rpms / php

Clone
Source Code
GIT

Blame SOURCES/php-5.4.16-CVE-2015-2301.patch

c4 c5 c5-plus c6 c6-plus c7 c7-aarch64 c7-alt c7-beta c7-ppc64le c8-beta-stream-7.2 c8-beta-stream-7.3 c8-beta-stream-7.4 c8-beta-stream-8.0 c8-stream-7.2 c8-stream-7.3 c8-stream-7.4 c8-stream-8.0 c8s-stream-7.4 c8s-stream-8.0 c9 c9-beta c9-beta-stream-8.1 c9-stream-8.1
  1.   c2cf26468e469d4c77805f2881229a0d33533be4
  2.   SOURCES
  3.   php-5.4.16-CVE-2015-2301.patch
Blob History Raw
af9dc8 
From b2cf3f064b8f5efef89bb084521b61318c71781b Mon Sep 17 00:00:00 2001
af9dc8 
From: Xinchen Hui <laruence@php.net>
af9dc8 
Date: Thu, 29 Jan 2015 00:00:09 +0800
af9dc8 
Subject: [PATCH] Fixed bug #68901 (use after free)
af9dc8
af9dc8 
---
af9dc8 
 NEWS                   | 3 +++
af9dc8 
 ext/phar/phar_object.c | 2 +-
af9dc8 
 2 files changed, 4 insertions(+), 1 deletion(-)
af9dc8
af9dc8 
diff --git a/ext/phar/phar_object.c b/ext/phar/phar_object.c
af9dc8 
index 3671054..712795b 100644
af9dc8 
--- a/ext/phar/phar_object.c
af9dc8 
+++ b/ext/phar/phar_object.c
af9dc8 
@@ -2210,8 +2210,8 @@ static zval *phar_rename_archive(phar_archive_data *phar, char *ext, zend_bool c
af9dc8 
 	}
af9dc8 
 its_ok:
af9dc8 
 	if (SUCCESS == php_stream_stat_path(newpath, &ssb)) {
af9dc8 
-		efree(oldpath);
af9dc8 
 		zend_throw_exception_ex(spl_ce_BadMethodCallException, 0 TSRMLS_CC, "phar \"%s\" exists and must be unlinked prior to conversion", newpath);
af9dc8 
+		efree(oldpath);
af9dc8 
 		return NULL;
af9dc8 
 	}
af9dc8 
 	if (!phar->is_data) {
af9dc8 
--
af9dc8 
2.1.4
af9dc8

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation