File php-CVE-2015-8873.patch of Package php5.openSUSE_Leap_42.1_Update
X-Git-Url: http://72.52.91.13:8000/?p=php-src.git;a=blobdiff_plain;f=Zend%2Fzend_exceptions.c;h=82b777a958dc419a309ac79c47eda90167454139;hp=1a3ee8f434e4870677333aeb268503f2e0b20642;hb=4d2278143a08b7522de9471d0f014d7357c28fea;hpb=863bf294feb9ad425eadb94f288bc7f18673089d
diff --git a/Zend/zend_exceptions.c b/Zend/zend_exceptions.c
index 1a3ee8f..82b777a 100644
--- a/Zend/zend_exceptions.c
+++ b/Zend/zend_exceptions.c
@@ -218,6 +218,33 @@ ZEND_METHOD(exception, __construct)
}
/* }}} */
+/* {{{ proto Exception::__wakeup()
+ Exception unserialize checks */
+#define CHECK_EXC_TYPE(name, type) \
+ value = zend_read_property(default_exception_ce, object, name, sizeof(name)-1, 0 TSRMLS_CC); \
+ if(value && Z_TYPE_P(value) != type) { \
+ zval *tmp; \
+ MAKE_STD_ZVAL(tmp); \
+ ZVAL_STRINGL(tmp, name, sizeof(name)-1, 1); \
+ Z_OBJ_HANDLER_P(object, unset_property)(object, tmp, 0 TSRMLS_CC); \
+ zval_ptr_dtor(&tmp); \
+ }
+
+ZEND_METHOD(exception, __wakeup)
+{
+ zval *value;
+ zval *object = getThis();
+ HashTable *intern_ht = zend_std_get_properties(getThis() TSRMLS_CC);
+ CHECK_EXC_TYPE("message", IS_STRING);
+ CHECK_EXC_TYPE("string", IS_STRING);
+ CHECK_EXC_TYPE("code", IS_LONG);
+ CHECK_EXC_TYPE("file", IS_STRING);
+ CHECK_EXC_TYPE("line", IS_LONG);
+ CHECK_EXC_TYPE("trace", IS_ARRAY);
+ CHECK_EXC_TYPE("previous", IS_OBJECT);
+}
+/* }}} */
+
/* {{{ proto ErrorException::__construct(string message, int code, int severity [, string filename [, int lineno [, Exception previous]]])
ErrorException constructor */
ZEND_METHOD(error_exception, __construct)
@@ -728,6 +755,7 @@ ZEND_END_ARG_INFO()
const static zend_function_entry default_exception_functions[] = {
ZEND_ME(exception, __clone, NULL, ZEND_ACC_PRIVATE|ZEND_ACC_FINAL)
ZEND_ME(exception, __construct, arginfo_exception___construct, ZEND_ACC_PUBLIC)
+ ZEND_ME(exception, __wakeup, NULL, ZEND_ACC_PUBLIC|ZEND_ACC_FINAL)
ZEND_ME(exception, getMessage, NULL, ZEND_ACC_PUBLIC|ZEND_ACC_FINAL)
ZEND_ME(exception, getCode, NULL, ZEND_ACC_PUBLIC|ZEND_ACC_FINAL)
ZEND_ME(exception, getFile, NULL, ZEND_ACC_PUBLIC|ZEND_ACC_FINAL)