diff options
author | Stanislav Malyshev <stas@php.net> | 2015-03-22 18:20:59 -0700 |
---|---|---|
committer | Stanislav Malyshev <stas@php.net> | 2015-03-22 18:30:05 -0700 |
commit | 968fbc6acf0bc27be17c0209be7f966e89a55943 (patch) | |
tree | a379c362f906c11d7f799115c37af4ef0df1c2c1 | |
parent | fb83c76deec58f1fab17c350f04c9f042e5977d1 (diff) | |
download | php-git-968fbc6acf0bc27be17c0209be7f966e89a55943.tar.gz |
Bacport fix bug #68741 - Null pointer dereference
-rw-r--r-- | NEWS | 3 | ||||
-rw-r--r-- | ext/pgsql/pgsql.c | 3 |
2 files changed, 6 insertions, 0 deletions
@@ -6,6 +6,9 @@ PHP NEWS . Fixed bug #69152 (Type Confusion Infoleak Vulnerability in unserialize() with SoapFault). (Dmitry) +- Postgres: + . Fixed bug #68741 (Null pointer deference) (CVE-2015-1352). (Xinchen Hui) + 19 Mar 2015 PHP 5.4.39 - Core: diff --git a/ext/pgsql/pgsql.c b/ext/pgsql/pgsql.c index 16ce7bfb7f..eb55777758 100644 --- a/ext/pgsql/pgsql.c +++ b/ext/pgsql/pgsql.c @@ -6117,6 +6117,9 @@ static inline void build_tablename(smart_str *querystr, PGconn *pg_link, const c /* schame.table should be "schame"."table" */ table_copy = estrdup(table); token = php_strtok_r(table_copy, ".", &tmp); + if (token == NULL) { + token = table; + } len = strlen(token); if (_php_pgsql_detect_identifier_escape(token, len) == SUCCESS) { smart_str_appendl(querystr, token, len); |