aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorArmin Kuster <akuster@mvista.com>2016-02-01 08:30:05 -0800
committerMartin Jansa <Martin.Jansa@gmail.com>2016-02-10 15:08:20 +0100
commit889258fd3af69424edbb623a1ee11b6b8b5fc553 (patch)
tree805b2a64e5287149f2110147ab7ca1f6a08dc7d8
parent4fecce0035001e8d5a3176032732de739e61fac0 (diff)
downloadmeta-openembedded-contrib-889258fd3af69424edbb623a1ee11b6b8b5fc553.tar.gz
meta-openembedded-contrib-889258fd3af69424edbb623a1ee11b6b8b5fc553.tar.bz2
meta-openembedded-contrib-889258fd3af69424edbb623a1ee11b6b8b5fc553.zip
php: Security fix CVE-2015-7804
CVE-2015-7804 php: uninitialized pointer in phar_make_dirstream() Signed-off-by: Armin Kuster <akuster@mvista.com>
-rw-r--r--meta-oe/recipes-devtools/php/php-5.6.12/CVE-2015-7804.patch64
-rw-r--r--meta-oe/recipes-devtools/php/php_5.6.12.bb1
2 files changed, 65 insertions, 0 deletions
diff --git a/meta-oe/recipes-devtools/php/php-5.6.12/CVE-2015-7804.patch b/meta-oe/recipes-devtools/php/php-5.6.12/CVE-2015-7804.patch
new file mode 100644
index 0000000000..a159ac24d6
--- /dev/null
+++ b/meta-oe/recipes-devtools/php/php-5.6.12/CVE-2015-7804.patch
@@ -0,0 +1,64 @@
+From e78ac461dbefb7c4a3e9fde78d50fbc56b7b0183 Mon Sep 17 00:00:00 2001
+From: Stanislav Malyshev <stas@php.net>
+Date: Mon, 28 Sep 2015 17:12:35 -0700
+Subject: [PATCH] FIx bug #70433 - Uninitialized pointer in phar_make_dirstream
+ when zip entry filename is "/"
+
+Upstream-Status: Backport
+
+https://git.php.net/?p=php-src.git;a=patch;h=e78ac461dbefb7c4a3e9fde78d50fbc56b7b0183
+
+excluded the zip part of the original patch. Hand applied dirstream change
+
+CVE: CVE-2015-7804
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ ext/phar/dirstream.c | 2 +-
+ ext/phar/tests/bug70433.phpt | 23 +++++++++++++++++++++++
+ ext/phar/tests/bug70433.zip | Bin 0 -> 264 bytes
+ 3 files changed, 24 insertions(+), 1 deletion(-)
+ create mode 100644 ext/phar/tests/bug70433.phpt
+ create mode 100755 ext/phar/tests/bug70433.zip
+
+Index: php-5.6.12/ext/phar/dirstream.c
+===================================================================
+--- php-5.6.12.orig/ext/phar/dirstream.c
++++ php-5.6.12/ext/phar/dirstream.c
+@@ -198,7 +198,7 @@ static php_stream *phar_make_dirstream(c
+ zend_hash_internal_pointer_reset(manifest);
+
+ while (FAILURE != zend_hash_has_more_elements(manifest)) {
+- if (HASH_KEY_NON_EXISTENT == zend_hash_get_current_key_ex(manifest, &str_key, &keylen, &unused, 0, NULL)) {
++ if (HASH_KEY_IS_STRING != zend_hash_get_current_key_ex(manifest, &str_key, &keylen, &unused, 0, NULL)) {
+ break;
+ }
+
+Index: php-5.6.12/ext/phar/tests/bug70433.phpt
+===================================================================
+--- /dev/null
++++ php-5.6.12/ext/phar/tests/bug70433.phpt
+@@ -0,0 +1,23 @@
++--TEST--
++Phar - bug #70433 - Uninitialized pointer in phar_make_dirstream when zip entry filename is "/"
++--SKIPIF--
++<?php if (!extension_loaded("phar")) die("skip"); ?>
++--FILE--
++<?php
++$phar = new PharData(__DIR__."/bug70433.zip");
++var_dump($phar);
++$meta = $phar->getMetadata();
++var_dump($meta);
++?>
++DONE
++--EXPECTF--
++object(PharData)#1 (3) {
++ ["pathName":"SplFileInfo":private]=>
++ string(0) ""
++ ["glob":"DirectoryIterator":private]=>
++ bool(false)
++ ["subPathName":"RecursiveDirectoryIterator":private]=>
++ string(0) ""
++}
++NULL
++DONE
diff --git a/meta-oe/recipes-devtools/php/php_5.6.12.bb b/meta-oe/recipes-devtools/php/php_5.6.12.bb
index b25e812fc0..caa0867b01 100644
--- a/meta-oe/recipes-devtools/php/php_5.6.12.bb
+++ b/meta-oe/recipes-devtools/php/php_5.6.12.bb
@@ -2,6 +2,7 @@ require php.inc
SRC_URI += "file://change-AC_TRY_RUN-to-AC_TRY_LINK.patch \
file://CVE-2015-7803.patch \
+ file://CVE-2015-7804.patch \
"
SRC_URI[md5sum] = "4578dee9d979114610a444bee263ed9b"
SRC_URI[sha256sum] = "6f27104272af7b2a996f85e4100fac627630fbdaf39d7bd263f16cf529c8853a"