summaryrefslogtreecommitdiffstats
path: root/php-bug77569.patch
diff options
context:
space:
mode:
authorRemi Collet <remi@remirepo.net>2020-02-18 08:38:14 +0100
committerRemi Collet <remi@remirepo.net>2020-02-18 08:38:14 +0100
commite3249aded5d85e8b719ed4112dc715928b906478 (patch)
treea4bf482daf22a99dda3f45165b294eb38006637c /php-bug77569.patch
parente5ccdc6a2543267ddac51a9032b53d568516f36e (diff)
dom:
Fix #77569 Write Access Violation in DomImplementation phar: Fix #79082 Files added to tar with Phar::buildFromIterator have all-access permissions CVE-2020-7063 session: Fix #79221 Null Pointer Dereference in PHP Session Upload Progress CVE-2020-7062
Diffstat (limited to 'php-bug77569.patch')
-rw-r--r--php-bug77569.patch106
1 files changed, 106 insertions, 0 deletions
diff --git a/php-bug77569.patch b/php-bug77569.patch
new file mode 100644
index 0000000..d030342
--- /dev/null
+++ b/php-bug77569.patch
@@ -0,0 +1,106 @@
+From 2a58d1391f2c46e6404dae42b9b64505f94323da Mon Sep 17 00:00:00 2001
+From: "Christoph M. Becker" <cmbecker69@gmx.de>
+Date: Thu, 13 Feb 2020 15:13:26 +0100
+Subject: [PATCH 1/5] Fix #77569: Write Acess Violation in DomImplementation
+
+We must not assume that the zval IS_STRING.
+
+(cherry picked from commit cec8b24c848bab8562c82422f3692c193f0afcdb)
+---
+ NEWS | 6 ++++++
+ ext/dom/document.c | 2 +-
+ ext/dom/tests/bug77569.phpt | 14 ++++++++++++++
+ 3 files changed, 21 insertions(+), 1 deletion(-)
+ create mode 100644 ext/dom/tests/bug77569.phpt
+
+diff --git a/NEWS b/NEWS
+index a1dc8a81c3..5a6549e834 100644
+--- a/NEWS
++++ b/NEWS
+@@ -1,6 +1,12 @@
+ PHP NEWS
+ |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
+
++Backported from 7.2.28
++
++- DOM:
++ . Fixed bug #77569: (Write Acess Violation in DomImplementation). (Nikita,
++ cmb)
++
+ Backported from 7.2.27
+
+ - Mbstring:
+diff --git a/ext/dom/document.c b/ext/dom/document.c
+index a884087f5f..29ef0a8cab 100644
+--- a/ext/dom/document.c
++++ b/ext/dom/document.c
+@@ -341,7 +341,7 @@ int dom_document_encoding_write(dom_object *obj, zval *newval)
+
+ str = zval_get_string(newval);
+
+- handler = xmlFindCharEncodingHandler(Z_STRVAL_P(newval));
++ handler = xmlFindCharEncodingHandler(ZSTR_VAL(str));
+
+ if (handler != NULL) {
+ xmlCharEncCloseFunc(handler);
+diff --git a/ext/dom/tests/bug77569.phpt b/ext/dom/tests/bug77569.phpt
+new file mode 100644
+index 0000000000..f0f3566708
+--- /dev/null
++++ b/ext/dom/tests/bug77569.phpt
+@@ -0,0 +1,14 @@
++--TEST--
++Bug #77569 (Write Acess Violation in DomImplementation)
++--SKIPIF--
++<?php
++if (!extension_loaded('dom')) die('skip dom extension not available');
++?>
++--FILE--
++<?php
++$imp = new DOMImplementation;
++$dom = $imp->createDocument("", "");
++$dom->encoding = null;
++?>
++--EXPECTF--
++Warning: main(): Invalid Document Encoding in %s on line %d
+--
+2.24.1
+
+From 47310971e97b5be294a793bee7415c82f24d72ec Mon Sep 17 00:00:00 2001
+From: "Christoph M. Becker" <cmbecker69@gmx.de>
+Date: Fri, 14 Feb 2020 09:21:13 +0100
+Subject: [PATCH 2/5] Fix typo in recent bugfix
+
+(cherry picked from commit 8308196c97418ba4c8381bed0962ae160623027a)
+---
+ NEWS | 2 +-
+ ext/dom/tests/bug77569.phpt | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/NEWS b/NEWS
+index 5a6549e834..9467c98e33 100644
+--- a/NEWS
++++ b/NEWS
+@@ -4,7 +4,7 @@ PHP NEWS
+ Backported from 7.2.28
+
+ - DOM:
+- . Fixed bug #77569: (Write Acess Violation in DomImplementation). (Nikita,
++ . Fixed bug #77569: (Write Access Violation in DomImplementation). (Nikita,
+ cmb)
+
+ Backported from 7.2.27
+diff --git a/ext/dom/tests/bug77569.phpt b/ext/dom/tests/bug77569.phpt
+index f0f3566708..9eef2af65a 100644
+--- a/ext/dom/tests/bug77569.phpt
++++ b/ext/dom/tests/bug77569.phpt
+@@ -1,5 +1,5 @@
+ --TEST--
+-Bug #77569 (Write Acess Violation in DomImplementation)
++Bug #77569 (Write Access Violation in DomImplementation)
+ --SKIPIF--
+ <?php
+ if (!extension_loaded('dom')) die('skip dom extension not available');
+--
+2.24.1
+