2 files changed, 17 insertions, 1 deletions

diff --git a/ext/oci8/oci8.c b/ext/oci8/oci8.c
index 809ff816ae..e47dbc7d8f 100644
--- a/ext/oci8/oci8.c
+++ b/ext/oci8/oci8.c
@@ -2054,7 +2054,14 @@ php_oci_connection *php_oci_do_connect_ex(char *username, int username_len, char
 			connection->is_persistent = 0;
 		} else {
 			connection = (php_oci_connection *) calloc(1, sizeof(php_oci_connection));
+			if (connection == NULL) {
+				return NULL;
+			}
 			connection->hash_key = zend_strndup(hashed_details.c, hashed_details.len);
+			if (connection->hash_key == NULL) {
+				free(connection);
+				return NULL;
+			}
 			connection->is_persistent = 1;
 		}
 	} else {
@@ -2704,12 +2711,20 @@ static php_oci_spool *php_oci_create_spool(char *username, int username_len, cha
 	ub4 poolmode = OCI_DEFAULT;	/* Mode to be passed to OCISessionPoolCreate */
 	OCIAuthInfo *spoolAuth = NULL;
 
-	/*Allocate sessionpool out of persistent memory */
+	/* Allocate sessionpool out of persistent memory */
 	session_pool = (php_oci_spool *) calloc(1, sizeof(php_oci_spool));
+	if (session_pool == NULL) {
+		iserror = 1;
+		goto exit_create_spool;
+	}
 
 	/* Populate key if passed */
 	if (hash_key_len) {
 		session_pool->spool_hash_key = zend_strndup(hash_key, hash_key_len);
+		if (session_pool->spool_hash_key == NULL) {
+			iserror = 1;
+			goto exit_create_spool;
+		}
 	}
 
 	/* Create the session pool's env */
diff --git a/ext/oci8/package.xml b/ext/oci8/package.xml
index bcad81b197..e699ad2efa 100644
--- a/ext/oci8/package.xml
+++ b/ext/oci8/package.xml
@@ -47,6 +47,7 @@ http://pear.php.net/dtd/package-2.0.xsd">
  <license uri="http://www.php.net/license">PHP</license>
  <notes>
   Fixed bug #59985 (show normal warning text for OCI_NO_DATA)
+  Fixed OCI8 part of bug #55748 (CVE-2011-4153: multiple NULL Pointer Dereference with zend_strndup)
   Increased maximum Oracle error message buffer length for new Oracle 11.2.0.3 size
   Improve internal initalization failure error messages
  </notes>