summaryrefslogtreecommitdiff
path: root/lang/php5/patches/patch-be
diff options
context:
space:
mode:
Diffstat (limited to 'lang/php5/patches/patch-be')
-rw-r--r--lang/php5/patches/patch-be35
1 files changed, 35 insertions, 0 deletions
diff --git a/lang/php5/patches/patch-be b/lang/php5/patches/patch-be
new file mode 100644
index 00000000000..9f3c0d74373
--- /dev/null
+++ b/lang/php5/patches/patch-be
@@ -0,0 +1,35 @@
+$NetBSD: patch-be,v 1.1 2010/03/27 06:23:13 taca Exp $
+
+Fix for CVE-2010-0397: r296152, r296153 from svn from PHP.
+
+--- ext/xmlrpc/xmlrpc-epi-php.c.orig 2010-01-17 17:19:38.000000000 +0000
++++ ext/xmlrpc/xmlrpc-epi-php.c
+@@ -723,6 +723,7 @@ zval* decode_request_worker (zval* xml_i
+ zval* retval = NULL;
+ XMLRPC_REQUEST response;
+ STRUCT_XMLRPC_REQUEST_INPUT_OPTIONS opts = {{0}};
++ const char *method_name;
+ opts.xml_elem_opts.encoding = encoding_in ? utf8_get_encoding_id_from_string(Z_STRVAL_P(encoding_in)) : ENCODING_DEFAULT;
+
+ /* generate XMLRPC_REQUEST from raw xml */
+@@ -733,10 +734,16 @@ zval* decode_request_worker (zval* xml_i
+
+ if(XMLRPC_RequestGetRequestType(response) == xmlrpc_request_call) {
+ if(method_name_out) {
+- zval_dtor(method_name_out);
+- Z_TYPE_P(method_name_out) = IS_STRING;
+- Z_STRVAL_P(method_name_out) = estrdup(XMLRPC_RequestGetMethodName(response));
+- Z_STRLEN_P(method_name_out) = strlen(Z_STRVAL_P(method_name_out));
++ method_name = XMLRPC_RequestGetMethodName(response);
++ if (method_name) {
++ zval_dtor(method_name_out);
++ Z_TYPE_P(method_name_out) = IS_STRING;
++ Z_STRVAL_P(method_name_out) = estrdup(method_name);
++ Z_STRLEN_P(method_name_out) = strlen(Z_STRVAL_P(method_name_out));
++ } else if (retval) {
++ zval_ptr_dtor(&retval);
++ retval = NULL;
++ }
+ }
+ }
+
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-11 21:46:54 +0000