diff options
author | Felix Yan | 2015-07-23 19:55:08 +0800 |
---|---|---|
committer | Felix Yan | 2015-07-23 19:55:08 +0800 |
commit | 46328e7f9a997f2080d9b01ea32910302ca1fbb2 (patch) | |
tree | ab71f43b4093ed44f201782a09e3b55a9aea3e32 /CVE-2015-2787.patch | |
download | aur-46328e7f9a997f2080d9b01ea32910302ca1fbb2.tar.gz |
addpkg: php53 5.3.29-4
Diffstat (limited to 'CVE-2015-2787.patch')
-rw-r--r-- | CVE-2015-2787.patch | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/CVE-2015-2787.patch b/CVE-2015-2787.patch new file mode 100644 index 000000000000..141c56a879b1 --- /dev/null +++ b/CVE-2015-2787.patch @@ -0,0 +1,29 @@ +Description: fix arbitrary code exection via process_nested_data use-after-free +Origin: backport, https://github.com/php/php-src/commit/780222f97f47644a6a118ada86a269a96a1e8134 +Origin: backport, https://github.com/php/php-src/commit/d76b293ac71aa5bd4e9a433192afef6e0dd5a4ee +Bug: https://bugs.php.net/bug.php?id=68976 + +Index: php5-5.3.10/ext/standard/var_unserializer.c +=================================================================== +--- php5-5.3.10.orig/ext/standard/var_unserializer.c 2015-04-17 06:24:38.154295164 -0400 ++++ php5-5.3.10/ext/standard/var_unserializer.c 2015-04-17 06:24:38.154295164 -0400 +@@ -304,6 +304,7 @@ + zend_hash_update(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, &data, + sizeof data, NULL); + } ++ var_push_dtor(var_hash, &data); + + zval_dtor(key); + FREE_ZVAL(key); +Index: php5-5.3.10/ext/standard/var_unserializer.re +=================================================================== +--- php5-5.3.10.orig/ext/standard/var_unserializer.re 2015-04-17 06:24:38.154295164 -0400 ++++ php5-5.3.10/ext/standard/var_unserializer.re 2015-04-17 06:24:38.154295164 -0400 +@@ -310,6 +310,7 @@ + zend_hash_update(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, &data, + sizeof data, NULL); + } ++ var_push_dtor(var_hash, &data); + + zval_dtor(key); + FREE_ZVAL(key); |