sixd Fri, 18 Nov 2011 09:59:35 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=319457
Log: Sync to 5.3 and check additional cases for #55748 Bug: https://bugs.php.net/55748 (Closed) multiple NULL Pointer Dereference with zend_strndup() Changed paths: U php/php-src/branches/PHP_5_3/ext/oci8/oci8.c U php/php-src/branches/PHP_5_3/ext/oci8/package.xml U php/php-src/branches/PHP_5_4/ext/oci8/oci8.c U php/php-src/branches/PHP_5_4/ext/oci8/package.xml U php/php-src/trunk/ext/oci8/oci8.c U php/php-src/trunk/ext/oci8/package.xml Modified: php/php-src/branches/PHP_5_3/ext/oci8/oci8.c =================================================================== --- php/php-src/branches/PHP_5_3/ext/oci8/oci8.c 2011-11-18 09:26:01 UTC (rev 319456) +++ php/php-src/branches/PHP_5_3/ext/oci8/oci8.c 2011-11-18 09:59:35 UTC (rev 319457) @@ -2054,7 +2054,14 @@ connection->is_persistent = 0; } else { connection = (php_oci_connection *) calloc(1, sizeof(php_oci_connection)); + if (connection == NULL) { + return NULL; + } connection->hash_key = zend_strndup(hashed_details.c, hashed_details.len); + if (connection->hash_key == NULL) { + free(connection); + return NULL; + } connection->is_persistent = 1; } } else { @@ -2704,12 +2711,20 @@ ub4 poolmode = OCI_DEFAULT; /* Mode to be passed to OCISessionPoolCreate */ OCIAuthInfo *spoolAuth = NULL; - /*Allocate sessionpool out of persistent memory */ + /* Allocate sessionpool out of persistent memory */ session_pool = (php_oci_spool *) calloc(1, sizeof(php_oci_spool)); + if (session_pool == NULL) { + iserror = 1; + goto exit_create_spool; + } /* Populate key if passed */ if (hash_key_len) { session_pool->spool_hash_key = zend_strndup(hash_key, hash_key_len); + if (session_pool->spool_hash_key == NULL) { + iserror = 1; + goto exit_create_spool; + } } /* Create the session pool's env */ Modified: php/php-src/branches/PHP_5_3/ext/oci8/package.xml =================================================================== --- php/php-src/branches/PHP_5_3/ext/oci8/package.xml 2011-11-18 09:26:01 UTC (rev 319456) +++ php/php-src/branches/PHP_5_3/ext/oci8/package.xml 2011-11-18 09:59:35 UTC (rev 319457) @@ -47,6 +47,7 @@ <license uri="http://www.php.net/license">PHP</license> <notes> Fixed bug #59985 (show normal warning text for OCI_NO_DATA) + Fixed OCI8 part of bug #55748 (CVE-2011-4153: multiple NULL Pointer Dereference with zend_strndup) Increased maximum Oracle error message buffer length for new Oracle 11.2.0.3 size Improve internal initalization failure error messages </notes> Modified: php/php-src/branches/PHP_5_4/ext/oci8/oci8.c =================================================================== --- php/php-src/branches/PHP_5_4/ext/oci8/oci8.c 2011-11-18 09:26:01 UTC (rev 319456) +++ php/php-src/branches/PHP_5_4/ext/oci8/oci8.c 2011-11-18 09:59:35 UTC (rev 319457) @@ -2054,8 +2054,12 @@ connection->is_persistent = 0; } else { connection = (php_oci_connection *) calloc(1, sizeof(php_oci_connection)); + if (connection == NULL) { + return NULL; + } connection->hash_key = zend_strndup(hashed_details.c, hashed_details.len); - if(connection->hash_key == NULL) { + if (connection->hash_key == NULL) { + free(connection); return NULL; } connection->is_persistent = 1; @@ -2707,12 +2711,20 @@ ub4 poolmode = OCI_DEFAULT; /* Mode to be passed to OCISessionPoolCreate */ OCIAuthInfo *spoolAuth = NULL; - /*Allocate sessionpool out of persistent memory */ + /* Allocate sessionpool out of persistent memory */ session_pool = (php_oci_spool *) calloc(1, sizeof(php_oci_spool)); + if (session_pool == NULL) { + iserror = 1; + goto exit_create_spool; + } /* Populate key if passed */ if (hash_key_len) { session_pool->spool_hash_key = zend_strndup(hash_key, hash_key_len); + if (session_pool->spool_hash_key == NULL) { + iserror = 1; + goto exit_create_spool; + } } /* Create the session pool's env */ Modified: php/php-src/branches/PHP_5_4/ext/oci8/package.xml =================================================================== --- php/php-src/branches/PHP_5_4/ext/oci8/package.xml 2011-11-18 09:26:01 UTC (rev 319456) +++ php/php-src/branches/PHP_5_4/ext/oci8/package.xml 2011-11-18 09:59:35 UTC (rev 319457) @@ -47,6 +47,7 @@ <license uri="http://www.php.net/license">PHP</license> <notes> Fixed bug #59985 (show normal warning text for OCI_NO_DATA) + Fixed OCI8 part of bug #55748 (CVE-2011-4153: multiple NULL Pointer Dereference with zend_strndup) Increased maximum Oracle error message buffer length for new Oracle 11.2.0.3 size Improve internal initalization failure error messages </notes> Modified: php/php-src/trunk/ext/oci8/oci8.c =================================================================== --- php/php-src/trunk/ext/oci8/oci8.c 2011-11-18 09:26:01 UTC (rev 319456) +++ php/php-src/trunk/ext/oci8/oci8.c 2011-11-18 09:59:35 UTC (rev 319457) @@ -2054,8 +2054,12 @@ connection->is_persistent = 0; } else { connection = (php_oci_connection *) calloc(1, sizeof(php_oci_connection)); + if (connection == NULL) { + return NULL; + } connection->hash_key = zend_strndup(hashed_details.c, hashed_details.len); - if(connection->hash_key == NULL) { + if (connection->hash_key == NULL) { + free(connection); return NULL; } connection->is_persistent = 1; @@ -2707,12 +2711,20 @@ ub4 poolmode = OCI_DEFAULT; /* Mode to be passed to OCISessionPoolCreate */ OCIAuthInfo *spoolAuth = NULL; - /*Allocate sessionpool out of persistent memory */ + /* Allocate sessionpool out of persistent memory */ session_pool = (php_oci_spool *) calloc(1, sizeof(php_oci_spool)); + if (session_pool == NULL) { + iserror = 1; + goto exit_create_spool; + } /* Populate key if passed */ if (hash_key_len) { session_pool->spool_hash_key = zend_strndup(hash_key, hash_key_len); + if (session_pool->spool_hash_key == NULL) { + iserror = 1; + goto exit_create_spool; + } } /* Create the session pool's env */ Modified: php/php-src/trunk/ext/oci8/package.xml =================================================================== --- php/php-src/trunk/ext/oci8/package.xml 2011-11-18 09:26:01 UTC (rev 319456) +++ php/php-src/trunk/ext/oci8/package.xml 2011-11-18 09:59:35 UTC (rev 319457) @@ -47,6 +47,7 @@ <license uri="http://www.php.net/license">PHP</license> <notes> Fixed bug #59985 (show normal warning text for OCI_NO_DATA) + Fixed OCI8 part of bug #55748 (CVE-2011-4153: multiple NULL Pointer Dereference with zend_strndup) Increased maximum Oracle error message buffer length for new Oracle 11.2.0.3 size Improve internal initalization failure error messages </notes>
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php