File php-5.3.5-CVE-2011-3182.patch of Package php5

http://svn.php.net/viewvc?view=revision&revision=313826
http://svn.php.net/viewvc?view=revision&revision=313827
http://svn.php.net/viewvc?view=revision&revision=313828
http://svn.php.net/viewvc?view=revision&revision=313830
http://svn.php.net/viewvc?view=revision&revision=313831
http://svn.php.net/viewvc?view=revision&revision=313832
http://svn.php.net/viewvc?view=revision&revision=313833
http://svn.php.net/viewvc?view=revision&revision=313835
http://svn.php.net/viewvc?view=revision&revision=313903
https://bugzilla.redhat.com/show_bug.cgi?id=732516
Index: ext/curl/interface.c
===================================================================
--- ext/curl/interface.c.orig
+++ ext/curl/interface.c
@@ -803,6 +803,9 @@ PHP_MINIT_FUNCTION(curl)
 		int i, c = CRYPTO_num_locks();
 
 		php_curl_openssl_tsl = malloc(c * sizeof(MUTEX_T));
+		if (!php_curl_openssl_tsl) {
+			return FAILURE;
+		}
 
 		for (i = 0; i < c; ++i) {
 			php_curl_openssl_tsl[i] = tsrm_mutex_alloc();
Index: ext/com_dotnet/com_dotnet.c
===================================================================
--- ext/com_dotnet/com_dotnet.c.orig
+++ ext/com_dotnet/com_dotnet.c
@@ -129,6 +129,9 @@ static HRESULT dotnet_init(char **p_wher
 	char *where = "";
 
 	stuff = malloc(sizeof(*stuff));
+	if (!stuff) {
+		return S_FALSE;
+	}
 	memset(stuff, 0, sizeof(*stuff));
 
 	where = "CoCreateInstance";
Index: ext/pdo_odbc/pdo_odbc.c
===================================================================
--- ext/pdo_odbc/pdo_odbc.c.orig
+++ ext/pdo_odbc/pdo_odbc.c
@@ -98,6 +98,9 @@ PHP_MINIT_FUNCTION(pdo_odbc)
 		char *instance = INI_STR("pdo_odbc.db2_instance_name");
 		if (instance) {
 			char *env = malloc(sizeof("DB2INSTANCE=") + strlen(instance));
+			if (!env) {
+				return FAILURE;
+			}
 			strcpy(env, "DB2INSTANCE=");
 			strcat(env, instance);
 			putenv(env);
Index: ext/interbase/interbase.c
===================================================================
--- ext/interbase/interbase.c.orig
+++ ext/interbase/interbase.c
@@ -998,9 +998,12 @@ static void _php_ibase_connect(INTERNAL_
 			ZEND_REGISTER_RESOURCE(return_value, ib_link, le_link);
 		} else {
 			zend_rsrc_list_entry new_le;
-			
+
 			ib_link = (ibase_db_link *) malloc(sizeof(ibase_db_link));
-	
+			if (!ib_link) {
+				RETURN_FALSE;
+			}
+
 			/* hash it up */
 			Z_TYPE(new_le) = le_plink;
 			new_le.ptr = ib_link;
Index: ext/readline/readline.c
===================================================================
--- ext/readline/readline.c.orig
+++ ext/readline/readline.c
@@ -465,6 +465,9 @@ static char **_readline_completion_cb(co
 				matches = rl_completion_matches(text,_readline_command_generator);
 			} else {
 				matches = malloc(sizeof(char *) * 2);
+				if (!matches) {
+					return NULL;
+				}
 				matches[0] = strdup("");
 				matches[1] = '\0';
 			}
@@ -505,6 +508,10 @@ PHP_FUNCTION(readline_completion_functio
 	zval_copy_ctor(_readline_completion);
 
 	rl_attempted_completion_function = _readline_completion_cb;
+        if (rl_attempted_completion_function == NULL) {
+                efree(name);
+                RETURN_FALSE;
+        }
 
 	RETURN_TRUE;
 }
Index: ext/standard/url_scanner_ex.re
===================================================================
--- ext/standard/url_scanner_ex.re.orig
+++ ext/standard/url_scanner_ex.re
@@ -55,9 +55,13 @@ static PHP_INI_MH(OnUpdateTags)
 	
 	if (ctx->tags)
 		zend_hash_destroy(ctx->tags);
-	else
+	else {
 		ctx->tags = malloc(sizeof(HashTable));
-	
+		if (!ctx->tags) {
+			return FAILURE;
+		}
+	}
+
 	zend_hash_init(ctx->tags, 0, NULL, NULL, 1);
 	
 	for (key = php_strtok_r(tmp, ",", &lasts);
Index: ext/sybase_ct/php_sybase_ct.c
===================================================================
--- ext/sybase_ct/php_sybase_ct.c.orig
+++ ext/sybase_ct/php_sybase_ct.c
@@ -777,6 +777,10 @@ static void php_sybase_do_connect(INTERN
 			}
 
 			sybase_ptr = (sybase_link *) malloc(sizeof(sybase_link));
+			if (!sybase_ptr) {
+				efree(hashed_details);
+				RETURN_FALSE;
+			}
 			if (!php_sybase_do_connect_internal(sybase_ptr, host, user, passwd, charset, appname TSRMLS_CC)) {
 				free(sybase_ptr);
 				efree(hashed_details);
Index: ext/mssql/php_mssql.c
===================================================================
--- ext/mssql/php_mssql.c.orig
+++ ext/mssql/php_mssql.c
@@ -685,6 +685,13 @@ static void php_mssql_do_connect(INTERNA
 
 			/* hash it up */
 			mssql_ptr = (mssql_link *) malloc(sizeof(mssql_link));
+			if (!mssql_ptr) {
+				efree(hashed_details);
+				dbfreelogin(mssql.login);
+				dbclose(mssql.link);
+				RETURN_FALSE;
+			}
+
 			memcpy(mssql_ptr, &mssql, sizeof(mssql_link));
 			Z_TYPE(new_le) = le_plink;
 			new_le.ptr = mssql_ptr;
openSUSE Build Service is sponsored by