[Pkg-php-commits] [php/debian-sid] Add a test case to the CVE-2010-0397 fix
Raphael Geissert
geissert at debian.org
Sat Mar 13 06:44:11 UTC 2010
---
debian/patches/CVE-2010-0397.patch | 22 +++++++++++++++++++++-
1 files changed, 21 insertions(+), 1 deletions(-)
diff --git a/debian/patches/CVE-2010-0397.patch b/debian/patches/CVE-2010-0397.patch
index 186b216..753995a 100644
--- a/debian/patches/CVE-2010-0397.patch
+++ b/debian/patches/CVE-2010-0397.patch
@@ -1,7 +1,8 @@
Description: Fix a null pointer dereference when processing invalid
XML-RPC requests.
Origin: vendor
-Forwarded: yes
+Forwarded: http://bugs.php.net/51288
+Last-Update: 2010-03-12
Index: php/ext/xmlrpc/xmlrpc-epi-php.c
===================================================================
@@ -35,3 +36,22 @@ Index: php/ext/xmlrpc/xmlrpc-epi-php.c
}
}
+Index: php/ext/xmlrpc/tests/bug51288.phpt
+===================================================================
+--- /dev/null
++++ php/ext/xmlrpc/tests/bug51288.phpt
+@@ -0,0 +1,14 @@
++--TEST--
++Bug #51288 (CVE-2010-0397, NULL pointer deref when no <methodName> in request)
++--FILE--
++<?php
++$method = NULL;
++$req = '<?xml version="1.0"?><methodCall></methodCall>';
++var_dump(xmlrpc_decode_request($req, $method));
++var_dump($method);
++echo "Done\n";
++?>
++--EXPECT--
++NULL
++NULL
++Done
--
1.6.3.3
More information about the Pkg-php-commits
mailing list