diff options
author | Changqing Li <changqing.li@windriver.com> | 2018-08-21 14:01:20 +0800 |
---|---|---|
committer | Khem Raj <raj.khem@gmail.com> | 2018-08-21 00:22:12 -0700 |
commit | 0d59551c9515e1dafea2af84a77246f06f8b50c3 (patch) | |
tree | 730ccecbb8ee9475baee82dddd88aa8777bde892 /meta-oe | |
parent | 7c819ae30dd228df2901ab3b95e2124f22204f9e (diff) | |
download | meta-openembedded-contrib-0d59551c9515e1dafea2af84a77246f06f8b50c3.tar.gz |
php: fix CVE-2017-9120
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Diffstat (limited to 'meta-oe')
-rw-r--r-- | meta-oe/recipes-devtools/php/php/CVE-2017-9120.patch | 21 | ||||
-rw-r--r-- | meta-oe/recipes-devtools/php/php_7.2.8.bb | 1 |
2 files changed, 22 insertions, 0 deletions
diff --git a/meta-oe/recipes-devtools/php/php/CVE-2017-9120.patch b/meta-oe/recipes-devtools/php/php/CVE-2017-9120.patch new file mode 100644 index 0000000000..728f25bb6e --- /dev/null +++ b/meta-oe/recipes-devtools/php/php/CVE-2017-9120.patch @@ -0,0 +1,21 @@ +php: patch for CVE-2017-9120 + +Upstream-Status: Backport [https://bugs.php.net/bug.php?id=74544] + +CVE: CVE-2017-9120 + +Signed-off-by: Changqing Li <changqing.li@windriver.com> + +diff --git a/ext/mysqli/mysqli_api.c b/ext/mysqli/mysqli_api.c +index 03a39d7..7b88731 100644 +--- a/ext/mysqli/mysqli_api.c ++++ b/ext/mysqli/mysqli_api.c +@@ -1965,7 +1965,7 @@ PHP_FUNCTION(mysqli_real_escape_string) { + } + MYSQLI_FETCH_RESOURCE_CONN(mysql, mysql_link, MYSQLI_STATUS_VALID); + +- newstr = zend_string_alloc(2 * escapestr_len, 0); ++ newstr = zend_string_safe_alloc(2, escapestr_len, 0, 0); + ZSTR_LEN(newstr) = mysql_real_escape_string(mysql->mysql, ZSTR_VAL(newstr), escapestr, escapestr_len); + newstr = zend_string_truncate(newstr, ZSTR_LEN(newstr), 0); + diff --git a/meta-oe/recipes-devtools/php/php_7.2.8.bb b/meta-oe/recipes-devtools/php/php_7.2.8.bb index e8cb7fd34b..2a7937ed69 100644 --- a/meta-oe/recipes-devtools/php/php_7.2.8.bb +++ b/meta-oe/recipes-devtools/php/php_7.2.8.bb @@ -5,6 +5,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=67e369bc8d1f2e641236b8002039a6a2" SRC_URI += "file://change-AC_TRY_RUN-to-AC_TRY_LINK.patch \ file://0001-acinclude.m4-skip-binconfig-check-for-libxml.patch \ file://0001-fix-error-caused-by-a-new-variable-is-declared-after.patch \ + file://CVE-2017-9120.patch \ " SRC_URI_append_class-target = " \ file://pear-makefile.patch \ |