Patch CVE-2009-3765 for XMLRPC-EPI related Bug #51288
Patch version 2010-03-13 02:20 UTC
Return to Bug #51288 |
Download this patch
Patch Revisions:
Developer: geissert@php.net
Description: Fix a null pointer dereference when processing invalid
XML-RPC requests.
Origin: vendor
Forwarded: yes
Index: php/ext/xmlrpc/xmlrpc-epi-php.c
===================================================================
--- php.orig/ext/xmlrpc/xmlrpc-epi-php.c
+++ php/ext/xmlrpc/xmlrpc-epi-php.c
@@ -778,6 +778,7 @@ zval* decode_request_worker(char *xml_in
zval* retval = NULL;
XMLRPC_REQUEST response;
STRUCT_XMLRPC_REQUEST_INPUT_OPTIONS opts = {{0}};
+ const char *method_name;
opts.xml_elem_opts.encoding = encoding_in ? utf8_get_encoding_id_from_string(encoding_in) : ENCODING_DEFAULT;
/* generate XMLRPC_REQUEST from raw xml */
@@ -788,10 +789,15 @@ zval* decode_request_worker(char *xml_in
if (XMLRPC_RequestGetRequestType(response) == xmlrpc_request_call) {
if (method_name_out) {
- zval_dtor(method_name_out);
- Z_TYPE_P(method_name_out) = IS_STRING;
- Z_STRVAL_P(method_name_out) = estrdup(XMLRPC_RequestGetMethodName(response));
- Z_STRLEN_P(method_name_out) = strlen(Z_STRVAL_P(method_name_out));
+ method_name = XMLRPC_RequestGetMethodName(response);
+ if (method_name) {
+ zval_dtor(method_name_out);
+ Z_TYPE_P(method_name_out) = IS_STRING;
+ Z_STRVAL_P(method_name_out) = estrdup(method_name);
+ Z_STRLEN_P(method_name_out) = strlen(Z_STRVAL_P(method_name_out));
+ } else {
+ retval = NULL;
+ }
}
}
|
Copyright © 2001-2025 The PHP Group