diff options
author | Christoph M. Becker <cmbecker69@gmx.de> | 2020-01-08 18:31:10 +0100 |
---|---|---|
committer | Christoph M. Becker <cmbecker69@gmx.de> | 2020-01-08 18:31:38 +0100 |
commit | b2864b7cfd0ccbca2718613114cee967f209204e (patch) | |
tree | 50da51f72f8c8def9ce97afe4d3070ceaceec495 | |
parent | 7ea4f0e47ed6c981cb38b2b71aa409af059b94d5 (diff) | |
parent | 0dda4a844e63ccbcff1053fff65649dab0fd348f (diff) | |
download | php-git-b2864b7cfd0ccbca2718613114cee967f209204e.tar.gz |
Merge branch 'PHP-7.3' into PHP-7.4
* PHP-7.3:
Fix #79078: Hypothetical use-after-free in curl_multi_add_handle()
-rw-r--r-- | NEWS | 4 | ||||
-rw-r--r-- | ext/curl/multi.c | 2 | ||||
-rw-r--r-- | ext/curl/tests/bug48203_multi.phpt | 18 |
3 files changed, 15 insertions, 9 deletions
@@ -2,6 +2,10 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? ??? ????, PHP 7.4.3 +- CURL: + . Fixed bug #79078 (Hypothetical use-after-free in curl_multi_add_handle()). + (cmb) + 23 Jan 2020, PHP 7.4.2 - Core: diff --git a/ext/curl/multi.c b/ext/curl/multi.c index 4ba165a09d..eeae16d28c 100644 --- a/ext/curl/multi.c +++ b/ext/curl/multi.c @@ -92,6 +92,8 @@ PHP_FUNCTION(curl_multi_add_handle) RETURN_FALSE; } + _php_curl_verify_handlers(ch, 1); + _php_curl_cleanup_handle(ch); GC_ADDREF(Z_RES_P(z_ch)); diff --git a/ext/curl/tests/bug48203_multi.phpt b/ext/curl/tests/bug48203_multi.phpt index 9f48d39d1b..55dd364203 100644 --- a/ext/curl/tests/bug48203_multi.phpt +++ b/ext/curl/tests/bug48203_multi.phpt @@ -67,23 +67,23 @@ foreach($options_to_check as $option) { --CLEAN-- <?php @unlink(__DIR__ . '/bug48203.tmp'); ?> --EXPECTF-- -Warning: curl_multi_exec(): CURLOPT_STDERR resource has gone away, resetting to stderr in %s on line %d - -Warning: curl_multi_exec(): CURLOPT_STDERR resource has gone away, resetting to stderr in %s on line %d +Warning: curl_multi_add_handle(): CURLOPT_STDERR resource has gone away, resetting to stderr in %s on line %d +%A +Warning: curl_multi_add_handle(): CURLOPT_STDERR resource has gone away, resetting to stderr in %s on line %d %A Ok for CURLOPT_STDERR -Warning: curl_multi_exec(): CURLOPT_WRITEHEADER resource has gone away, resetting to default in %s on line %d +Warning: curl_multi_add_handle(): CURLOPT_WRITEHEADER resource has gone away, resetting to default in %s on line %d -Warning: curl_multi_exec(): CURLOPT_WRITEHEADER resource has gone away, resetting to default in %s on line %d +Warning: curl_multi_add_handle(): CURLOPT_WRITEHEADER resource has gone away, resetting to default in %s on line %d Ok for CURLOPT_WRITEHEADER -Warning: curl_multi_exec(): CURLOPT_FILE resource has gone away, resetting to default in %s on line %d +Warning: curl_multi_add_handle(): CURLOPT_FILE resource has gone away, resetting to default in %s on line %d -Warning: curl_multi_exec(): CURLOPT_FILE resource has gone away, resetting to default in %s on line %d +Warning: curl_multi_add_handle(): CURLOPT_FILE resource has gone away, resetting to default in %s on line %d %AOk for CURLOPT_FILE -Warning: curl_multi_exec(): CURLOPT_INFILE resource has gone away, resetting to default in %s on line %d +Warning: curl_multi_add_handle(): CURLOPT_INFILE resource has gone away, resetting to default in %s on line %d -Warning: curl_multi_exec(): CURLOPT_INFILE resource has gone away, resetting to default in %s on line %d +Warning: curl_multi_add_handle(): CURLOPT_INFILE resource has gone away, resetting to default in %s on line %d Ok for CURLOPT_INFILE |