File php-5.2.14-CVE-2012-0830.patch of Package php-5.2.17 (Revision 19)
Currently displaying revision 19, show latest
x
1
http://svn.php.net/viewvc?view=revision&revision=323007
2
http://svn.php.net/viewvc?view=revision&revision=323013
3
--- a/main/php_variables.c
4
+++ b/main/php_variables.c
5
6
if (!index) {
7
MAKE_STD_ZVAL(gpc_element);
8
array_init(gpc_element);
9
- zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
10
+ if (zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p) == FAILURE) {
11
+ zval_ptr_dtor(&gpc_element);
12
+ zval_dtor(val);
13
+ efree(var_orig);
14
+ return;
15
+ }
16
} else {
17
if (PG(magic_quotes_gpc)) {
18
escaped_index = php_addslashes(index, index_len, &index_len, 0 TSRMLS_CC);
19
20
MAKE_STD_ZVAL(gpc_element);
21
array_init(gpc_element);
22
zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
23
+ } else {
24
+ if (index != escaped_index) {
25
+ efree(escaped_index);
26
+ }
27
+ zval_dtor(val);
28
+ efree(var_orig);
29
+ return;
30
}
31
}
32
if (index != escaped_index) {
33
34
gpc_element->value = val->value;
35
Z_TYPE_P(gpc_element) = Z_TYPE_P(val);
36
if (!index) {
37
- zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
38
+ if (zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p) == FAILURE) {
39
+ zval_ptr_dtor(&gpc_element);
40
+ }
41
} else {
42
if (PG(magic_quotes_gpc)) {
43
escaped_index = php_addslashes(index, index_len, &index_len, 0 TSRMLS_CC);
44