Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Maintenance:3739
php5.openSUSE_13.1_Update
php-5.4.20-CVE-2014-3515.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File php-5.4.20-CVE-2014-3515.patch of Package php5.openSUSE_13.1_Update
From: Stanislav Malyshev <stas@php.net> Date: Sun, 22 Jun 2014 02:46:16 +0000 (-0700) Subject: Fix bug #67492: unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion X-Git-Tag: php-5.4.30~6 X-Git-Url: http://72.52.91.13:8000/?p=php-src.git;a=commitdiff_plain;h=88223c5245e9b470e1e6362bfd96829562ffe6ab Fix bug #67492: unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion --- diff --git a/ext/spl/spl_array.c b/ext/spl/spl_array.c index 758947a..bf034ab 100644 --- ext/spl/spl_array.c +++ ext/spl/spl_array.c @@ -1808,7 +1808,7 @@ SPL_METHOD(Array, unserialize) ++p; ALLOC_INIT_ZVAL(pmembers); - if (!php_var_unserialize(&pmembers, &p, s + buf_len, &var_hash TSRMLS_CC)) { + if (!php_var_unserialize(&pmembers, &p, s + buf_len, &var_hash TSRMLS_CC) || Z_TYPE_P(pmembers) != IS_ARRAY) { zval_ptr_dtor(&pmembers); goto outexcept; } diff --git a/ext/spl/spl_observer.c b/ext/spl/spl_observer.c index 1a706f7..da9110b 100644 --- ext/spl/spl_observer.c +++ ext/spl/spl_observer.c @@ -898,7 +898,7 @@ SPL_METHOD(SplObjectStorage, unserialize) ++p; ALLOC_INIT_ZVAL(pmembers); - if (!php_var_unserialize(&pmembers, &p, s + buf_len, &var_hash TSRMLS_CC)) { + if (!php_var_unserialize(&pmembers, &p, s + buf_len, &var_hash TSRMLS_CC) || Z_TYPE_P(pmembers) != IS_ARRAY) { zval_ptr_dtor(&pmembers); goto outexcept; }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor