File php-CVE-2016-6290.patch of Package php7

X-Git-Url: http://72.52.91.13:8000/?p=php-src.git;a=blobdiff_plain;f=ext%2Fsession%2Fsession.c;h=cb6cc01f219c12922f4ef7f4152aa08de2745123;hp=f5439ea79c5b94b9c68adf8a1c5a77e8c318cf24;hb=3798eb6fd5dddb211b01d41495072fd9858d4e32;hpb=aa82e99ed8003c01f1ef4f0940e56b85c5b032d4

diff --git a/ext/session/session.c b/ext/session/session.c
index f5439ea..cb6cc01 100644
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -931,6 +931,7 @@ PS_SERIALIZER_DECODE_FUNC(php_binary) /* {{{ */
 		namelen = ((unsigned char)(*p)) & (~PS_BIN_UNDEF);
 
 		if (namelen < 0 || namelen > PS_BIN_MAX || (p + namelen) >= endptr) {
+			PHP_VAR_UNSERIALIZE_DESTROY(var_hash);
 			return FAILURE;
 		}
openSUSE Build Service is sponsored by