diff options
author | Thiruvadi Rajaraman <trajaraman@mvista.com> | 2017-06-15 15:48:08 +0530 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2017-11-16 15:28:50 -0800 |
commit | e76c1874456c8f131a8104d1359befd24a19036a (patch) | |
tree | 727a58f6ecc4d44643c3155ab3cbc34ef3d64c12 | |
parent | d3af620af497f17b9ac2723e7ff895689ae7a8c9 (diff) | |
download | meta-openembedded-contrib-e76c1874456c8f131a8104d1359befd24a19036a.tar.gz |
php: CVE-2016-9935 fix
Source: http://git.php.net/repository/php-src.git
MR: 70057
Type: Security Fix
Disposition: Backport from php-5.6.30-RC1
ChangeID: e1e263d511f28c9d986f1adb193b0c5eb4c0cceb
Description:
Fixed the Memory leak due to invalid wddx stack processing.
Author: Stanislav Malyshev <stas@php.net>
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r-- | meta-oe/recipes-devtools/php/php-5.6.26/CVE-2016-9935.patch | 52 | ||||
-rw-r--r-- | meta-oe/recipes-devtools/php/php_5.6.26.bb | 1 |
2 files changed, 53 insertions, 0 deletions
diff --git a/meta-oe/recipes-devtools/php/php-5.6.26/CVE-2016-9935.patch b/meta-oe/recipes-devtools/php/php-5.6.26/CVE-2016-9935.patch new file mode 100644 index 0000000000..109abb7136 --- /dev/null +++ b/meta-oe/recipes-devtools/php/php-5.6.26/CVE-2016-9935.patch @@ -0,0 +1,52 @@ +commit 266ecb6d0a1ab5a37b4d652ca774a8adc4b06578 +Author: Stanislav Malyshev <stas@php.net> +Date: Mon Dec 5 21:40:55 2016 -0800 + + Fix bug #73631 - Invalid read when wddx decodes empty boolean element + +Upstream-status: Backport + +CVE: CVE-2016-9935 +Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> + +Index: php-5.6.26/ext/wddx/tests/bug73631.phpt +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ php-5.6.26/ext/wddx/tests/bug73631.phpt 2017-06-15 15:31:17.362351353 +0530 +@@ -0,0 +1,20 @@ ++--TEST-- ++Bug #73631 (Memory leak due to invalid wddx stack processing) ++--SKIPIF-- ++<?php if (!extension_loaded("wddx")) print "skip"; ?> ++--FILE-- ++<?php ++$xml = <<<EOF ++<?xml version="1.0" ?> ++<wddxPacket version="1.0"> ++<number>1234</number> ++<binary><boolean/></binary> ++</wddxPacket> ++EOF; ++$wddx = wddx_deserialize($xml); ++var_dump($wddx); ++?> ++--EXPECTF-- ++int(1234) ++ ++ +Index: php-5.6.26/ext/wddx/wddx.c +=================================================================== +--- php-5.6.26.orig/ext/wddx/wddx.c 2017-06-15 15:31:17.306351351 +0530 ++++ php-5.6.26/ext/wddx/wddx.c 2017-06-15 15:31:17.362351353 +0530 +@@ -812,6 +812,11 @@ + php_wddx_process_data(user_data, atts[i+1], strlen(atts[i+1])); + break; + } ++ } else { ++ ent.type = ST_BOOLEAN; ++ SET_STACK_VARNAME; ++ ZVAL_FALSE(&ent.data); ++ wddx_stack_push((wddx_stack *)stack, &ent, sizeof(st_entry)); + } + } else if (!strcmp(name, EL_NULL)) { + ent.type = ST_NULL; diff --git a/meta-oe/recipes-devtools/php/php_5.6.26.bb b/meta-oe/recipes-devtools/php/php_5.6.26.bb index 073d873bd8..741c825b94 100644 --- a/meta-oe/recipes-devtools/php/php_5.6.26.bb +++ b/meta-oe/recipes-devtools/php/php_5.6.26.bb @@ -5,6 +5,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=b602636d46a61c0ac0432bbf5c078fe4" SRC_URI += "file://change-AC_TRY_RUN-to-AC_TRY_LINK.patch \ file://CVE-2016-9137.patch \ file://CVE-2016-9934.patch \ + file://CVE-2016-9935.patch \ " SRC_URI[md5sum] = "cb424b705cfb715fc04f499f8a8cf52e" SRC_URI[sha256sum] = "d47aab8083a4284b905777e1b45dd7735adc53be827b29f896684750ac8b6236" |