[Pkg-php-commits] [php/debian-sid] Fix a null pointer dereference when processing invalid XML-RPC requests (CVE-2010-0397, Closes: #573573)

[Raphael Geissert]

---
 debian/patches/CVE-2010-0397.patch |   37 ++++++++++++++++++++++++++++++++++++
 debian/patches/series              |    1 +
 2 files changed, 38 insertions(+), 0 deletions(-)
 create mode 100644 debian/patches/CVE-2010-0397.patch

diff --git a/debian/patches/CVE-2010-0397.patch b/debian/patches/CVE-2010-0397.patch
new file mode 100644
index 0000000..186b216
--- /dev/null
+++ b/debian/patches/CVE-2010-0397.patch
@@ -0,0 +1,37 @@
+Description: Fix a null pointer dereference when processing invalid
+ XML-RPC requests.
+Origin: vendor
+Forwarded: yes
+
+Index: php/ext/xmlrpc/xmlrpc-epi-php.c
+===================================================================
+--- php.orig/ext/xmlrpc/xmlrpc-epi-php.c
++++ php/ext/xmlrpc/xmlrpc-epi-php.c
+@@ -778,6 +778,7 @@ zval* decode_request_worker(char *xml_in
+ 	zval* retval = NULL;
+ 	XMLRPC_REQUEST response;
+ 	STRUCT_XMLRPC_REQUEST_INPUT_OPTIONS opts = {{0}};
++	const char *method_name;
+ 	opts.xml_elem_opts.encoding = encoding_in ? utf8_get_encoding_id_from_string(encoding_in) : ENCODING_DEFAULT;
+ 
+ 	/* generate XMLRPC_REQUEST from raw xml */
+@@ -788,10 +789,15 @@ zval* decode_request_worker(char *xml_in
+ 
+ 		if (XMLRPC_RequestGetRequestType(response) == xmlrpc_request_call) {
+ 			if (method_name_out) {
+-				zval_dtor(method_name_out);
+-				Z_TYPE_P(method_name_out) = IS_STRING;
+-				Z_STRVAL_P(method_name_out) = estrdup(XMLRPC_RequestGetMethodName(response));
+-				Z_STRLEN_P(method_name_out) = strlen(Z_STRVAL_P(method_name_out));
++				method_name = XMLRPC_RequestGetMethodName(response);
++				if (method_name) {
++					zval_dtor(method_name_out);
++					Z_TYPE_P(method_name_out) = IS_STRING;
++					Z_STRVAL_P(method_name_out) = estrdup(method_name);
++					Z_STRLEN_P(method_name_out) = strlen(Z_STRVAL_P(method_name_out));
++				} else {
++					retval = NULL;
++				}
+ 			}
+ 		}
+ 
diff --git a/debian/patches/series b/debian/patches/series
index 142cd06..f664d7a 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -50,3 +50,4 @@ fix_broken_sha2_test.patch
 php_crypt_revamped.patch
 fix_broken_locale_tests.patch
 fix_broken_gd_bundled-specific_tests.patch
+CVE-2010-0397.patch
-- 
1.6.3.3