php: Security fix CVE-2015-7804

CVE-2015-7804 php: uninitialized pointer in phar_make_dirstream() Signed-off-by: Armin Kuster <akuster@mvista.com>
author: Armin Kuster <akuster@mvista.com> 2016-02-07 11:27:58 -0800
committer: Martin Jansa <Martin.Jansa@gmail.com> 2016-02-08 14:13:39 +0100
commit: 7cb8c764e73692adb501cbb76e72ef3373fc74c2 (patch)
tree: f72bcb37f5652db82b31a23c1f14980dabf71a99 /meta-oe
parent: 40eed80072184c747ec5823661054e5a2bb9c170 (diff)
download: meta-openembedded-7cb8c764e73692adb501cbb76e72ef3373fc74c2.tar.gz
2 files changed, 63 insertions, 0 deletions
diff --git a/meta-oe/recipes-devtools/php/php/CVE-2015-7804.patch b/meta-oe/recipes-devtools/php/php/CVE-2015-7804.patch
new file mode 100644
index 0000000000..ad211a373e
--- /dev/null
+++ b/meta-oe/recipes-devtools/php/php/CVE-2015-7804.patch
@@ -0,0 +1,62 @@
+From e78ac461dbefb7c4a3e9fde78d50fbc56b7b0183 Mon Sep 17 00:00:00 2001
+From: Stanislav Malyshev <stas@php.net>
+Date: Mon, 28 Sep 2015 17:12:35 -0700
+Subject: [PATCH] FIx bug #70433 - Uninitialized pointer in phar_make_dirstream
+ when zip entry filename is "/"
+Upstream-status: Backport
+https://git.php.net/?p=php-src.git;a=patch;h=e78ac461dbefb7c4a3e9fde78d50fbc56b7b0183
+CVE: CVE-2015-7804
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+---
+ ext/phar/dirstream.c         |   2 +-
+ ext/phar/tests/bug70433.phpt |  23 +++++++++++++++++++++++
+ ext/phar/tests/bug70433.zip  | Bin 0 -> 264 bytes
+ 3 files changed, 24 insertions(+), 1 deletion(-)
+ create mode 100644 ext/phar/tests/bug70433.phpt
+ create mode 100755 ext/phar/tests/bug70433.zip
+Index: php-5.5.21/ext/phar/dirstream.c
+===================================================================
+--- php-5.5.21.orig/ext/phar/dirstream.c
+++ php-5.5.21/ext/phar/dirstream.c
+@@ -207,7 +207,7 @@ static php_stream *phar_make_dirstream(c
+        zend_hash_internal_pointer_reset(manifest);
+ 
+        while (FAILURE != zend_hash_has_more_elements(manifest)) {
+-               if (HASH_KEY_NON_EXISTENT == zend_hash_get_current_key_ex(manifest, &key, &keylen, &unused, 0, NULL)) {
+               if (HASH_KEY_IS_STRING != zend_hash_get_current_key_ex(manifest, &key, &keylen, &unused, 0, NULL)) {
+                        break;
+                }
+ 
+Index: php-5.5.21/ext/phar/tests/bug70433.phpt
+===================================================================
+--- /dev/null
+++ php-5.5.21/ext/phar/tests/bug70433.phpt
+@@ -0,0 +1,23 @@
+--TEST--
+Phar - bug #70433 - Uninitialized pointer in phar_make_dirstream when zip entry filename is "/"
+--SKIPIF--
+<?php if (!extension_loaded("phar")) die("skip"); ?>
+--FILE--
+<?php
+$phar = new PharData(__DIR__."/bug70433.zip");
+var_dump($phar);
+$meta = $phar->getMetadata();
+var_dump($meta);
+?>
+DONE
+--EXPECTF--
+object(PharData)#1 (3) {
+  ["pathName":"SplFileInfo":private]=>
+  string(0) ""
+  ["glob":"DirectoryIterator":private]=>
+  bool(false)
+  ["subPathName":"RecursiveDirectoryIterator":private]=>
+  string(0) ""
+}
+NULL
+DONE
diff --git a/meta-oe/recipes-devtools/php/php_5.5.21.bb b/meta-oe/recipes-devtools/php/php_5.5.21.bb
index 3582b457e5..ed286d6a89 100644
--- a/meta-oe/recipes-devtools/php/php_5.5.21.bb
+++ b/meta-oe/recipes-devtools/php/php_5.5.21.bb
@@ -15,6 +15,7 @@ SRC_URI = "http://php.net/distributions/php-${PV}.tar.bz2 \
           file://0001-php-don-t-use-broken-wrapper-for-mkdir.patch \
           file://0001-acinclude-use-pkgconfig-for-libxml2-config.patch \
           file://CVE-2015-7803.patch \
+           file://CVE-2015-7804.patch \
          "
 SRC_URI_append_class-target += " \
author	Armin Kuster <akuster@mvista.com>	2016-02-07 11:27:58 -0800
committer	Martin Jansa <Martin.Jansa@gmail.com>	2016-02-08 14:13:39 +0100
commit	7cb8c764e73692adb501cbb76e72ef3373fc74c2 (patch)
tree	f72bcb37f5652db82b31a23c1f14980dabf71a99 /meta-oe
parent	40eed80072184c747ec5823661054e5a2bb9c170 (diff)
download	meta-openembedded-7cb8c764e73692adb501cbb76e72ef3373fc74c2.tar.gz

