diff options
author | Armin Kuster <akuster@mvista.com> | 2016-02-07 11:27:58 -0800 |
---|---|---|
committer | Martin Jansa <Martin.Jansa@gmail.com> | 2016-02-08 14:13:39 +0100 |
commit | 7cb8c764e73692adb501cbb76e72ef3373fc74c2 (patch) | |
tree | f72bcb37f5652db82b31a23c1f14980dabf71a99 | |
parent | 40eed80072184c747ec5823661054e5a2bb9c170 (diff) | |
download | meta-openembedded-7cb8c764e73692adb501cbb76e72ef3373fc74c2.tar.gz |
php: Security fix CVE-2015-7804
CVE-2015-7804 php: uninitialized pointer in phar_make_dirstream()
Signed-off-by: Armin Kuster <akuster@mvista.com>
-rw-r--r-- | meta-oe/recipes-devtools/php/php/CVE-2015-7804.patch | 62 | ||||
-rw-r--r-- | meta-oe/recipes-devtools/php/php_5.5.21.bb | 1 |
2 files changed, 63 insertions, 0 deletions
diff --git a/meta-oe/recipes-devtools/php/php/CVE-2015-7804.patch b/meta-oe/recipes-devtools/php/php/CVE-2015-7804.patch new file mode 100644 index 000000000..ad211a373 --- /dev/null +++ b/meta-oe/recipes-devtools/php/php/CVE-2015-7804.patch | |||
@@ -0,0 +1,62 @@ | |||
1 | From e78ac461dbefb7c4a3e9fde78d50fbc56b7b0183 Mon Sep 17 00:00:00 2001 | ||
2 | From: Stanislav Malyshev <stas@php.net> | ||
3 | Date: Mon, 28 Sep 2015 17:12:35 -0700 | ||
4 | Subject: [PATCH] FIx bug #70433 - Uninitialized pointer in phar_make_dirstream | ||
5 | when zip entry filename is "/" | ||
6 | |||
7 | Upstream-status: Backport | ||
8 | |||
9 | https://git.php.net/?p=php-src.git;a=patch;h=e78ac461dbefb7c4a3e9fde78d50fbc56b7b0183 | ||
10 | |||
11 | CVE: CVE-2015-7804 | ||
12 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
13 | |||
14 | --- | ||
15 | ext/phar/dirstream.c | 2 +- | ||
16 | ext/phar/tests/bug70433.phpt | 23 +++++++++++++++++++++++ | ||
17 | ext/phar/tests/bug70433.zip | Bin 0 -> 264 bytes | ||
18 | 3 files changed, 24 insertions(+), 1 deletion(-) | ||
19 | create mode 100644 ext/phar/tests/bug70433.phpt | ||
20 | create mode 100755 ext/phar/tests/bug70433.zip | ||
21 | |||
22 | Index: php-5.5.21/ext/phar/dirstream.c | ||
23 | =================================================================== | ||
24 | --- php-5.5.21.orig/ext/phar/dirstream.c | ||
25 | +++ php-5.5.21/ext/phar/dirstream.c | ||
26 | @@ -207,7 +207,7 @@ static php_stream *phar_make_dirstream(c | ||
27 | zend_hash_internal_pointer_reset(manifest); | ||
28 | |||
29 | while (FAILURE != zend_hash_has_more_elements(manifest)) { | ||
30 | - if (HASH_KEY_NON_EXISTENT == zend_hash_get_current_key_ex(manifest, &key, &keylen, &unused, 0, NULL)) { | ||
31 | + if (HASH_KEY_IS_STRING != zend_hash_get_current_key_ex(manifest, &key, &keylen, &unused, 0, NULL)) { | ||
32 | break; | ||
33 | } | ||
34 | |||
35 | Index: php-5.5.21/ext/phar/tests/bug70433.phpt | ||
36 | =================================================================== | ||
37 | --- /dev/null | ||
38 | +++ php-5.5.21/ext/phar/tests/bug70433.phpt | ||
39 | @@ -0,0 +1,23 @@ | ||
40 | +--TEST-- | ||
41 | +Phar - bug #70433 - Uninitialized pointer in phar_make_dirstream when zip entry filename is "/" | ||
42 | +--SKIPIF-- | ||
43 | +<?php if (!extension_loaded("phar")) die("skip"); ?> | ||
44 | +--FILE-- | ||
45 | +<?php | ||
46 | +$phar = new PharData(__DIR__."/bug70433.zip"); | ||
47 | +var_dump($phar); | ||
48 | +$meta = $phar->getMetadata(); | ||
49 | +var_dump($meta); | ||
50 | +?> | ||
51 | +DONE | ||
52 | +--EXPECTF-- | ||
53 | +object(PharData)#1 (3) { | ||
54 | + ["pathName":"SplFileInfo":private]=> | ||
55 | + string(0) "" | ||
56 | + ["glob":"DirectoryIterator":private]=> | ||
57 | + bool(false) | ||
58 | + ["subPathName":"RecursiveDirectoryIterator":private]=> | ||
59 | + string(0) "" | ||
60 | +} | ||
61 | +NULL | ||
62 | +DONE | ||
diff --git a/meta-oe/recipes-devtools/php/php_5.5.21.bb b/meta-oe/recipes-devtools/php/php_5.5.21.bb index 3582b457e..ed286d6a8 100644 --- a/meta-oe/recipes-devtools/php/php_5.5.21.bb +++ b/meta-oe/recipes-devtools/php/php_5.5.21.bb | |||
@@ -15,6 +15,7 @@ SRC_URI = "http://php.net/distributions/php-${PV}.tar.bz2 \ | |||
15 | file://0001-php-don-t-use-broken-wrapper-for-mkdir.patch \ | 15 | file://0001-php-don-t-use-broken-wrapper-for-mkdir.patch \ |
16 | file://0001-acinclude-use-pkgconfig-for-libxml2-config.patch \ | 16 | file://0001-acinclude-use-pkgconfig-for-libxml2-config.patch \ |
17 | file://CVE-2015-7803.patch \ | 17 | file://CVE-2015-7803.patch \ |
18 | file://CVE-2015-7804.patch \ | ||
18 | " | 19 | " |
19 | 20 | ||
20 | SRC_URI_append_class-target += " \ | 21 | SRC_URI_append_class-target += " \ |