f77855a5ec28960dc1c4f65c83
SHA1 (patch-ai) = d4766893a2c47a4e4a744248dda265b0a9a66a1f
SHA1 (patch-aj) = d611d13fcc28c5d2b9e9586832ce4b8ae5707b48
SHA1 (patch-al) = fbbee5502e0cd1c47c6e7c15e0d54746414ec32e
SHA1 (patch-main_php__variables.c) = 2938bda56e51ddefd8b589035fc68ded9b83ab57
SHA1 (patch-main_php__variables.c) = 94a3fe7d0c52bf98bf91666448bd5a629f25802d
SHA1 (patch-main_streams_cast.c) = c169ccb73dc660e40eff9f9e168374f35eedadad
SHA1 (patch-php__mssql.c) = b46c688ff2d8da33ca2f9beb0eb9182b6edf7e23

39
lang/php53/patches/patch-main_php__variables.c
View file

@ -1,19 +1,50 @@
$NetBSD: patch-main_php__variables.c,v 1.3 2012/02/02 16:00:40 taca Exp $
$NetBSD: patch-main_php__variables.c,v 1.4 2012/02/02 16:19:44 taca Exp $
Fix for "Critical PHP Remote Vulnerability Introduced in Fix for PHP Hashtable
Collision DOS" by revision 323007 from PHP's repository.
* Fix for "Critical PHP Remote Vulnerability Introduced in Fix for PHP Hashtable
Collision DOS" by revision 323007 from PHP's repository.
http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/
* And more fix for memory leaks by revision 323013 from PHP's repository.
--- main/php_variables.c.orig 2012-01-01 13:15:04.000000000 +0000
+++ main/php_variables.c
@@ -198,6 +198,9 @@ PHPAPI void php_register_variable_ex(cha
@@ -182,7 +182,12 @@ PHPAPI void php_register_variable_ex(cha
if (!index) {
MAKE_STD_ZVAL(gpc_element);
array_init(gpc_element);
- zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
+ if (zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p) == FAILURE) {
+ zval_ptr_dtor(&gpc_element);
+ zval_dtor(val);
+ efree(var_orig);
+ return;
+ }
} else {
if (PG(magic_quotes_gpc)) {
escaped_index = php_addslashes(index, index_len, &index_len, 0 TSRMLS_CC);
@@ -198,6 +203,13 @@ PHPAPI void php_register_variable_ex(cha
MAKE_STD_ZVAL(gpc_element);
array_init(gpc_element);
zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
+ } else {
+ if (index != escaped_index) {
+ efree(escaped_index);
+ }
+ zval_dtor(val);
+ efree(var_orig);
+ return;
}
}
if (index != escaped_index) {
@@ -223,7 +235,9 @@ plain_var:
gpc_element->value = val->value;
Z_TYPE_P(gpc_element) = Z_TYPE_P(val);
if (!index) {
- zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
+ if (zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p) == FAILURE) {
+ zval_ptr_dtor(&gpc_element);
+ }
} else {
if (PG(magic_quotes_gpc)) {
escaped_index = php_addslashes(index, index_len, &index_len, 0 TSRMLS_CC);