diff options
Diffstat (limited to 'CVE-2015-2301.patch')
-rw-r--r-- | CVE-2015-2301.patch | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/CVE-2015-2301.patch b/CVE-2015-2301.patch new file mode 100644 index 000000000000..bdeceaa67b24 --- /dev/null +++ b/CVE-2015-2301.patch @@ -0,0 +1,24 @@ +From b2cf3f064b8f5efef89bb084521b61318c71781b Mon Sep 17 00:00:00 2001 +From: Xinchen Hui <laruence@php.net> +Date: Thu, 29 Jan 2015 00:00:09 +0800 +Subject: [PATCH] Fixed bug #68901 (use after free) + +--- + NEWS | 3 +++ + ext/phar/phar_object.c | 2 +- + 2 files changed, 4 insertions(+), 1 deletion(-) + +Index: php5-5.3.10/ext/phar/phar_object.c +=================================================================== +--- php5-5.3.10.orig/ext/phar/phar_object.c 2015-03-16 13:56:47.878348393 -0400 ++++ php5-5.3.10/ext/phar/phar_object.c 2015-03-16 13:56:47.826347993 -0400 +@@ -2320,8 +2320,8 @@ + } + its_ok: + if (SUCCESS == php_stream_stat_path(newpath, &ssb)) { +- efree(oldpath); + zend_throw_exception_ex(spl_ce_BadMethodCallException, 0 TSRMLS_CC, "phar \"%s\" exists and must be unlinked prior to conversion", newpath); ++ efree(oldpath); + return NULL; + } + if (!phar->is_data) { |