Merge branch 'PHP-5.5' into PHP-5.6php-5.6.4 PHP-5.6.4

* PHP-5.5: update news add CVE add missing test file Fix bug #68594 - Use after free vulnerability in unserialize() Conflicts: ext/standard/var_unserializer.c
author: Stanislav Malyshev <stas@php.net> 2014-12-16 10:19:32 -0800
committer: Ferenc Kovacs <tyrael@php.net> 2014-12-17 02:25:00 +0100
commit: c37265eacdd0186cb3b0bfeb0e0104c8563807ef (patch)
tree: 82ebc9952ec93c3046d7b99c9fd0e9673dddb8f2 /ext/standard/var_unserializer.re
parent: fe1ab0e566dccf794483d0dfab7f06e6c095b1a2 (diff)
download: php-git-c37265eacdd0186cb3b0bfeb0e0104c8563807ef.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/ext/standard/var_unserializer.re b/ext/standard/var_unserializer.re
index 5d9d83b677..387ba6aea7 100644
--- a/ext/standard/var_unserializer.re
+++ b/ext/standard/var_unserializer.re
@@ -346,6 +346,9 @@ static inline int process_nested_data(UNSERIALIZE_PARAMETER, HashTable *ht, long
 		} else {
 			/* object properties should include no integers */
 			convert_to_string(key);
+			if (zend_symtable_find(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, (void **)&old_data)==SUCCESS) {
+				var_push_dtor(var_hash, old_data);
+			}
 			zend_hash_update(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, &data,
 					sizeof data, NULL);
 		}
author	Stanislav Malyshev <stas@php.net>	2014-12-16 10:19:32 -0800
committer	Ferenc Kovacs <tyrael@php.net>	2014-12-17 02:25:00 +0100
commit	c37265eacdd0186cb3b0bfeb0e0104c8563807ef (patch)
tree	82ebc9952ec93c3046d7b99c9fd0e9673dddb8f2 /ext/standard/var_unserializer.re
parent	fe1ab0e566dccf794483d0dfab7f06e6c095b1a2 (diff)
download	php-git-c37265eacdd0186cb3b0bfeb0e0104c8563807ef.tar.gz