diff options
author | taca <taca> | 2012-02-02 16:00:40 +0000 |
---|---|---|
committer | taca <taca> | 2012-02-02 16:00:40 +0000 |
commit | 185106c01aa585e9c9ff6acff7f726f521445c5b (patch) | |
tree | b1d43e5de9e30d36e04470c829e0e39821715d49 /lang/php53/patches | |
parent | 3f283958c312b7ee8600bc0c1b4d3e5f5c6341eb (diff) | |
download | pkgsrc-185106c01aa585e9c9ff6acff7f726f521445c5b.tar.gz |
Add fix for "Critical PHP Remote Vulnerability Introduced in Fix for PHP
Hashtable Collision DOS" by revision 323007 from PHP's repository.
http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/
Bump PKGREVISION.
Diffstat (limited to 'lang/php53/patches')
-rw-r--r-- | lang/php53/patches/patch-main_php__variables.c | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/lang/php53/patches/patch-main_php__variables.c b/lang/php53/patches/patch-main_php__variables.c new file mode 100644 index 00000000000..e262dd0ecf6 --- /dev/null +++ b/lang/php53/patches/patch-main_php__variables.c @@ -0,0 +1,19 @@ +$NetBSD: patch-main_php__variables.c,v 1.3 2012/02/02 16:00:40 taca Exp $ + +Fix for "Critical PHP Remote Vulnerability Introduced in Fix for PHP Hashtable +Collision DOS" by revision 323007 from PHP's repository. + +http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/ + +--- main/php_variables.c.orig 2012-01-01 13:15:04.000000000 +0000 ++++ main/php_variables.c +@@ -198,6 +198,9 @@ PHPAPI void php_register_variable_ex(cha + MAKE_STD_ZVAL(gpc_element); + array_init(gpc_element); + zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); ++ } else { ++ efree(var_orig); ++ return; + } + } + if (index != escaped_index) { |