File php-CVE-2016-7131,7132.patch of Package php5.openSUSE_Leap_42.1_Update
Index: php-5.6.1/ext/wddx/wddx.c
===================================================================
--- php-5.6.1.orig/ext/wddx/wddx.c 2016-09-05 11:48:28.643394417 +0200
+++ php-5.6.1/ext/wddx/wddx.c 2016-09-05 11:48:28.759396370 +0200
@@ -945,10 +945,10 @@ static void php_wddx_pop_element(void *u
if (!ent1->data) {
if (stack->top > 1) {
stack->top--;
+ efree(ent1);
} else {
stack->done = 1;
}
- efree(ent1);
return;
}
@@ -983,7 +983,7 @@ static void php_wddx_pop_element(void *u
wddx_stack_top(stack, (void**)&ent2);
/* if non-existent field */
- if (ent2->type == ST_FIELD && ent2->data == NULL) {
+ if (ent2->data == NULL) {
zval_ptr_dtor(&ent1->data);
efree(ent1);
return;
@@ -1165,9 +1165,13 @@ int php_wddx_deserialize_ex(char *value,
if (stack.top == 1) {
wddx_stack_top(&stack, (void**)&ent);
- *return_value = *(ent->data);
- zval_copy_ctor(return_value);
- retval = SUCCESS;
+ if(ent->data == NULL) {
+ retval = FAILURE;
+ } else {
+ *return_value = *(ent->data);
+ zval_copy_ctor(return_value);
+ retval = SUCCESS;
+ }
} else {
retval = FAILURE;
}