Moritz Muehlenhoff
2007-Apr-18 21:00 UTC
[Secure-testing-commits] r5671 - in data: . patches patches/MOPB
Author: jmm-guest
Date: 2007-04-18 21:00:24 +0000 (Wed, 18 Apr 2007)
New Revision: 5671
Added:
data/patches/
data/patches/MOPB/
data/patches/MOPB/MOPB-04-php4.diff
data/patches/MOPB/MOPB-22-php4.diff
data/patches/MOPB/MOPB-32-php4.diff
Log:
coordinate PHP patches in SVN
Added: data/patches/MOPB/MOPB-04-php4.diff
==================================================================---
data/patches/MOPB/MOPB-04-php4.diff 2007-04-18 20:04:49 UTC (rev 5670)
+++ data/patches/MOPB/MOPB-04-php4.diff 2007-04-18 21:00:24 UTC (rev 5671)
@@ -0,0 +1,33 @@
+--- var_unserializer.c 2006/08/09 23:29:17 1.18.4.24.2.7
++++ var_unserializer.c 2006/10/27 08:35:25 1.18.4.24.2.8
+@@ -18,7 +18,7 @@
+ +----------------------------------------------------------------------+
+ */
+
+-/* $Id: var_unserializer.c,v 1.18.4.24.2.7 2006/08/09 23:29:17 nlopess Exp $
*/
++/* $Id: var_unserializer.c,v 1.18.4.24.2.8 2006/10/27 08:35:25 sesser Exp $ */
+
+ #include "php.h"
+ #include "ext/standard/php_var.h"
+@@ -958,6 +958,10 @@
+
+ if (*rval == *rval_ref) return 0;
+
++ if ((*rval_ref)->refcount > 65500) {
++ return 0;
++ }
++
+ if (*rval != NULL) {
+ zval_ptr_dtor(rval);
+ }
+@@ -999,6 +1003,10 @@
+
+ id = parse_iv(start + 2) - 1;
+ if (id == -1 || var_access(var_hash, id, &rval_ref) != SUCCESS) {
++ return 0;
++ }
++
++ if ((*rval_ref)->refcount > 65500) {
+ return 0;
+ }
+
Added: data/patches/MOPB/MOPB-22-php4.diff
==================================================================---
data/patches/MOPB/MOPB-22-php4.diff 2007-04-18 20:04:49 UTC (rev 5670)
+++ data/patches/MOPB/MOPB-22-php4.diff 2007-04-18 21:00:24 UTC (rev 5671)
@@ -0,0 +1,25 @@
+# Double check
+
+diff -aur php-4.4.6/ext/session/session.c php-4.4.7RC1/ext/session/session.c
+--- php-4.4.6/ext/session/session.c 2007-02-15 10:41:30.000000000 +0100
++++ php-4.4.7RC1/ext/session/session.c 2007-04-04 21:52:26.000000000 +0200
+@@ -1396,7 +1395,10 @@
+ RETURN_FALSE;
+ }
+ if (PS(session_status) == php_session_active) {
+- if (PS(id)) efree(PS(id));
++ if (PS(id)) {
++ efree(PS(id));
++ PS(id) = NULL;
++ }
+
+ PS(id) = PS(mod)->s_create_sid(&PS(mod_data), NULL TSRMLS_CC);
+
+@@ -1688,6 +1690,7 @@
+ }
+ if (PS(id)) {
+ efree(PS(id));
++ PS(id) = NULL;
+ }
+ PS(session_status)=php_session_none;
+ }
Added: data/patches/MOPB/MOPB-32-php4.diff
==================================================================---
data/patches/MOPB/MOPB-32-php4.diff 2007-04-18 20:04:49 UTC (rev 5670)
+++ data/patches/MOPB/MOPB-32-php4.diff 2007-04-18 21:00:24 UTC (rev 5671)
@@ -0,0 +1,11 @@
+diff -aur php-4.4.6/ext/session/session.c php-4.4.7RC1/ext/session/session.c
+--- php-4.4.6/ext/session/session.c 2007-02-15 10:41:30.000000000 +0100
++++ php-4.4.7RC1/ext/session/session.c 2007-04-04 21:52:26.000000000 +0200
+@@ -535,7 +535,6 @@
+
+ if (zend_hash_find(&EG(symbol_table), name, namelen + 1, (void **)
&tmp) == SUCCESS) {
+ if ((Z_TYPE_PP(tmp) == IS_ARRAY && Z_ARRVAL_PP(tmp) ==
&EG(symbol_table)) || *tmp == PS(http_session_vars)) {
+- efree(name);
+ goto skip;
+ }
+ }