diff options
| author | Armin Kuster <akuster@mvista.com> | 2016-02-01 08:30:05 -0800 |
|---|---|---|
| committer | Martin Jansa <Martin.Jansa@gmail.com> | 2016-02-10 15:08:20 +0100 |
| commit | 889258fd3af69424edbb623a1ee11b6b8b5fc553 (patch) | |
| tree | 805b2a64e5287149f2110147ab7ca1f6a08dc7d8 /meta-oe/recipes-devtools/php/php-5.6.12 | |
| parent | 4fecce0035001e8d5a3176032732de739e61fac0 (diff) | |
| download | meta-openembedded-889258fd3af69424edbb623a1ee11b6b8b5fc553.tar.gz | |
php: Security fix CVE-2015-7804
CVE-2015-7804 php: uninitialized pointer in phar_make_dirstream()
Signed-off-by: Armin Kuster <akuster@mvista.com>
Diffstat (limited to 'meta-oe/recipes-devtools/php/php-5.6.12')
| -rw-r--r-- | meta-oe/recipes-devtools/php/php-5.6.12/CVE-2015-7804.patch | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/meta-oe/recipes-devtools/php/php-5.6.12/CVE-2015-7804.patch b/meta-oe/recipes-devtools/php/php-5.6.12/CVE-2015-7804.patch new file mode 100644 index 000000000..a159ac24d --- /dev/null +++ b/meta-oe/recipes-devtools/php/php-5.6.12/CVE-2015-7804.patch | |||
| @@ -0,0 +1,64 @@ | |||
| 1 | From e78ac461dbefb7c4a3e9fde78d50fbc56b7b0183 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Stanislav Malyshev <stas@php.net> | ||
| 3 | Date: Mon, 28 Sep 2015 17:12:35 -0700 | ||
| 4 | Subject: [PATCH] FIx bug #70433 - Uninitialized pointer in phar_make_dirstream | ||
| 5 | when zip entry filename is "/" | ||
| 6 | |||
| 7 | Upstream-Status: Backport | ||
| 8 | |||
| 9 | https://git.php.net/?p=php-src.git;a=patch;h=e78ac461dbefb7c4a3e9fde78d50fbc56b7b0183 | ||
| 10 | |||
| 11 | excluded the zip part of the original patch. Hand applied dirstream change | ||
| 12 | |||
| 13 | CVE: CVE-2015-7804 | ||
| 14 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
| 15 | |||
| 16 | --- | ||
| 17 | ext/phar/dirstream.c | 2 +- | ||
| 18 | ext/phar/tests/bug70433.phpt | 23 +++++++++++++++++++++++ | ||
| 19 | ext/phar/tests/bug70433.zip | Bin 0 -> 264 bytes | ||
| 20 | 3 files changed, 24 insertions(+), 1 deletion(-) | ||
| 21 | create mode 100644 ext/phar/tests/bug70433.phpt | ||
| 22 | create mode 100755 ext/phar/tests/bug70433.zip | ||
| 23 | |||
| 24 | Index: php-5.6.12/ext/phar/dirstream.c | ||
| 25 | =================================================================== | ||
| 26 | --- php-5.6.12.orig/ext/phar/dirstream.c | ||
| 27 | +++ php-5.6.12/ext/phar/dirstream.c | ||
| 28 | @@ -198,7 +198,7 @@ static php_stream *phar_make_dirstream(c | ||
| 29 | zend_hash_internal_pointer_reset(manifest); | ||
| 30 | |||
| 31 | while (FAILURE != zend_hash_has_more_elements(manifest)) { | ||
| 32 | - if (HASH_KEY_NON_EXISTENT == zend_hash_get_current_key_ex(manifest, &str_key, &keylen, &unused, 0, NULL)) { | ||
| 33 | + if (HASH_KEY_IS_STRING != zend_hash_get_current_key_ex(manifest, &str_key, &keylen, &unused, 0, NULL)) { | ||
| 34 | break; | ||
| 35 | } | ||
| 36 | |||
| 37 | Index: php-5.6.12/ext/phar/tests/bug70433.phpt | ||
| 38 | =================================================================== | ||
| 39 | --- /dev/null | ||
| 40 | +++ php-5.6.12/ext/phar/tests/bug70433.phpt | ||
| 41 | @@ -0,0 +1,23 @@ | ||
| 42 | +--TEST-- | ||
| 43 | +Phar - bug #70433 - Uninitialized pointer in phar_make_dirstream when zip entry filename is "/" | ||
| 44 | +--SKIPIF-- | ||
| 45 | +<?php if (!extension_loaded("phar")) die("skip"); ?> | ||
| 46 | +--FILE-- | ||
| 47 | +<?php | ||
| 48 | +$phar = new PharData(__DIR__."/bug70433.zip"); | ||
| 49 | +var_dump($phar); | ||
| 50 | +$meta = $phar->getMetadata(); | ||
| 51 | +var_dump($meta); | ||
| 52 | +?> | ||
| 53 | +DONE | ||
| 54 | +--EXPECTF-- | ||
| 55 | +object(PharData)#1 (3) { | ||
| 56 | + ["pathName":"SplFileInfo":private]=> | ||
| 57 | + string(0) "" | ||
| 58 | + ["glob":"DirectoryIterator":private]=> | ||
| 59 | + bool(false) | ||
| 60 | + ["subPathName":"RecursiveDirectoryIterator":private]=> | ||
| 61 | + string(0) "" | ||
| 62 | +} | ||
| 63 | +NULL | ||
| 64 | +DONE | ||