[Pkg-php-commits] [php/debian-etch] CVE-2009-1271: remote DoS in json_decode()

Sean Finney seanius at debian.org
Wed Apr 29 17:35:20 UTC 2009 

this was cherry-picked from 99a15296bdf41e9572dcca02593e103dbb878e38

Conflicts:

	debian/patches/series
---
 debian/patches/CVE-2009-1271.patch |   50 ++++++++++++++++++++++++++++++++++++
 1 files changed, 50 insertions(+), 0 deletions(-)
 create mode 100644 debian/patches/CVE-2009-1271.patch

diff --git a/debian/patches/CVE-2009-1271.patch b/debian/patches/CVE-2009-1271.patch
new file mode 100644
index 0000000..2a53de0
--- /dev/null
+++ b/debian/patches/CVE-2009-1271.patch
@@ -0,0 +1,50 @@
+#
+# Description: fix denial of service via malformed string to the json_decode API function.
+# Patch: http://cvs.php.net/viewvc.cgi/php-src/ext/json/JSON_parser.c?r1=1.1.2.14&r2=1.1.2.15
+#
+Index: php5-5.2.4/ext/json/JSON_parser.c
+===================================================================
+--- php5-5.2.4.orig/ext/json/JSON_parser.c	2007-06-13 13:56:41.000000000 -0400
++++ php5-5.2.4/ext/json/JSON_parser.c	2009-04-17 08:12:58.000000000 -0400
+@@ -494,9 +494,7 @@
+     }
+ */
+             case -7:
+-                if (type != -1 &&
+-                    (JSON(the_stack)[JSON(the_top)] == MODE_OBJECT ||
+-                     JSON(the_stack)[JSON(the_top)] == MODE_ARRAY))
++                if (type != -1 && JSON(the_stack)[JSON(the_top)] == MODE_OBJECT)
+                 {
+                     zval *mval;
+                     smart_str_0(&buf);
+@@ -566,9 +564,7 @@
+ */
+             case -5:
+             {
+-                if (type != -1 &&
+-                    (JSON(the_stack)[JSON(the_top)] == MODE_OBJECT ||
+-                     JSON(the_stack)[JSON(the_top)] == MODE_ARRAY))
++                if (type != -1 && JSON(the_stack)[JSON(the_top)] == MODE_ARRAY)
+                 {
+                     zval *mval;
+                     smart_str_0(&buf);
+Index: php5-5.2.4/ext/json/tests/001.phpt
+===================================================================
+--- php5-5.2.4.orig/ext/json/tests/001.phpt	2009-04-17 08:13:05.000000000 -0400
++++ php5-5.2.4/ext/json/tests/001.phpt	2009-04-17 08:13:30.000000000 -0400
+@@ -16,6 +16,7 @@
+ var_dump(json_decode("руссиш"));
+ var_dump(json_decode("blah"));
+ var_dump(json_decode(NULL));
++var_dump(json_decode('[1}'));
+ var_dump(json_decode('{ "test": { "foo": "bar" } }'));
+ var_dump(json_decode('{ "test": { "foo": "" } }'));
+ var_dump(json_decode('{ "": { "foo": "" } }'));
+@@ -38,6 +39,7 @@
+ string(12) "руссиш"
+ string(4) "blah"
+ NULL
++NULL
+ object(stdClass)#1 (1) {
+   ["test"]=>
+   object(stdClass)#2 (1) {
-- 
1.5.6.5

More information about the Pkg-php-commits mailing list