diff options
| author | Hitendra Prajapati <hprajapati@mvista.com> | 2023-11-21 10:37:27 +0530 |
|---|---|---|
| committer | Armin Kuster <akuster808@gmail.com> | 2023-12-17 15:36:42 -0500 |
| commit | db0a8862fc79aedab7046e978f5c7abb5157319f (patch) | |
| tree | ec6e9af052d92b04e4bb1799273cd66cf822b947 | |
| parent | 57e58dc62fa5cc819bdfc2971898b8aa443fef29 (diff) | |
| download | meta-openembedded-db0a8862fc79aedab7046e978f5c7abb5157319f.tar.gz | |
php: CVE-2022-4900 fix potential buffer overflow
Upstream-Status: Backport from https://github.com/php/php-src/commit/789a37f14405e2d1a05a76c9fb4ed2d49d4580d5
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
| -rw-r--r-- | meta-oe/recipes-devtools/php/php/CVE-2022-4900.patch | 48 | ||||
| -rw-r--r-- | meta-oe/recipes-devtools/php/php_7.4.33.bb | 1 |
2 files changed, 49 insertions, 0 deletions
diff --git a/meta-oe/recipes-devtools/php/php/CVE-2022-4900.patch b/meta-oe/recipes-devtools/php/php/CVE-2022-4900.patch new file mode 100644 index 000000000..4bfd94c9f --- /dev/null +++ b/meta-oe/recipes-devtools/php/php/CVE-2022-4900.patch | |||
| @@ -0,0 +1,48 @@ | |||
| 1 | From 789a37f14405e2d1a05a76c9fb4ed2d49d4580d5 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: guoyiyuan <yguoaz@gmail.com> | ||
| 3 | Date: Wed, 13 Jul 2022 20:55:51 +0800 | ||
| 4 | Subject: [PATCH] Prevent potential buffer overflow for large value of | ||
| 5 | php_cli_server_workers_max | ||
| 6 | |||
| 7 | Fixes #8989. | ||
| 8 | Closes #9000 | ||
| 9 | |||
| 10 | Upstream-Status: Backport [https://github.com/php/php-src/commit/789a37f14405e2d1a05a76c9fb4ed2d49d4580d5] | ||
| 11 | CVE: CVE-2022-4900 | ||
| 12 | Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> | ||
| 13 | --- | ||
| 14 | sapi/cli/php_cli_server.c | 11 +++-------- | ||
| 15 | 1 file changed, 3 insertions(+), 8 deletions(-) | ||
| 16 | |||
| 17 | diff --git a/sapi/cli/php_cli_server.c b/sapi/cli/php_cli_server.c | ||
| 18 | index c3097861..48f8309d 100644 | ||
| 19 | --- a/sapi/cli/php_cli_server.c | ||
| 20 | +++ b/sapi/cli/php_cli_server.c | ||
| 21 | @@ -517,13 +517,8 @@ static int sapi_cli_server_startup(sapi_module_struct *sapi_module) /* {{{ */ | ||
| 22 | if (php_cli_server_workers_max > 1) { | ||
| 23 | zend_long php_cli_server_worker; | ||
| 24 | |||
| 25 | - php_cli_server_workers = calloc( | ||
| 26 | - php_cli_server_workers_max, sizeof(pid_t)); | ||
| 27 | - if (!php_cli_server_workers) { | ||
| 28 | - php_cli_server_workers_max = 1; | ||
| 29 | - | ||
| 30 | - return SUCCESS; | ||
| 31 | - } | ||
| 32 | + php_cli_server_workers = pecalloc( | ||
| 33 | + php_cli_server_workers_max, sizeof(pid_t), 1); | ||
| 34 | |||
| 35 | php_cli_server_master = getpid(); | ||
| 36 | |||
| 37 | @@ -2361,7 +2356,7 @@ static void php_cli_server_dtor(php_cli_server *server) /* {{{ */ | ||
| 38 | !WIFSIGNALED(php_cli_server_worker_status)); | ||
| 39 | } | ||
| 40 | |||
| 41 | - free(php_cli_server_workers); | ||
| 42 | + pefree(php_cli_server_workers, 1); | ||
| 43 | } | ||
| 44 | #endif | ||
| 45 | } /* }}} */ | ||
| 46 | -- | ||
| 47 | 2.25.1 | ||
| 48 | |||
diff --git a/meta-oe/recipes-devtools/php/php_7.4.33.bb b/meta-oe/recipes-devtools/php/php_7.4.33.bb index 2a82d62ca..74606e488 100644 --- a/meta-oe/recipes-devtools/php/php_7.4.33.bb +++ b/meta-oe/recipes-devtools/php/php_7.4.33.bb | |||
| @@ -17,6 +17,7 @@ SRC_URI = "http://php.net/distributions/php-${PV}.tar.bz2 \ | |||
| 17 | file://0001-configure.ac-don-t-include-build-libtool.m4.patch \ | 17 | file://0001-configure.ac-don-t-include-build-libtool.m4.patch \ |
| 18 | file://0001-php.m4-don-t-unset-cache-variables.patch \ | 18 | file://0001-php.m4-don-t-unset-cache-variables.patch \ |
| 19 | file://CVE-2023-3824.patch \ | 19 | file://CVE-2023-3824.patch \ |
| 20 | file://CVE-2022-4900.patch \ | ||
| 20 | " | 21 | " |
| 21 | 22 | ||
| 22 | SRC_URI_append_class-target = " \ | 23 | SRC_URI_append_class-target = " \ |