[Pkg-php-commits] [php/debian-sid] Fix memory leak in CVE-2010-0397 patch
Raphael Geissert
geissert at debian.org
Sat Mar 13 23:19:58 UTC 2010
---
debian/patches/CVE-2010-0397.patch | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/debian/patches/CVE-2010-0397.patch b/debian/patches/CVE-2010-0397.patch
index 753995a..ce53c39 100644
--- a/debian/patches/CVE-2010-0397.patch
+++ b/debian/patches/CVE-2010-0397.patch
@@ -16,7 +16,7 @@ Index: php/ext/xmlrpc/xmlrpc-epi-php.c
opts.xml_elem_opts.encoding = encoding_in ? utf8_get_encoding_id_from_string(encoding_in) : ENCODING_DEFAULT;
/* generate XMLRPC_REQUEST from raw xml */
-@@ -788,10 +789,15 @@ zval* decode_request_worker(char *xml_in
+@@ -788,10 +789,16 @@ zval* decode_request_worker(char *xml_in
if (XMLRPC_RequestGetRequestType(response) == xmlrpc_request_call) {
if (method_name_out) {
@@ -30,7 +30,8 @@ Index: php/ext/xmlrpc/xmlrpc-epi-php.c
+ Z_TYPE_P(method_name_out) = IS_STRING;
+ Z_STRVAL_P(method_name_out) = estrdup(method_name);
+ Z_STRLEN_P(method_name_out) = strlen(Z_STRVAL_P(method_name_out));
-+ } else {
++ } else if (retval) {
++ zval_ptr_dtor(&retval);
+ retval = NULL;
+ }
}
--
1.6.3.3
More information about the Pkg-php-commits
mailing list