commit 13bc8d32fc7e5e7f7b4ebeefab8729d9dcf01bdc
Author: Arkadiusz MiĆkiewicz <[email protected]>
Date: Tue Feb 2 18:36:31 2016 +0100
- rel 26; SECURITY; fixes http://akat1.pl/?id=1
php-bug-71475.patch | 42 ++++++++++++++++++++++++++++++++++++++++++
php.spec | 4 +++-
2 files changed, 45 insertions(+), 1 deletion(-)
---
diff --git a/php.spec b/php.spec
index da5210e..dc6ce55 100644
--- a/php.spec
+++ b/php.spec
@@ -123,7 +123,7 @@ ERROR: You need to select at least one Apache SAPI to build
shared modules.
%endif
%endif
-%define rel 25
+%define rel 26
%define orgname php
%define ver_suffix 53
%define php_suffix %{!?with_default_php:%{ver_suffix}}
@@ -173,6 +173,7 @@ Patch12: http://ilia.ws/patch/type_hint_53_v2.txt
Patch13: bug-test-pcntl-55479.patch
Patch14: %{orgname}-no_pear_install.patch
Patch15: %{orgname}-zlib.patch
+Patch16: php-bug-71475.patch
Patch17: %{orgname}-readline.patch
Patch18: %{orgname}-nohttpd.patch
Patch19: %{orgname}-gd_imagerotate_enable.patch
@@ -2038,6 +2039,7 @@ cp -p php.ini-production php.ini
%patch13 -p1
%patch14 -p1
%patch15 -p1
+%patch16 -p1
%patch17 -p1
%patch18 -p1
%if %{with system_gd}
diff --git a/php-bug-71475.patch b/php-bug-71475.patch
new file mode 100644
index 0000000..0a9ed6f
--- /dev/null
+++ b/php-bug-71475.patch
@@ -0,0 +1,42 @@
+--- php-5.6.17/ext/openssl/openssl.c~ 2016-01-06 16:14:47.000000000 +0100
++++ php-5.6.17/ext/openssl/openssl.c 2016-02-02 18:15:39.118449615 +0100
+@@ -4886,6 +4886,7 @@ PHP_FUNCTION(openssl_seal)
+ memset(eks, 0, sizeof(*eks) * nkeys);
+ key_resources = safe_emalloc(nkeys, sizeof(long), 0);
+ memset(key_resources, 0, sizeof(*key_resources) * nkeys);
++ memset(pkeys, 0, sizeof(*pkeys) * nkeys);
+
+ /* get the public keys we are using to seal this data */
+ zend_hash_internal_pointer_reset_ex(pubkeysht, &pos);
+@@ -4958,7 +4959,7 @@ PHP_FUNCTION(openssl_seal)
+
+ clean_exit:
+ for (i=0; i<nkeys; i++) {
+- if (key_resources[i] == -1) {
++ if (key_resources[i] == -1 && pkeys[i] != NULL) {
+ EVP_PKEY_free(pkeys[i]);
+ }
+ if (eks[i]) {
+diff --git a/ext/openssl/tests/bug71475.phpt b/ext/openssl/tests/bug71475.phpt
+new file mode 100644
+index 0000000..680753d
+--- /dev/null
++++ b/ext/openssl/tests/bug71475.phpt
+@@ -0,0 +1,16 @@
++--TEST--
++Bug #71475: openssl_seal() uninitialized memory usage
++--SKIPIF--
++<?php
++if (!extension_loaded("openssl")) die("skip openssl not loaded");
++?>
++--FILE--
++<?php
++$_ = str_repeat("A", 512);
++openssl_seal($_, $_, $_, array_fill(0,64,0));
++?>
++DONE
++--EXPECTF--
++
++Warning: openssl_seal(): not a public key (1th member of pubkeys) in
%s/bug71475.php on line %d
++DONE
+\ No newline at end of file
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/php.git/commitdiff/13bc8d32fc7e5e7f7b4ebeefab8729d9dcf01bdc
_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
