File php-5.3.5-CVE-2011-3182.patch of Package php5
http://svn.php.net/viewvc?view=revision&revision=313826
http://svn.php.net/viewvc?view=revision&revision=313827
http://svn.php.net/viewvc?view=revision&revision=313828
http://svn.php.net/viewvc?view=revision&revision=313830
http://svn.php.net/viewvc?view=revision&revision=313831
http://svn.php.net/viewvc?view=revision&revision=313832
http://svn.php.net/viewvc?view=revision&revision=313833
http://svn.php.net/viewvc?view=revision&revision=313835
http://svn.php.net/viewvc?view=revision&revision=313903
https://bugzilla.redhat.com/show_bug.cgi?id=732516
Index: ext/curl/interface.c
===================================================================
--- ext/curl/interface.c.orig
+++ ext/curl/interface.c
@@ -803,6 +803,9 @@ PHP_MINIT_FUNCTION(curl)
int i, c = CRYPTO_num_locks();
php_curl_openssl_tsl = malloc(c * sizeof(MUTEX_T));
+ if (!php_curl_openssl_tsl) {
+ return FAILURE;
+ }
for (i = 0; i < c; ++i) {
php_curl_openssl_tsl[i] = tsrm_mutex_alloc();
Index: ext/com_dotnet/com_dotnet.c
===================================================================
--- ext/com_dotnet/com_dotnet.c.orig
+++ ext/com_dotnet/com_dotnet.c
@@ -129,6 +129,9 @@ static HRESULT dotnet_init(char **p_wher
char *where = "";
stuff = malloc(sizeof(*stuff));
+ if (!stuff) {
+ return S_FALSE;
+ }
memset(stuff, 0, sizeof(*stuff));
where = "CoCreateInstance";
Index: ext/pdo_odbc/pdo_odbc.c
===================================================================
--- ext/pdo_odbc/pdo_odbc.c.orig
+++ ext/pdo_odbc/pdo_odbc.c
@@ -98,6 +98,9 @@ PHP_MINIT_FUNCTION(pdo_odbc)
char *instance = INI_STR("pdo_odbc.db2_instance_name");
if (instance) {
char *env = malloc(sizeof("DB2INSTANCE=") + strlen(instance));
+ if (!env) {
+ return FAILURE;
+ }
strcpy(env, "DB2INSTANCE=");
strcat(env, instance);
putenv(env);
Index: ext/interbase/interbase.c
===================================================================
--- ext/interbase/interbase.c.orig
+++ ext/interbase/interbase.c
@@ -998,9 +998,12 @@ static void _php_ibase_connect(INTERNAL_
ZEND_REGISTER_RESOURCE(return_value, ib_link, le_link);
} else {
zend_rsrc_list_entry new_le;
-
+
ib_link = (ibase_db_link *) malloc(sizeof(ibase_db_link));
-
+ if (!ib_link) {
+ RETURN_FALSE;
+ }
+
/* hash it up */
Z_TYPE(new_le) = le_plink;
new_le.ptr = ib_link;
Index: ext/readline/readline.c
===================================================================
--- ext/readline/readline.c.orig
+++ ext/readline/readline.c
@@ -465,6 +465,9 @@ static char **_readline_completion_cb(co
matches = rl_completion_matches(text,_readline_command_generator);
} else {
matches = malloc(sizeof(char *) * 2);
+ if (!matches) {
+ return NULL;
+ }
matches[0] = strdup("");
matches[1] = '\0';
}
@@ -505,6 +508,10 @@ PHP_FUNCTION(readline_completion_functio
zval_copy_ctor(_readline_completion);
rl_attempted_completion_function = _readline_completion_cb;
+ if (rl_attempted_completion_function == NULL) {
+ efree(name);
+ RETURN_FALSE;
+ }
RETURN_TRUE;
}
Index: ext/standard/url_scanner_ex.re
===================================================================
--- ext/standard/url_scanner_ex.re.orig
+++ ext/standard/url_scanner_ex.re
@@ -55,9 +55,13 @@ static PHP_INI_MH(OnUpdateTags)
if (ctx->tags)
zend_hash_destroy(ctx->tags);
- else
+ else {
ctx->tags = malloc(sizeof(HashTable));
-
+ if (!ctx->tags) {
+ return FAILURE;
+ }
+ }
+
zend_hash_init(ctx->tags, 0, NULL, NULL, 1);
for (key = php_strtok_r(tmp, ",", &lasts);
Index: ext/sybase_ct/php_sybase_ct.c
===================================================================
--- ext/sybase_ct/php_sybase_ct.c.orig
+++ ext/sybase_ct/php_sybase_ct.c
@@ -777,6 +777,10 @@ static void php_sybase_do_connect(INTERN
}
sybase_ptr = (sybase_link *) malloc(sizeof(sybase_link));
+ if (!sybase_ptr) {
+ efree(hashed_details);
+ RETURN_FALSE;
+ }
if (!php_sybase_do_connect_internal(sybase_ptr, host, user, passwd, charset, appname TSRMLS_CC)) {
free(sybase_ptr);
efree(hashed_details);
Index: ext/mssql/php_mssql.c
===================================================================
--- ext/mssql/php_mssql.c.orig
+++ ext/mssql/php_mssql.c
@@ -685,6 +685,13 @@ static void php_mssql_do_connect(INTERNA
/* hash it up */
mssql_ptr = (mssql_link *) malloc(sizeof(mssql_link));
+ if (!mssql_ptr) {
+ efree(hashed_details);
+ dbfreelogin(mssql.login);
+ dbclose(mssql.link);
+ RETURN_FALSE;
+ }
+
memcpy(mssql_ptr, &mssql, sizeof(mssql_link));
Z_TYPE(new_le) = le_plink;
new_le.ptr = mssql_ptr;