mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 05:49:57 +00:00
Code Issues Projects Releases Wiki Activity

php 8.2.29: Fix CVE-2025-14180

Browse Source 
Upstream Repository: https://github.com/php/php-src.git

Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2025-14180
Type: Security Fix
CVE: CVE-2025-14180
Score: 7.5
Patch: https://github.com/php/php-src/commit/5797b94652c3

Signed-off-by: Anil Dongare <adongare@cisco.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
This commit is contained in:
Anil Dongare
2026-02-04 03:43:01 -08:00
committed by Anuj Mittal
parent 4750244921
commit 70822f1a81
2 changed files with 70 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-devtools/php/php/CVE-2025-14180.patch
+69
View File
@@ -0,0 +1,69 @@
From 86f18141dd016a7927083cc122c71f1a8877b414 Mon Sep 17 00:00:00 2001
From: Jakub Zelenka <bukka@php.net>
Date: Sat, 11 Oct 2025 19:37:26 +0200
Subject: [PATCH] Fix GHSA-8xr5-qppj-gvwj: PDO quoting result null deref
CVE: CVE-2025-14180
Upstream-Status: Backport [https://github.com/php/php-src/commit/5797b94652c3]
(cherry picked from commit 5797b94652c366521bff55f8e1a26ed6188f31b8)
Signed-off-by: Anil Dongare <adongare@cisco.com>
---
ext/pdo/pdo_sql_parser.re | 6 +++++
ext/pdo_pgsql/tests/ghsa-8xr5-qppj-gvwj.phpt | 28 ++++++++++++++++++++
2 files changed, 34 insertions(+)
create mode 100644 ext/pdo_pgsql/tests/ghsa-8xr5-qppj-gvwj.phpt
diff --git a/ext/pdo/pdo_sql_parser.re b/ext/pdo/pdo_sql_parser.re
index 6bb0837fb31..7f4721d12a6 100644
--- a/ext/pdo/pdo_sql_parser.re
+++ b/ext/pdo/pdo_sql_parser.re
@@ -287,6 +287,12 @@ safe:
}
plc->quoted = stmt->dbh->methods->quoter(stmt->dbh, buf, param_type);
+ if (plc->quoted == NULL) {
+ /* bork */
+ ret = -1;
+ strncpy(stmt->error_code, stmt->dbh->error_code, 6);
+ goto clean_up;
+ }
}
}
diff --git a/ext/pdo_pgsql/tests/ghsa-8xr5-qppj-gvwj.phpt b/ext/pdo_pgsql/tests/ghsa-8xr5-qppj-gvwj.phpt
new file mode 100644
index 00000000000..736354cab13
--- /dev/null
+++ b/ext/pdo_pgsql/tests/ghsa-8xr5-qppj-gvwj.phpt
@@ -0,0 +1,28 @@
+--TEST--
+#GHSA-8xr5-qppj-gvwj: NULL Pointer Derefernce for failed user input quoting
+--EXTENSIONS--
+pdo
+pdo_pgsql
+--SKIPIF--
+<?php
+require_once dirname(__FILE__) . '/../../../ext/pdo/tests/pdo_test.inc';
+require_once dirname(__FILE__) . '/config.inc';
+PDOTest::skip();
+?>
+--FILE--
+<?php
+require_once dirname(__FILE__) . '/../../../ext/pdo/tests/pdo_test.inc';
+require_once dirname(__FILE__) . '/config.inc';
+$db = PDOTest::test_factory(dirname(__FILE__) . '/common.phpt');
+$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, true);
+
+$sql = "SELECT * FROM users where username = :username";
+$stmt = $db->prepare($sql);
+
+$p1 = "alice\x99";
+var_dump($stmt->execute(['username' => $p1]));
+
+?>
+--EXPECT--
+bool(false)
--
2.43.7
meta-oe/recipes-devtools/php/php_8.2.29.bb
+1
View File
@@ -22,6 +22,7 @@ SRC_URI = "http://php.net/distributions/php-${PV}.tar.bz2 \
file://0001-Change-whether-to-inline-XXH3_hashLong_withSecret-to.patch \
file://CVE-2025-14177.patch \
file://CVE-2025-14178.patch \
file://CVE-2025-14180.patch \
"
SRC_URI:append:class-target = " \