From: Anil Dongare <[email protected]> Upstream Repository: https://github.com/php/php-src.git
Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2025-14180 Type: Security Fix CVE: CVE-2025-14180 Score: 7.5 Patch: https://github.com/php/php-src/commit/5797b94652c3 Signed-off-by: Anil Dongare <[email protected]> --- .../php/php/CVE-2025-14180.patch | 69 +++++++++++++++++++ meta-oe/recipes-devtools/php/php_8.2.29.bb | 1 + 2 files changed, 70 insertions(+) create mode 100644 meta-oe/recipes-devtools/php/php/CVE-2025-14180.patch diff --git a/meta-oe/recipes-devtools/php/php/CVE-2025-14180.patch b/meta-oe/recipes-devtools/php/php/CVE-2025-14180.patch new file mode 100644 index 0000000000..110ba99b15 --- /dev/null +++ b/meta-oe/recipes-devtools/php/php/CVE-2025-14180.patch @@ -0,0 +1,69 @@ +From 86f18141dd016a7927083cc122c71f1a8877b414 Mon Sep 17 00:00:00 2001 +From: Jakub Zelenka <[email protected]> +Date: Sat, 11 Oct 2025 19:37:26 +0200 +Subject: [PATCH] Fix GHSA-8xr5-qppj-gvwj: PDO quoting result null deref + +CVE: CVE-2025-14180 +Upstream-Status: Backport [https://github.com/php/php-src/commit/5797b94652c3] + +(cherry picked from commit 5797b94652c366521bff55f8e1a26ed6188f31b8) +Signed-off-by: Anil Dongare <[email protected]> +--- + ext/pdo/pdo_sql_parser.re | 6 +++++ + ext/pdo_pgsql/tests/ghsa-8xr5-qppj-gvwj.phpt | 28 ++++++++++++++++++++ + 2 files changed, 34 insertions(+) + create mode 100644 ext/pdo_pgsql/tests/ghsa-8xr5-qppj-gvwj.phpt + +diff --git a/ext/pdo/pdo_sql_parser.re b/ext/pdo/pdo_sql_parser.re +index 6bb0837fb31..7f4721d12a6 100644 +--- a/ext/pdo/pdo_sql_parser.re ++++ b/ext/pdo/pdo_sql_parser.re +@@ -287,6 +287,12 @@ safe: + } + + plc->quoted = stmt->dbh->methods->quoter(stmt->dbh, buf, param_type); ++ if (plc->quoted == NULL) { ++ /* bork */ ++ ret = -1; ++ strncpy(stmt->error_code, stmt->dbh->error_code, 6); ++ goto clean_up; ++ } + } + } + +diff --git a/ext/pdo_pgsql/tests/ghsa-8xr5-qppj-gvwj.phpt b/ext/pdo_pgsql/tests/ghsa-8xr5-qppj-gvwj.phpt +new file mode 100644 +index 00000000000..736354cab13 +--- /dev/null ++++ b/ext/pdo_pgsql/tests/ghsa-8xr5-qppj-gvwj.phpt +@@ -0,0 +1,28 @@ ++--TEST-- ++#GHSA-8xr5-qppj-gvwj: NULL Pointer Derefernce for failed user input quoting ++--EXTENSIONS-- ++pdo ++pdo_pgsql ++--SKIPIF-- ++<?php ++require_once dirname(__FILE__) . '/../../../ext/pdo/tests/pdo_test.inc'; ++require_once dirname(__FILE__) . '/config.inc'; ++PDOTest::skip(); ++?> ++--FILE-- ++<?php ++require_once dirname(__FILE__) . '/../../../ext/pdo/tests/pdo_test.inc'; ++require_once dirname(__FILE__) . '/config.inc'; ++$db = PDOTest::test_factory(dirname(__FILE__) . '/common.phpt'); ++$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); ++$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, true); ++ ++$sql = "SELECT * FROM users where username = :username"; ++$stmt = $db->prepare($sql); ++ ++$p1 = "alice\x99"; ++var_dump($stmt->execute(['username' => $p1])); ++ ++?> ++--EXPECT-- ++bool(false) +-- +2.43.7 diff --git a/meta-oe/recipes-devtools/php/php_8.2.29.bb b/meta-oe/recipes-devtools/php/php_8.2.29.bb index aa2244ce96..08e7e80c84 100644 --- a/meta-oe/recipes-devtools/php/php_8.2.29.bb +++ b/meta-oe/recipes-devtools/php/php_8.2.29.bb @@ -22,6 +22,7 @@ SRC_URI = "http://php.net/distributions/php-${PV}.tar.bz2 \ file://0001-Change-whether-to-inline-XXH3_hashLong_withSecret-to.patch \ file://CVE-2025-14177.patch \ file://CVE-2025-14178.patch \ + file://CVE-2025-14180.patch \ " SRC_URI:append:class-target = " \ -- 2.44.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#124126): https://lists.openembedded.org/g/openembedded-devel/message/124126 Mute This Topic: https://lists.openembedded.org/mt/117634078/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
