[Pkg-php-commits] [php/debian-lenny] Fix CVE-2009-4143: session interruption memory corruption
Raphael Geissert
geissert at debian.org
Mon Feb 22 22:27:13 UTC 2010
---
debian/patches/CVE-2009-4143.patch | 28 ++++++++++++++++++++++++++++
debian/patches/series | 1 +
2 files changed, 29 insertions(+), 0 deletions(-)
create mode 100644 debian/patches/CVE-2009-4143.patch
diff --git a/debian/patches/CVE-2009-4143.patch b/debian/patches/CVE-2009-4143.patch
new file mode 100644
index 0000000..db073ec
--- /dev/null
+++ b/debian/patches/CVE-2009-4143.patch
@@ -0,0 +1,28 @@
+Index: php/ext/session/session.c
+===================================================================
+--- php.orig/ext/session/session.c
++++ php/ext/session/session.c
+@@ -1732,7 +1732,10 @@ PHP_FUNCTION(session_unregister)
+
+ convert_to_string_ex(p_name);
+
+- PS_DEL_VARL(Z_STRVAL_PP(p_name), Z_STRLEN_PP(p_name));
++ IF_SESSION_VARS() {
++ SEPARATE_ZVAL_IF_NOT_REF(&PS(http_session_vars));
++ PS_DEL_VARL(Z_STRVAL_PP(p_name), Z_STRLEN_PP(p_name));
++ }
+
+ RETURN_TRUE;
+ }
+@@ -1842,7 +1845,10 @@ PHP_FUNCTION(session_unset)
+ RETURN_FALSE;
+
+ IF_SESSION_VARS() {
+- HashTable *ht = Z_ARRVAL_P(PS(http_session_vars));
++ HashTable *ht;
++
++ SEPARATE_ZVAL_IF_NOT_REF(&PS(http_session_vars));
++ ht = Z_ARRVAL_P(PS(http_session_vars));
+
+ if (PG(register_globals)) {
+ uint str_len;
diff --git a/debian/patches/series b/debian/patches/series
index 89a4e36..a51aed3 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -65,3 +65,4 @@ filter-valid-email-characters.patch
odbc-64bits-len.patch
sybase-alias.patch
CVE-2009-4142.patch
+CVE-2009-4143.patch
--
1.6.3.3
More information about the Pkg-php-commits
mailing list