← Back to branch summary

~ubuntu-branches/debian/lenny/php5/lenny

« back to all changes in this revision

Viewing changes to debian/patches/CVE-2009-1271.patch

  • Committer: Package Import Robot
  • Author(s): Ondřej Surý
  • Date: 2012-02-03 09:01:31 UTC
  • Revision ID: package-import@ubuntu.com-20120203090131-51tphng5tf1bdpqp
Tags: 5.2.6.dfsg.1-1+lenny16
Fix UMR in php_register_variable_ex (pull from upstream SVN)

Show diffs side-by-side

added added

removed removed

Lines of Context:
debian/patches/CVE-2009-1271.patch
2
2
# Description: fix denial of service via malformed string to the json_decode API function.
3
3
# Patch: http://cvs.php.net/viewvc.cgi/php-src/ext/json/JSON_parser.c?r1=1.1.2.14&r2=1.1.2.15
4
4
#
5
 
Index: php5-5.2.4/ext/json/JSON_parser.c
6
 
===================================================================
7
 
--- php5-5.2.4.orig/ext/json/JSON_parser.c      2007-06-13 13:56:41.000000000 -0400
8
 
+++ php5-5.2.4/ext/json/JSON_parser.c   2009-04-17 08:12:58.000000000 -0400
9
 
@@ -494,9 +494,7 @@
 
5
--- a/ext/json/JSON_parser.c
 
6
+++ b/ext/json/JSON_parser.c
 
7
@@ -494,9 +494,7 @@ JSON_parser(zval *z, unsigned short p[],
10
8
     }
11
9
 */
12
10
             case -7:
17
15
                 {
18
16
                     zval *mval;
19
17
                     smart_str_0(&buf);
20
 
@@ -566,9 +564,7 @@
 
18
@@ -566,9 +564,7 @@ JSON_parser(zval *z, unsigned short p[],
21
19
 */
22
20
             case -5:
23
21
             {
28
26
                 {
29
27
                     zval *mval;
30
28
                     smart_str_0(&buf);
31
 
Index: php5-5.2.4/ext/json/tests/001.phpt
32
 
===================================================================
33
 
--- php5-5.2.4.orig/ext/json/tests/001.phpt     2009-04-17 08:13:05.000000000 -0400
34
 
+++ php5-5.2.4/ext/json/tests/001.phpt  2009-04-17 08:13:30.000000000 -0400
35
 
@@ -16,6 +16,7 @@
 
29
--- a/ext/json/tests/001.phpt
 
30
+++ b/ext/json/tests/001.phpt
 
31
@@ -16,6 +16,7 @@ var_dump(json_decode(";"));
36
32
 var_dump(json_decode("руссиш"));
37
33
 var_dump(json_decode("blah"));
38
34
 var_dump(json_decode(NULL));
40
36
 var_dump(json_decode('{ "test": { "foo": "bar" } }'));
41
37
 var_dump(json_decode('{ "test": { "foo": "" } }'));
42
38
 var_dump(json_decode('{ "": { "foo": "" } }'));
43
 
@@ -38,6 +39,7 @@
 
39
@@ -38,6 +39,7 @@ string(1) ";"
44
40
 string(12) "руссиш"
45
41
 string(4) "blah"
46
42
 NULL