diff --git a/meta-oe/recipes-devtools/php/php/CVE-2015-7804.patch b/meta-oe/recipes-devtools/php/php/CVE-2015-7804.patch new file mode 100644 index 0000000000..ad211a373e --- /dev/null +++ b/meta-oe/recipes-devtools/php/php/CVE-2015-7804.patch
@@ -0,0 +1,62 @@
		1	From e78ac461dbefb7c4a3e9fde78d50fbc56b7b0183 Mon Sep 17 00:00:00 2001
		2	From: Stanislav Malyshev <stas@php.net>
		3	Date: Mon, 28 Sep 2015 17:12:35 -0700
		4	Subject: [PATCH] FIx bug #70433 - Uninitialized pointer in phar_make_dirstream
		5	when zip entry filename is "/"
		6
		7	Upstream-status: Backport
		8
		9	https://git.php.net/?p=php-src.git;a=patch;h=e78ac461dbefb7c4a3e9fde78d50fbc56b7b0183
		10
		11	CVE: CVE-2015-7804
		12	Signed-off-by: Armin Kuster <akuster@mvista.com>
		13
		14	---
		15	ext/phar/dirstream.c \| 2 +-
		16	ext/phar/tests/bug70433.phpt \| 23 +++++++++++++++++++++++
		17	ext/phar/tests/bug70433.zip \| Bin 0 -> 264 bytes
		18	3 files changed, 24 insertions(+), 1 deletion(-)
		19	create mode 100644 ext/phar/tests/bug70433.phpt
		20	create mode 100755 ext/phar/tests/bug70433.zip
		21
		22	Index: php-5.5.21/ext/phar/dirstream.c
		23	===================================================================
		24	--- php-5.5.21.orig/ext/phar/dirstream.c
		25	+++ php-5.5.21/ext/phar/dirstream.c
		26	@@ -207,7 +207,7 @@ static php_stream *phar_make_dirstream(c
		27	zend_hash_internal_pointer_reset(manifest);
		28
		29	while (FAILURE != zend_hash_has_more_elements(manifest)) {
		30	- if (HASH_KEY_NON_EXISTENT == zend_hash_get_current_key_ex(manifest, &key, &keylen, &unused, 0, NULL)) {
		31	+ if (HASH_KEY_IS_STRING != zend_hash_get_current_key_ex(manifest, &key, &keylen, &unused, 0, NULL)) {
		32	break;
		33	}
		34
		35	Index: php-5.5.21/ext/phar/tests/bug70433.phpt
		36	===================================================================
		37	--- /dev/null
		38	+++ php-5.5.21/ext/phar/tests/bug70433.phpt
		39	@@ -0,0 +1,23 @@
		40	+--TEST--
		41	+Phar - bug #70433 - Uninitialized pointer in phar_make_dirstream when zip entry filename is "/"
		42	+--SKIPIF--
		43	+<?php if (!extension_loaded("phar")) die("skip"); ?>
		44	+--FILE--
		45	+<?php
		46	+$phar = new PharData(__DIR__."/bug70433.zip");
		47	+var_dump($phar);
		48	+$meta = $phar->getMetadata();
		49	+var_dump($meta);
		50	+?>
		51	+DONE
		52	+--EXPECTF--
		53	+object(PharData)#1 (3) {
		54	+ ["pathName":"SplFileInfo":private]=>
		55	+ string(0) ""
		56	+ ["glob":"DirectoryIterator":private]=>
		57	+ bool(false)
		58	+ ["subPathName":"RecursiveDirectoryIterator":private]=>
		59	+ string(0) ""
		60	+}
		61	+NULL
		62	+DONE


diff --git a/meta-oe/recipes-devtools/php/php_5.5.21.bb b/meta-oe/recipes-devtools/php/php_5.5.21.bb index 3582b457e5..ed286d6a89 100644 --- a/meta-oe/recipes-devtools/php/php_5.5.21.bb +++ b/meta-oe/recipes-devtools/php/php_5.5.21.bb
@@ -15,6 +15,7 @@ SRC_URI = "http://php.net/distributions/php-${PV}.tar.bz2 \
15	file://0001-php-don-t-use-broken-wrapper-for-mkdir.patch \	15	file://0001-php-don-t-use-broken-wrapper-for-mkdir.patch \
16	file://0001-acinclude-use-pkgconfig-for-libxml2-config.patch \	16	file://0001-acinclude-use-pkgconfig-for-libxml2-config.patch \
17	file://CVE-2015-7803.patch \	17	file://CVE-2015-7803.patch \
		18	file://CVE-2015-7804.patch \
18	"	19	"
19		20
20	SRC_URI_append_class-target += " \	21	SRC_URI_append_class-target += " \