diff options
author | taca <taca> | 2010-03-27 06:23:13 +0000 |
---|---|---|
committer | taca <taca> | 2010-03-27 06:23:13 +0000 |
commit | 94ed8047ff65b7fa89833d63859ef3526aa8a4bb (patch) | |
tree | 682f21a99948f55073de773b5defb39c360eb74b /lang/php53/patches | |
parent | 4765f5275a4421f704c09d807926221ceffc20b8 (diff) | |
download | pkgsrc-94ed8047ff65b7fa89833d63859ef3526aa8a4bb.tar.gz |
Add patch for php-xmlrpc to fix CVE-2010-0397 security problem.
These patch are created from r296152 and r296153 from svn from PHP.
Diffstat (limited to 'lang/php53/patches')
-rw-r--r-- | lang/php53/patches/patch-ak | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/lang/php53/patches/patch-ak b/lang/php53/patches/patch-ak new file mode 100644 index 00000000000..9b347870c1a --- /dev/null +++ b/lang/php53/patches/patch-ak @@ -0,0 +1,35 @@ +$NetBSD: patch-ak,v 1.1 2010/03/27 06:23:13 taca Exp $ + +Fix for CVE-2010-0397: r296152, r296153 from svn from PHP. + +--- ext/xmlrpc/xmlrpc-epi-php.c.orig 2010-02-03 20:19:05.000000000 +0000 ++++ ext/xmlrpc/xmlrpc-epi-php.c +@@ -778,6 +778,7 @@ zval* decode_request_worker(char *xml_in + zval* retval = NULL; + XMLRPC_REQUEST response; + STRUCT_XMLRPC_REQUEST_INPUT_OPTIONS opts = {{0}}; ++ const char *method_name; + opts.xml_elem_opts.encoding = encoding_in ? utf8_get_encoding_id_from_string(encoding_in) : ENCODING_DEFAULT; + + /* generate XMLRPC_REQUEST from raw xml */ +@@ -788,10 +789,16 @@ zval* decode_request_worker(char *xml_in + + if (XMLRPC_RequestGetRequestType(response) == xmlrpc_request_call) { + if (method_name_out) { +- zval_dtor(method_name_out); +- Z_TYPE_P(method_name_out) = IS_STRING; +- Z_STRVAL_P(method_name_out) = estrdup(XMLRPC_RequestGetMethodName(response)); +- Z_STRLEN_P(method_name_out) = strlen(Z_STRVAL_P(method_name_out)); ++ method_name = XMLRPC_RequestGetMethodName(response); ++ if (method_name) { ++ zval_dtor(method_name_out); ++ Z_TYPE_P(method_name_out) = IS_STRING; ++ Z_STRVAL_P(method_name_out) = estrdup(method_name); ++ Z_STRLEN_P(method_name_out) = strlen(Z_STRVAL_P(method_name_out)); ++ } else if (retval) { ++ zval_ptr_dtor(&retval); ++ retval = NULL; ++ } + } + } + |