diff options
author | Stanislav Malyshev <stas@php.net> | 2015-09-01 11:42:19 -0700 |
---|---|---|
committer | Stanislav Malyshev <stas@php.net> | 2015-09-01 11:42:19 -0700 |
commit | 33d3acaae79845e8bd587b4d0799ef2dca07fdc3 (patch) | |
tree | 7fc1fa822fca2ecdd604245d0995f443ad880bc2 /ext/soap/tests | |
parent | 15e9f4baf48f1a02091d1dbf505d9c6d561bc1d4 (diff) | |
parent | 48cfd1160b4667115f33c4398215759d5e0643d8 (diff) | |
download | php-git-33d3acaae79845e8bd587b4d0799ef2dca07fdc3.tar.gz |
Merge branch 'PHP-5.4' into PHP-5.5
* PHP-5.4:
Improve fix for #70172
Fix bug #70312 - HAVAL gives wrong hashes in specific cases
fix test
add test
Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
Fix bug #70172 - Use After Free Vulnerability in unserialize()
Fix bug #70388 - SOAP serialize_function_call() type confusion
Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
Improve fix for #70385
Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
Fix bug #70219 (Use after free vulnerability in session deserializer)
Fix for bug #69782
Add CVE IDs asigned (post release) to PHP 5.4.43
Add CVE IDs asigned to #69085 (PHP 5.4.39)
5.4.45 next
Conflicts:
configure.in
ext/pcre/php_pcre.c
ext/standard/var_unserializer.c
ext/standard/var_unserializer.re
main/php_version.h
Diffstat (limited to 'ext/soap/tests')
-rw-r--r-- | ext/soap/tests/bug70388.phpt | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/ext/soap/tests/bug70388.phpt b/ext/soap/tests/bug70388.phpt new file mode 100644 index 0000000000..49a8efc0ff --- /dev/null +++ b/ext/soap/tests/bug70388.phpt @@ -0,0 +1,17 @@ +--TEST-- +Bug #70388 (SOAP serialize_function_call() type confusion / RCE) +--SKIPIF-- +<?php require_once('skipif.inc'); ?> +--FILE-- +<?php +$dummy = unserialize('O:10:"SoapClient":3:{s:3:"uri";s:1:"X";s:8:"location";s:22:"http://localhost/a.xml";s:17:"__default_headers";a:1:{i:1;s:1337:"'.str_repeat("X", 1337).'";}}'); +try { + var_dump($dummy->notexisting()); +} catch(Exception $e) { + var_dump($e->getMessage()); + var_dump(get_class($e)); +} +?> +--EXPECTF-- +string(%d) "%s" +string(9) "SoapFault"
\ No newline at end of file |