File php-CVE-2016-7124.patch of Package php5.openSUSE_Leap_42.1_Update
Index: php-5.6.1/ext/standard/var_unserializer.re
===================================================================
--- php-5.6.1.orig/ext/standard/var_unserializer.re 2016-09-08 11:14:45.383620094 +0200
+++ php-5.6.1/ext/standard/var_unserializer.re 2016-09-08 11:59:20.272671867 +0200
@@ -435,9 +435,18 @@ static inline int object_common2(UNSERIA
}
if (!process_nested_data(UNSERIALIZE_PASSTHRU, Z_OBJPROP_PP(rval), elements, 1)) {
+ /* We've got partially constructed object on our hands here. Wipe it. */
+ if(Z_TYPE_PP(rval) == IS_OBJECT) {
+ zend_hash_clean(Z_OBJPROP_PP(rval));
+ }
+ ZVAL_NULL(*rval);
return 0;
}
+ if (Z_TYPE_PP(rval) != IS_OBJECT) {
+ return 0;
+ }
+
if (Z_OBJCE_PP(rval) != PHP_IC_ENTRY &&
zend_hash_exists(&Z_OBJCE_PP(rval)->function_table, "__wakeup", sizeof("__wakeup"))) {
INIT_PZVAL(&fname);