Overview

File php-CVE-2017-11142.patch of Package php7.7220

Index: php-7.0.7/main/php_variables.c
===================================================================
--- php-7.0.7.orig/main/php_variables.c	2017-07-19 09:08:21.687496562 +0200
+++ php-7.0.7/main/php_variables.c	2017-07-19 09:10:48.046043599 +0200
@@ -239,11 +239,14 @@ typedef struct post_var_data {
 	char *ptr;
 	char *end;
 	uint64_t cnt;
+
+       /* Bytes in ptr that have already been scanned for '&' */
+       size_t already_scanned;
 } post_var_data_t;
 
 static zend_bool add_post_var(zval *arr, post_var_data_t *var, zend_bool eof)
 {
-	char *ksep, *vsep, *val;
+	char *start, *ksep, *vsep, *val;
 	size_t klen, vlen;
 	size_t new_vlen;
 
@@ -251,9 +254,11 @@ static zend_bool add_post_var(zval *arr,
 		return 0;
 	}
 
-	vsep = memchr(var->ptr, '&', var->end - var->ptr);
+	start = var->ptr + var->already_scanned;
+	vsep = memchr(start, '&', var->end - start);
 	if (!vsep) {
 		if (!eof) {
+			var->already_scanned = var->end - var->ptr;
 			return 0;
 		} else {
 			vsep = var->end;
@@ -286,6 +291,7 @@ static zend_bool add_post_var(zval *arr,
 	efree(val);
 
 	var->ptr = vsep + (vsep != var->end);
+	var->already_scanned = 0;
 	return 1;
 }
 
@@ -305,7 +311,7 @@ static inline int add_post_vars(zval *ar
 		}
 	}
 
-	if (!eof) {
+	if (!eof && ZSTR_VAL(vars->str.s) != vars->ptr) {
 		memmove(ZSTR_VAL(vars->str.s), vars->ptr, ZSTR_LEN(vars->str.s) = vars->end - vars->ptr);
 	}
 	return SUCCESS;
openSUSE Build Service is sponsored by
Places