File php-CVE-2016-7124.patch of Package php5.openSUSE_Leap_42.1_Update

Index: php-5.6.1/ext/standard/var_unserializer.re
===================================================================
--- php-5.6.1.orig/ext/standard/var_unserializer.re	2016-09-08 11:14:45.383620094 +0200
+++ php-5.6.1/ext/standard/var_unserializer.re	2016-09-08 11:59:20.272671867 +0200
@@ -435,9 +435,18 @@ static inline int object_common2(UNSERIA
 	}
 
 	if (!process_nested_data(UNSERIALIZE_PASSTHRU, Z_OBJPROP_PP(rval), elements, 1)) {
+           /* We've got partially constructed object on our hands here. Wipe it. */
+           if(Z_TYPE_PP(rval) == IS_OBJECT) {
+              zend_hash_clean(Z_OBJPROP_PP(rval));
+           }
+           ZVAL_NULL(*rval);
 		return 0;
 	}
 
+    if (Z_TYPE_PP(rval) != IS_OBJECT) {
+        return 0;
+    }
+
 	if (Z_OBJCE_PP(rval) != PHP_IC_ENTRY &&
 		zend_hash_exists(&Z_OBJCE_PP(rval)->function_table, "__wakeup", sizeof("__wakeup"))) {
 		INIT_PZVAL(&fname);