File php-CVE-2016-7129.patch of Package php7

Current state of this case in wddx.c:
http://git.php.net/?p=php-src.git;a=blob;f=ext/wddx/wddx.c;hb=a463da7204e1d740707cb0d21ba9475ea30cf7ee

Index: php-7.0.7/ext/wddx/wddx.c
===================================================================
--- php-7.0.7.orig/ext/wddx/wddx.c	2016-09-05 15:39:58.663896434 +0200
+++ php-7.0.7/ext/wddx/wddx.c	2016-09-05 16:02:01.202699273 +0200
@@ -1026,19 +1026,26 @@ static void php_wddx_process_data(void *
 				break;
 
 			case ST_DATETIME: {
-				char *tmp;
+                                zend_string *str;
 
-				tmp = emalloc(len + 1);
-				memcpy(tmp, (char *)s, len);
-				tmp[len] = '\0';
+                                if (Z_TYPE(ent->data) == IS_STRING) {
+                                        str = zend_string_safe_alloc(Z_STRLEN(ent->data), 1, len, 0);
+                                        memcpy(ZSTR_VAL(str), Z_STRVAL(ent->data), Z_STRLEN(ent->data));
+                                        memcpy(ZSTR_VAL(str) + Z_STRLEN(ent->data), s, len);
+                                        ZSTR_VAL(str)[ZSTR_LEN(str)] = '\0';
+                                        zval_dtor(&ent->data);
+                                } else {
+                                        str = zend_string_init((char *)s, len, 0);
+                                }
 
-				Z_LVAL(ent->data) = php_parse_date(tmp, NULL);
-				/* date out of range < 1969 or > 2038 */
-				if (Z_LVAL(ent->data) == -1) {
-					ZVAL_STRINGL(&ent->data, (char *)s, len);
+                                ZVAL_LONG(&ent->data, php_parse_date(ZSTR_VAL(str), NULL));
+                                /* date out of range < 1969 or > 2038 */
+                                if (Z_LVAL(ent->data) == -1) {
+                                        ZVAL_STR_COPY(&ent->data, str);
+                                }
+
+                                zend_string_release(str);			
 				}
-				efree(tmp);
-			}
 				break;
 
 			default:
openSUSE Build Service is sponsored by