mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-16 04:17:25 +00:00
php: CVE-2022-4900 fix potential buffer overflow
Upstream-Status: Backport from https://github.com/php/php-src/commit/789a37f14405e2d1a05a76c9fb4ed2d49d4580d5 Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
committed by
Armin Kuster
parent
57e58dc62f
commit
db0a8862fc
@@ -0,0 +1,48 @@
|
|||||||
|
From 789a37f14405e2d1a05a76c9fb4ed2d49d4580d5 Mon Sep 17 00:00:00 2001
|
||||||
|
From: guoyiyuan <yguoaz@gmail.com>
|
||||||
|
Date: Wed, 13 Jul 2022 20:55:51 +0800
|
||||||
|
Subject: [PATCH] Prevent potential buffer overflow for large value of
|
||||||
|
php_cli_server_workers_max
|
||||||
|
|
||||||
|
Fixes #8989.
|
||||||
|
Closes #9000
|
||||||
|
|
||||||
|
Upstream-Status: Backport [https://github.com/php/php-src/commit/789a37f14405e2d1a05a76c9fb4ed2d49d4580d5]
|
||||||
|
CVE: CVE-2022-4900
|
||||||
|
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
|
||||||
|
---
|
||||||
|
sapi/cli/php_cli_server.c | 11 +++--------
|
||||||
|
1 file changed, 3 insertions(+), 8 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/sapi/cli/php_cli_server.c b/sapi/cli/php_cli_server.c
|
||||||
|
index c3097861..48f8309d 100644
|
||||||
|
--- a/sapi/cli/php_cli_server.c
|
||||||
|
+++ b/sapi/cli/php_cli_server.c
|
||||||
|
@@ -517,13 +517,8 @@ static int sapi_cli_server_startup(sapi_module_struct *sapi_module) /* {{{ */
|
||||||
|
if (php_cli_server_workers_max > 1) {
|
||||||
|
zend_long php_cli_server_worker;
|
||||||
|
|
||||||
|
- php_cli_server_workers = calloc(
|
||||||
|
- php_cli_server_workers_max, sizeof(pid_t));
|
||||||
|
- if (!php_cli_server_workers) {
|
||||||
|
- php_cli_server_workers_max = 1;
|
||||||
|
-
|
||||||
|
- return SUCCESS;
|
||||||
|
- }
|
||||||
|
+ php_cli_server_workers = pecalloc(
|
||||||
|
+ php_cli_server_workers_max, sizeof(pid_t), 1);
|
||||||
|
|
||||||
|
php_cli_server_master = getpid();
|
||||||
|
|
||||||
|
@@ -2361,7 +2356,7 @@ static void php_cli_server_dtor(php_cli_server *server) /* {{{ */
|
||||||
|
!WIFSIGNALED(php_cli_server_worker_status));
|
||||||
|
}
|
||||||
|
|
||||||
|
- free(php_cli_server_workers);
|
||||||
|
+ pefree(php_cli_server_workers, 1);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
} /* }}} */
|
||||||
|
--
|
||||||
|
2.25.1
|
||||||
|
|
||||||
@@ -17,6 +17,7 @@ SRC_URI = "http://php.net/distributions/php-${PV}.tar.bz2 \
|
|||||||
file://0001-configure.ac-don-t-include-build-libtool.m4.patch \
|
file://0001-configure.ac-don-t-include-build-libtool.m4.patch \
|
||||||
file://0001-php.m4-don-t-unset-cache-variables.patch \
|
file://0001-php.m4-don-t-unset-cache-variables.patch \
|
||||||
file://CVE-2023-3824.patch \
|
file://CVE-2023-3824.patch \
|
||||||
|
file://CVE-2022-4900.patch \
|
||||||
"
|
"
|
||||||
|
|
||||||
SRC_URI_append_class-target = " \
|
SRC_URI_append_class-target = " \
|
||||||
|
|||||||
Reference in New Issue
Block a user