File php-5.2.14-CVE-2011-4153.patch of Package php-5.2.17

http://svn.php.net/viewvc?view=revision&revision=319442
http://svn.php.net/viewvc?view=revision&revision=319453
#-0- 
Zend/zend_builtin_functions.c
#-1-
ext/soap/php_sdl.c
#-2-
ext/standard/syslog.c
#-3-
ext/standard/browscap.c
#-4-
N/A
#-5-
N/A
#-6-
ext/session/mod_files.c
ext/standard/file.c
Index: Zend/zend_builtin_functions.c
===================================================================
--- Zend/zend_builtin_functions.c.orig
+++ Zend/zend_builtin_functions.c
@@ -514,6 +514,9 @@ repeat:
 	}
 	c.flags = case_sensitive; /* non persistent */
 	c.name = zend_strndup(name, name_len);
+        if(c.name == NULL) {
+                RETURN_FALSE;
+        }
 	c.name_len = name_len+1;
 	c.module_number = PHP_USER_CONSTANT;
 	if (zend_register_constant(&c TSRMLS_CC) == SUCCESS) {
Index: ext/standard/syslog.c
===================================================================
--- ext/standard/syslog.c.orig
+++ ext/standard/syslog.c
@@ -236,6 +236,9 @@ PHP_FUNCTION(openlog)
 		free(BG(syslog_device));
 	}
 	BG(syslog_device) = zend_strndup(ident, ident_len);
+	if(BG(syslog_device) == NULL) {
+		RETURN_FALSE;
+	}
 	openlog(BG(syslog_device), option, facility);
 	RETURN_TRUE;
 }
Index: ext/soap/php_sdl.c
===================================================================
--- ext/soap/php_sdl.c.orig
+++ ext/soap/php_sdl.c
@@ -147,6 +147,10 @@ encodePtr get_encoder(sdlPtr sdl, const
 			memcpy(new_enc, enc, sizeof(encode));
 			if (sdl->is_persistent) {
 				new_enc->details.ns = zend_strndup(ns, ns_len);
+				if (new_enc->details.ns == NULL) {
+					efree(nscat);
+					return NULL;
+				}
 				new_enc->details.type_str = strdup(new_enc->details.type_str);
 			} else {
 				new_enc->details.ns = estrndup(ns, ns_len);
Index: ext/standard/file.c
===================================================================
--- ext/standard/file.c.orig
+++ ext/standard/file.c
@@ -2565,7 +2565,12 @@ PHP_FUNCTION(fnmatch)
    Returns directory path used for temporary files */
 PHP_FUNCTION(sys_get_temp_dir)
 {
-	RETURN_STRING((char *)php_get_temporary_directory(), 1);
+	char *tmp_dir;
+	tmp_dir = (char *)php_get_temporary_directory();
+	if (tmp_dir == NULL) {
+		return;
+	}
+	RETURN_STRING(tmp_dir, 1);
 }
 /* }}} */
 
Index: ext/session/mod_files.c
===================================================================
--- ext/session/mod_files.c.orig
+++ ext/session/mod_files.c
@@ -273,6 +273,9 @@ PS_OPEN_FUNC(files)
 	if (*save_path == '\0') {
 		/* if save path is an empty string, determine the temporary dir */
 		save_path = php_get_temporary_directory();
+		if (save_path == NULL) {
+			return FAILURE;
+		}
 
 		if (strcmp(save_path, "/tmp")) {
 			if (PG(safe_mode) && (!php_checkuid(save_path, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
Index: ext/standard/browscap.c
===================================================================
--- ext/standard/browscap.c.orig
+++ ext/standard/browscap.c
@@ -103,10 +103,18 @@ static void php_browscap_parser_cb(zval
 				new_property = (zval *) pemalloc(sizeof(zval), 1);
 				INIT_PZVAL(new_property);
 				Z_STRVAL_P(new_property) = zend_strndup(Z_STRVAL_P(arg2), Z_STRLEN_P(arg2));
+                                if (Z_STRVAL_P(new_property) == NULL) {
+                                        zend_error(E_CORE_ERROR, "Out of memory");
+                                        return;
+                                }
 				Z_STRLEN_P(new_property) = Z_STRLEN_P(arg2);
 				Z_TYPE_P(new_property) = IS_STRING;
 
 				new_key = zend_strndup(Z_STRVAL_P(arg1), Z_STRLEN_P(arg1));
+                                if (new_key == NULL) {
+                                        zend_error(E_CORE_ERROR, "Out of memory");
+                                        return;
+                                }
 				zend_str_tolower(new_key, Z_STRLEN_P(arg1));
 				zend_hash_update(Z_ARRVAL_P(current_section), new_key, Z_STRLEN_P(arg1)+1, &new_property, sizeof(zval *), NULL);
 				free(new_key);