diff options
author | taca <taca> | 2012-02-02 16:19:44 +0000 |
---|---|---|
committer | taca <taca> | 2012-02-02 16:19:44 +0000 |
commit | 7b1f8f440dd6f7ae53115dd0bb9191c4fd67e75c (patch) | |
tree | 4aa9c76a888d80af0b24bf27376b97f0ed833647 /lang/php53 | |
parent | 050f00cb5441c6082dd5454323d265d15d43243a (diff) | |
download | pkgsrc-7b1f8f440dd6f7ae53115dd0bb9191c4fd67e75c.tar.gz |
And more fix for memory leaks by revision 323013 from PHP's repository.
Hopefully, these 18 minutes is allowed to avoid to PKGREVISION bump.
Diffstat (limited to 'lang/php53')
-rw-r--r-- | lang/php53/distinfo | 4 | ||||
-rw-r--r-- | lang/php53/patches/patch-main_php__variables.c | 39 |
2 files changed, 37 insertions, 6 deletions
diff --git a/lang/php53/distinfo b/lang/php53/distinfo index b8e2c5a28e0..c196d28dbeb 100644 --- a/lang/php53/distinfo +++ b/lang/php53/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.33 2012/02/02 16:00:40 taca Exp $ +$NetBSD: distinfo,v 1.34 2012/02/02 16:19:44 taca Exp $ SHA1 (php-5.3.9/php-5.3.9.tar.bz2) = fe0626735c3d9dd370cef9bdcfe9506629449f51 RMD160 (php-5.3.9/php-5.3.9.tar.bz2) = 428ed51982637f092c43369cf5cfb284d58da3f6 @@ -17,6 +17,6 @@ SHA1 (patch-ah) = b20c29c64b3099f77855a5ec28960dc1c4f65c83 SHA1 (patch-ai) = d4766893a2c47a4e4a744248dda265b0a9a66a1f SHA1 (patch-aj) = d611d13fcc28c5d2b9e9586832ce4b8ae5707b48 SHA1 (patch-al) = fbbee5502e0cd1c47c6e7c15e0d54746414ec32e -SHA1 (patch-main_php__variables.c) = 2938bda56e51ddefd8b589035fc68ded9b83ab57 +SHA1 (patch-main_php__variables.c) = 94a3fe7d0c52bf98bf91666448bd5a629f25802d SHA1 (patch-main_streams_cast.c) = c169ccb73dc660e40eff9f9e168374f35eedadad SHA1 (patch-php__mssql.c) = b46c688ff2d8da33ca2f9beb0eb9182b6edf7e23 diff --git a/lang/php53/patches/patch-main_php__variables.c b/lang/php53/patches/patch-main_php__variables.c index e262dd0ecf6..3640a7cfc5f 100644 --- a/lang/php53/patches/patch-main_php__variables.c +++ b/lang/php53/patches/patch-main_php__variables.c @@ -1,19 +1,50 @@ -$NetBSD: patch-main_php__variables.c,v 1.3 2012/02/02 16:00:40 taca Exp $ +$NetBSD: patch-main_php__variables.c,v 1.4 2012/02/02 16:19:44 taca Exp $ -Fix for "Critical PHP Remote Vulnerability Introduced in Fix for PHP Hashtable -Collision DOS" by revision 323007 from PHP's repository. +* Fix for "Critical PHP Remote Vulnerability Introduced in Fix for PHP Hashtable + Collision DOS" by revision 323007 from PHP's repository. http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/ +* And more fix for memory leaks by revision 323013 from PHP's repository. + --- main/php_variables.c.orig 2012-01-01 13:15:04.000000000 +0000 +++ main/php_variables.c -@@ -198,6 +198,9 @@ PHPAPI void php_register_variable_ex(cha +@@ -182,7 +182,12 @@ PHPAPI void php_register_variable_ex(cha + if (!index) { + MAKE_STD_ZVAL(gpc_element); + array_init(gpc_element); +- zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); ++ if (zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p) == FAILURE) { ++ zval_ptr_dtor(&gpc_element); ++ zval_dtor(val); ++ efree(var_orig); ++ return; ++ } + } else { + if (PG(magic_quotes_gpc)) { + escaped_index = php_addslashes(index, index_len, &index_len, 0 TSRMLS_CC); +@@ -198,6 +203,13 @@ PHPAPI void php_register_variable_ex(cha MAKE_STD_ZVAL(gpc_element); array_init(gpc_element); zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); + } else { ++ if (index != escaped_index) { ++ efree(escaped_index); ++ } ++ zval_dtor(val); + efree(var_orig); + return; } } if (index != escaped_index) { +@@ -223,7 +235,9 @@ plain_var: + gpc_element->value = val->value; + Z_TYPE_P(gpc_element) = Z_TYPE_P(val); + if (!index) { +- zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); ++ if (zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p) == FAILURE) { ++ zval_ptr_dtor(&gpc_element); ++ } + } else { + if (PG(magic_quotes_gpc)) { + escaped_index = php_addslashes(index, index_len, &index_len, 0 TSRMLS_CC); |