[Pkg-php-commits] [php/debian-etch] CVE-2009-1271: remote DoS in json_decode()
Sean Finney
seanius at debian.org
Wed Apr 29 17:35:20 UTC 2009
this was cherry-picked from 99a15296bdf41e9572dcca02593e103dbb878e38
Conflicts:
debian/patches/series
---
debian/patches/CVE-2009-1271.patch | 50 ++++++++++++++++++++++++++++++++++++
1 files changed, 50 insertions(+), 0 deletions(-)
create mode 100644 debian/patches/CVE-2009-1271.patch
diff --git a/debian/patches/CVE-2009-1271.patch b/debian/patches/CVE-2009-1271.patch
new file mode 100644
index 0000000..2a53de0
--- /dev/null
+++ b/debian/patches/CVE-2009-1271.patch
@@ -0,0 +1,50 @@
+#
+# Description: fix denial of service via malformed string to the json_decode API function.
+# Patch: http://cvs.php.net/viewvc.cgi/php-src/ext/json/JSON_parser.c?r1=1.1.2.14&r2=1.1.2.15
+#
+Index: php5-5.2.4/ext/json/JSON_parser.c
+===================================================================
+--- php5-5.2.4.orig/ext/json/JSON_parser.c 2007-06-13 13:56:41.000000000 -0400
++++ php5-5.2.4/ext/json/JSON_parser.c 2009-04-17 08:12:58.000000000 -0400
+@@ -494,9 +494,7 @@
+ }
+ */
+ case -7:
+- if (type != -1 &&
+- (JSON(the_stack)[JSON(the_top)] == MODE_OBJECT ||
+- JSON(the_stack)[JSON(the_top)] == MODE_ARRAY))
++ if (type != -1 && JSON(the_stack)[JSON(the_top)] == MODE_OBJECT)
+ {
+ zval *mval;
+ smart_str_0(&buf);
+@@ -566,9 +564,7 @@
+ */
+ case -5:
+ {
+- if (type != -1 &&
+- (JSON(the_stack)[JSON(the_top)] == MODE_OBJECT ||
+- JSON(the_stack)[JSON(the_top)] == MODE_ARRAY))
++ if (type != -1 && JSON(the_stack)[JSON(the_top)] == MODE_ARRAY)
+ {
+ zval *mval;
+ smart_str_0(&buf);
+Index: php5-5.2.4/ext/json/tests/001.phpt
+===================================================================
+--- php5-5.2.4.orig/ext/json/tests/001.phpt 2009-04-17 08:13:05.000000000 -0400
++++ php5-5.2.4/ext/json/tests/001.phpt 2009-04-17 08:13:30.000000000 -0400
+@@ -16,6 +16,7 @@
+ var_dump(json_decode("ÑÑÑÑиÑ"));
+ var_dump(json_decode("blah"));
+ var_dump(json_decode(NULL));
++var_dump(json_decode('[1}'));
+ var_dump(json_decode('{ "test": { "foo": "bar" } }'));
+ var_dump(json_decode('{ "test": { "foo": "" } }'));
+ var_dump(json_decode('{ "": { "foo": "" } }'));
+@@ -38,6 +39,7 @@
+ string(12) "ÑÑÑÑиÑ"
+ string(4) "blah"
+ NULL
++NULL
+ object(stdClass)#1 (1) {
+ ["test"]=>
+ object(stdClass)#2 (1) {
--
1.5.6.5
More information about the Pkg-php-commits
mailing list