diff options
Diffstat (limited to 'lang/php56/patches')
-rw-r--r-- | lang/php56/patches/patch-ext_date_php_date.c | 63 | ||||
-rw-r--r-- | lang/php56/patches/patch-ext_date_tests_bug68942.phpt | 16 | ||||
-rw-r--r-- | lang/php56/patches/patch-ext_date_tests_bug68942_2.phpt | 16 |
3 files changed, 0 insertions, 95 deletions
diff --git a/lang/php56/patches/patch-ext_date_php_date.c b/lang/php56/patches/patch-ext_date_php_date.c deleted file mode 100644 index 96e505bdf55..00000000000 --- a/lang/php56/patches/patch-ext_date_php_date.c +++ /dev/null @@ -1,63 +0,0 @@ -$NetBSD: patch-ext_date_php_date.c,v 1.1.2.2 2015/02/19 19:18:59 tron Exp $ - -Fix CVE-2015-0273 / bug #68942 (Use after free vulnerability in unserialize() with DateTimeZone) - ---- ext/date/php_date.c.orig 2015-01-21 00:40:37.000000000 +0000 -+++ ext/date/php_date.c -@@ -2807,12 +2807,9 @@ static int php_date_initialize_from_hash - timelib_tzinfo *tzi; - php_timezone_obj *tzobj; - -- if (zend_hash_find(myht, "date", 5, (void**) &z_date) == SUCCESS) { -- convert_to_string(*z_date); -- if (zend_hash_find(myht, "timezone_type", 14, (void**) &z_timezone_type) == SUCCESS) { -- convert_to_long(*z_timezone_type); -- if (zend_hash_find(myht, "timezone", 9, (void**) &z_timezone) == SUCCESS) { -- convert_to_string(*z_timezone); -+ if (zend_hash_find(myht, "date", 5, (void**) &z_date) == SUCCESS && Z_TYPE_PP(z_date) == IS_STRING) { -+ if (zend_hash_find(myht, "timezone_type", 14, (void**) &z_timezone_type) == SUCCESS && Z_TYPE_PP(z_timezone_type) == IS_LONG) { -+ if (zend_hash_find(myht, "timezone", 9, (void**) &z_timezone) == SUCCESS && Z_TYPE_PP(z_timezone) == IS_STRING) { - - switch (Z_LVAL_PP(z_timezone_type)) { - case TIMELIB_ZONETYPE_OFFSET: -@@ -2827,7 +2824,6 @@ static int php_date_initialize_from_hash - - case TIMELIB_ZONETYPE_ID: { - int ret; -- convert_to_string(*z_timezone); - - tzi = php_date_parse_tzfile(Z_STRVAL_PP(z_timezone), DATE_TIMEZONEDB TSRMLS_CC); - -@@ -3744,9 +3740,8 @@ static int php_date_timezone_initialize_ - zval **z_timezone = NULL; - zval **z_timezone_type = NULL; - -- if (zend_hash_find(myht, "timezone_type", 14, (void**) &z_timezone_type) == SUCCESS) { -+ if (zend_hash_find(myht, "timezone_type", 14, (void**) &z_timezone_type) == SUCCESS && Z_TYPE_PP(z_timezone_type) == IS_LONG) { - if (zend_hash_find(myht, "timezone", 9, (void**) &z_timezone) == SUCCESS) { -- convert_to_long(*z_timezone_type); - if (SUCCESS == timezone_initialize(*tzobj, Z_STRVAL_PP(z_timezone) TSRMLS_CC)) { - return SUCCESS; - } -@@ -3771,7 +3766,9 @@ PHP_METHOD(DateTimeZone, __set_state) - - php_date_instantiate(date_ce_timezone, return_value TSRMLS_CC); - tzobj = (php_timezone_obj *) zend_object_store_get_object(return_value TSRMLS_CC); -- php_date_timezone_initialize_from_hash(&return_value, &tzobj, myht TSRMLS_CC); -+ if(php_date_timezone_initialize_from_hash(&return_value, &tzobj, myht TSRMLS_CC) != SUCCESS) { -+ php_error_docref(NULL, E_ERROR, "Timezone initialization failed"); -+ } - } - /* }}} */ - -@@ -3787,7 +3784,9 @@ PHP_METHOD(DateTimeZone, __wakeup) - - myht = Z_OBJPROP_P(object); - -- php_date_timezone_initialize_from_hash(&return_value, &tzobj, myht TSRMLS_CC); -+ if(php_date_timezone_initialize_from_hash(&return_value, &tzobj, myht TSRMLS_CC) != SUCCESS) { -+ php_error_docref(NULL, E_ERROR, "Timezone initialization failed"); -+ } - } - /* }}} */ - diff --git a/lang/php56/patches/patch-ext_date_tests_bug68942.phpt b/lang/php56/patches/patch-ext_date_tests_bug68942.phpt deleted file mode 100644 index d88b6d3b680..00000000000 --- a/lang/php56/patches/patch-ext_date_tests_bug68942.phpt +++ /dev/null @@ -1,16 +0,0 @@ -$NetBSD: patch-ext_date_tests_bug68942.phpt,v 1.1.2.2 2015/02/19 19:18:59 tron Exp $ - -Test CVE-2015-0273 / bug #68942 (Use after free vulnerability in unserialize() with DateTimeZone) - ---- ext/date/tests/bug68942.phpt.orig 2015-02-18 23:36:15.000000000 +0000 -+++ ext/date/tests/bug68942.phpt -@@ -0,0 +1,9 @@ -+--TEST-- -+Bug #68942 (Use after free vulnerability in unserialize() with DateTimeZone). -+--FILE-- -+<?php -+$data = unserialize('a:2:{i:0;O:12:"DateTimeZone":2:{s:13:"timezone_type";a:2:{i:0;i:1;i:1;i:2;}s:8:"timezone";s:1:"A";}i:1;R:4;}'); -+var_dump($data); -+?> -+--EXPECTF-- -+Fatal error: DateTimeZone::__wakeup(): Timezone initialization failed in %s/bug68942.php on line %d diff --git a/lang/php56/patches/patch-ext_date_tests_bug68942_2.phpt b/lang/php56/patches/patch-ext_date_tests_bug68942_2.phpt deleted file mode 100644 index 1b33e6eed6e..00000000000 --- a/lang/php56/patches/patch-ext_date_tests_bug68942_2.phpt +++ /dev/null @@ -1,16 +0,0 @@ -$NetBSD: patch-ext_date_tests_bug68942_2.phpt,v 1.1.2.2 2015/02/19 19:18:59 tron Exp $ - -Test CVE-2015-0273 / bug #68942 (Use after free vulnerability in unserialize() with DateTimeZone) - ---- ext/date/tests/bug68942_2.phpt.orig 2015-02-18 23:37:44.000000000 +0000 -+++ ext/date/tests/bug68942_2.phpt -@@ -0,0 +1,9 @@ -+--TEST-- -+Bug #68942 (Use after free vulnerability in unserialize() with DateTime). -+--FILE-- -+<?php -+$data = unserialize('a:2:{i:0;O:8:"DateTime":3:{s:4:"date";s:26:"2000-01-01 00:00:00.000000";s:13:"timezone_type";a:2:{i:0;i:1;i:1;i:2;}s:8:"timezone";s:1:"A";}i:1;R:5;}'); -+var_dump($data); -+?> -+--EXPECTF-- -+Fatal error: Invalid serialization data for DateTime object in %s/bug68942_2.php on line %d |