1 files changed, 29 insertions, 0 deletions

diff --git a/meta-oe/recipes-devtools/php/php/CVE-2023-3247-2.patch b/meta-oe/recipes-devtools/php/php/CVE-2023-3247-2.patch
new file mode 100644
index 0000000000..80c1961aa1
--- /dev/null
+++ b/meta-oe/recipes-devtools/php/php/CVE-2023-3247-2.patch
@@ -0,0 +1,29 @@
+From 32c7c433ac1983c4497349051681a4f361d3d33e Mon Sep 17 00:00:00 2001
+From: Pierrick Charron <pierrick@php.net>
+Date: Tue, 6 Jun 2023 18:49:32 -0400
+Subject: [PATCH] Fix wrong backporting of previous soap patch
+
+Upstream-Status: Backport [https://github.com/php/php-src/commit/32c7c433ac1983c4497349051681a4f361d3d33e]
+CVE: CVE-2023-3247
+Signed-off-by: Ashish Sharma <asharma@mvista.com>
+
+ ext/soap/php_http.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/ext/soap/php_http.c b/ext/soap/php_http.c
+index 77ed21d4f0f4..37250a6bdcd1 100644
+--- a/ext/soap/php_http.c
++++ b/ext/soap/php_http.c
+@@ -672,9 +672,9 @@ int make_http_soap_request(zval        *this_ptr,
+ 					if (UNEXPECTED(php_random_bytes_throw(&nonce, sizeof(nonce)) != SUCCESS)) {
+ 						ZEND_ASSERT(EG(exception));
+ 						php_stream_close(stream);
+-						convert_to_null(Z_CLIENT_HTTPURL_P(this_ptr));
+-						convert_to_null(Z_CLIENT_HTTPSOCKET_P(this_ptr));
+-						convert_to_null(Z_CLIENT_USE_PROXY_P(this_ptr));
++						zend_hash_str_del(Z_OBJPROP_P(this_ptr), "httpurl", sizeof("httpurl")-1);
++						zend_hash_str_del(Z_OBJPROP_P(this_ptr), "httpsocket", sizeof("httpsocket")-1);
++						zend_hash_str_del(Z_OBJPROP_P(this_ptr), "_use_proxy", sizeof("_use_proxy")-1);
+ 						smart_str_free(&soap_headers_z);
+ 						smart_str_free(&soap_headers);
+ 						return FALSE;