File php-CVE-2014-4698.patch of Package php5
X-Git-Url: http://72.52.91.13:8000/?p=php-src.git;a=blobdiff_plain;f=ext%2Fspl%2Fspl_array.c;h=0fe47b651c13f80c35e612de5cf69ea306095fe6;hp=8392e72714b80483641b1a0d2b6e6389e3c22959;hb=22882a9d89712ff2b6ebc20a689a89452bba4dcd;hpb=df78c48354f376cf419d7a97f88ca07d572f00fb
Index: ext/spl/spl_array.c
===================================================================
--- ext/spl/spl_array.c.orig 2014-06-25 15:06:23.000000000 +0200
+++ ext/spl/spl_array.c 2014-07-17 17:24:01.085311011 +0200
@@ -1733,6 +1733,7 @@
const unsigned char *p, *s;
php_unserialize_data_t var_hash;
zval *pmembers, *pflags = NULL;
+ HashTable *aht;
long flags;
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &buf, &buf_len) == FAILURE) {
@@ -1744,6 +1745,12 @@
return;
}
+ aht = spl_array_get_hash_table(intern, 0 TSRMLS_CC);
+ if (aht->nApplyCount > 0) {
+ zend_error(E_WARNING, "Modification of ArrayObject during sorting is prohibited");
+ return;
+ }
+
/* storage */
s = p = (const unsigned char*)buf;
PHP_VAR_UNSERIALIZE_INIT(var_hash);