File php-5.3.5-CVE-2012-0788.patch of Package php5
http://svn.php.net/viewvc/?view=revision&revision=317272
--- ext/pdo/pdo_stmt.c 2011/09/25 12:14:09 317271
+++ ext/pdo/pdo_stmt.c 2011/09/25 12:39:05 317272
@@ -2351,6 +2351,7 @@
}
zend_object_handlers pdo_dbstmt_object_handlers;
+static int pdo_row_serialize(zval *object, unsigned char **buffer, zend_uint *buf_len, zend_serialize_data *data TSRMLS_DC);
void pdo_stmt_init(TSRMLS_D)
{
@@ -2374,6 +2375,7 @@
pdo_row_ce = zend_register_internal_class(&ce TSRMLS_CC);
pdo_row_ce->ce_flags |= ZEND_ACC_FINAL_CLASS; /* when removing this a lot of handlers need to be redone */
pdo_row_ce->create_object = pdo_row_new;
+ pdo_row_ce->serialize = pdo_row_serialize;
}
static void free_statement(pdo_stmt_t *stmt TSRMLS_DC)
@@ -2796,6 +2798,12 @@
retval.handlers = &pdo_row_object_handlers;
return retval;
+}
+
+static int pdo_row_serialize(zval *object, unsigned char **buffer, zend_uint *buf_len, zend_serialize_data *data TSRMLS_DC)
+{
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "PDORow instances may not be serialized");
+ return FAILURE;
}
/* }}} */