php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login | |
Patch fix-5.5 for *General Issues Bug #68089Patch version 2014-09-29 00:54 UTC Return to Bug #68089 | Download this patchThis patch is obsolete Obsoleted by patches: Patch Revisions:Developer: stas@php.netcommit 1574ee88ad62978089ac3c251ba8917a4cbf97dd Author: Stanislav Malyshev <stas@php.net> Date: Sun Sep 28 17:53:49 2014 -0700 Fix bug #68089 - do not accept options with embedded \0 diff --git a/ext/curl/interface.c b/ext/curl/interface.c index 765918c..ac5e20f 100644 --- a/ext/curl/interface.c +++ b/ext/curl/interface.c @@ -169,6 +169,11 @@ static int php_curl_option_str(php_curl *ch, long option, const char *str, const { CURLcode error = CURLE_OK; + if (strlen(str) != len) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Curl option %ld contains invalid characters (\\0)", option); + return FAILURE; + } + #if LIBCURL_VERSION_NUM >= 0x071100 if (make_copy) { #endif diff --git a/ext/standard/var.c b/ext/standard/var.c index d05f055..5bf8e08 100644 --- a/ext/standard/var.c +++ b/ext/standard/var.c @@ -951,6 +951,7 @@ PHP_FUNCTION(unserialize) int buf_len; const unsigned char *p; php_unserialize_data_t var_hash; + zval *return_value_old = return_value; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &buf, &buf_len) == FAILURE) { RETURN_FALSE; @@ -970,6 +971,10 @@ PHP_FUNCTION(unserialize) } RETURN_FALSE; } + if(return_value != return_value_old) { + *return_value_old = *return_value; + Z_ADDREF_P(return_value_old); + } PHP_VAR_UNSERIALIZE_DESTROY(var_hash); } /* }}} */ |
Copyright © 2001-2024 The PHP Group All rights reserved. |
Last updated: Sat Nov 23 22:01:28 2024 UTC |