[oe-commits] [meta-openembedded] 11/19: php: CVE-2016-9935 fix
git at git.openembedded.org
git at git.openembedded.org
Fri Nov 17 01:52:12 UTC 2017
This is an automated email from the git hooks/post-receive script.
armin_kuster pushed a commit to branch akuster/morty-next
in repository meta-openembedded.
commit e76c1874456c8f131a8104d1359befd24a19036a
Author: Thiruvadi Rajaraman <trajaraman at mvista.com>
AuthorDate: Thu Jun 15 15:48:08 2017 +0530
php: CVE-2016-9935 fix
Source: http://git.php.net/repository/php-src.git
MR: 70057
Type: Security Fix
Disposition: Backport from php-5.6.30-RC1
ChangeID: e1e263d511f28c9d986f1adb193b0c5eb4c0cceb
Description:
Fixed the Memory leak due to invalid wddx stack processing.
Author: Stanislav Malyshev <stas at php.net>
Signed-off-by: Thiruvadi Rajaraman <trajaraman at mvista.com>
Reviewed-by: Armin Kuster <akuster at mvista.com>
Signed-off-by: Armin Kuster <akuster at mvista.com>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
---
.../php/php-5.6.26/CVE-2016-9935.patch | 52 ++++++++++++++++++++++
meta-oe/recipes-devtools/php/php_5.6.26.bb | 1 +
2 files changed, 53 insertions(+)
diff --git a/meta-oe/recipes-devtools/php/php-5.6.26/CVE-2016-9935.patch b/meta-oe/recipes-devtools/php/php-5.6.26/CVE-2016-9935.patch
new file mode 100644
index 0000000..109abb7
--- /dev/null
+++ b/meta-oe/recipes-devtools/php/php-5.6.26/CVE-2016-9935.patch
@@ -0,0 +1,52 @@
+commit 266ecb6d0a1ab5a37b4d652ca774a8adc4b06578
+Author: Stanislav Malyshev <stas at php.net>
+Date: Mon Dec 5 21:40:55 2016 -0800
+
+ Fix bug #73631 - Invalid read when wddx decodes empty boolean element
+
+Upstream-status: Backport
+
+CVE: CVE-2016-9935
+Signed-off-by: Thiruvadi Rajaraman <trajaraman at mvista.com>
+
+Index: php-5.6.26/ext/wddx/tests/bug73631.phpt
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ php-5.6.26/ext/wddx/tests/bug73631.phpt 2017-06-15 15:31:17.362351353 +0530
+@@ -0,0 +1,20 @@
++--TEST--
++Bug #73631 (Memory leak due to invalid wddx stack processing)
++--SKIPIF--
++<?php if (!extension_loaded("wddx")) print "skip"; ?>
++--FILE--
++<?php
++$xml = <<<EOF
++<?xml version="1.0" ?>
++<wddxPacket version="1.0">
++<number>1234</number>
++<binary><boolean/></binary>
++</wddxPacket>
++EOF;
++$wddx = wddx_deserialize($xml);
++var_dump($wddx);
++?>
++--EXPECTF--
++int(1234)
++
++
+Index: php-5.6.26/ext/wddx/wddx.c
+===================================================================
+--- php-5.6.26.orig/ext/wddx/wddx.c 2017-06-15 15:31:17.306351351 +0530
++++ php-5.6.26/ext/wddx/wddx.c 2017-06-15 15:31:17.362351353 +0530
+@@ -812,6 +812,11 @@
+ php_wddx_process_data(user_data, atts[i+1], strlen(atts[i+1]));
+ break;
+ }
++ } else {
++ ent.type = ST_BOOLEAN;
++ SET_STACK_VARNAME;
++ ZVAL_FALSE(&ent.data);
++ wddx_stack_push((wddx_stack *)stack, &ent, sizeof(st_entry));
+ }
+ } else if (!strcmp(name, EL_NULL)) {
+ ent.type = ST_NULL;
diff --git a/meta-oe/recipes-devtools/php/php_5.6.26.bb b/meta-oe/recipes-devtools/php/php_5.6.26.bb
index 073d873..741c825 100644
--- a/meta-oe/recipes-devtools/php/php_5.6.26.bb
+++ b/meta-oe/recipes-devtools/php/php_5.6.26.bb
@@ -5,6 +5,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=b602636d46a61c0ac0432bbf5c078fe4"
SRC_URI += "file://change-AC_TRY_RUN-to-AC_TRY_LINK.patch \
file://CVE-2016-9137.patch \
file://CVE-2016-9934.patch \
+ file://CVE-2016-9935.patch \
"
SRC_URI[md5sum] = "cb424b705cfb715fc04f499f8a8cf52e"
SRC_URI[sha256sum] = "d47aab8083a4284b905777e1b45dd7735adc53be827b29f896684750ac8b6236"
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Openembedded-commits
mailing list