diff options
Diffstat (limited to 'ext/xmlrpc')
| -rw-r--r-- | ext/xmlrpc/libxmlrpc/xml_to_soap.c | 2 | ||||
| -rw-r--r-- | ext/xmlrpc/php_xmlrpc.h | 2 | ||||
| -rw-r--r-- | ext/xmlrpc/tests/bug70728.phpt | 3 | ||||
| -rw-r--r-- | ext/xmlrpc/tests/bug70728_64bit.phpt | 31 | ||||
| -rw-r--r-- | ext/xmlrpc/xmlrpc-epi-php.c | 3 |
5 files changed, 36 insertions, 5 deletions
diff --git a/ext/xmlrpc/libxmlrpc/xml_to_soap.c b/ext/xmlrpc/libxmlrpc/xml_to_soap.c index ac103e0616..61f9834e9d 100644 --- a/ext/xmlrpc/libxmlrpc/xml_to_soap.c +++ b/ext/xmlrpc/libxmlrpc/xml_to_soap.c @@ -243,7 +243,7 @@ XMLRPC_VALUE xml_element_to_SOAP_REQUEST_worker(XMLRPC_REQUEST request, xCurrent = XMLRPC_CreateValueEmpty(); } - /* increment recursion depth guage */ + /* increment recursion depth gauge */ depth ++; /* safety first. must have a valid element */ diff --git a/ext/xmlrpc/php_xmlrpc.h b/ext/xmlrpc/php_xmlrpc.h index 1d8f4a32b2..23ccb3d3fd 100644 --- a/ext/xmlrpc/php_xmlrpc.h +++ b/ext/xmlrpc/php_xmlrpc.h @@ -37,7 +37,7 @@ +----------------------------------------------------------------------+ | PHP Version 5 | +----------------------------------------------------------------------+ - | Copyright (c) 1997-2015 The PHP Group | + | Copyright (c) 1997-2016 The PHP Group | +----------------------------------------------------------------------+ | This source file is subject to version 3.01 of the PHP license, | | that is bundled with this package in the file LICENSE, and is | diff --git a/ext/xmlrpc/tests/bug70728.phpt b/ext/xmlrpc/tests/bug70728.phpt index 5510c33936..72f72f85b0 100644 --- a/ext/xmlrpc/tests/bug70728.phpt +++ b/ext/xmlrpc/tests/bug70728.phpt @@ -3,6 +3,7 @@ Bug #70728 (Type Confusion Vulnerability in PHP_to_XMLRPC_worker) --SKIPIF-- <?php if (!extension_loaded("xmlrpc")) print "skip"; +if (PHP_INT_SIZE != 4) die("skip this test is for 32bit platform only"); ?> --FILE-- <?php @@ -26,5 +27,5 @@ object(stdClass)#1 (2) { ["xmlrpc_type"]=> string(6) "base64" ["scalar"]=> - int(73588229205) + float(73588229205) } diff --git a/ext/xmlrpc/tests/bug70728_64bit.phpt b/ext/xmlrpc/tests/bug70728_64bit.phpt new file mode 100644 index 0000000000..3ed5093918 --- /dev/null +++ b/ext/xmlrpc/tests/bug70728_64bit.phpt @@ -0,0 +1,31 @@ +--TEST-- +Bug #70728 (Type Confusion Vulnerability in PHP_to_XMLRPC_worker) +--SKIPIF-- +<?php +if (!extension_loaded("xmlrpc")) print "skip"; +if (PHP_INT_SIZE != 8) die("skip this test is for 64bit platform only"); +?> +--FILE-- +<?php +$obj = new stdClass; +$obj->xmlrpc_type = 'base64'; +$obj->scalar = 0x1122334455; +var_dump(xmlrpc_encode($obj)); +var_dump($obj); +?> +--EXPECTF-- +string(135) "<?xml version="1.0" encoding="utf-8"?> +<params> +<param> + <value> + <base64>NzM1ODgyMjkyMDU= </base64> + </value> +</param> +</params> +" +object(stdClass)#1 (2) { + ["xmlrpc_type"]=> + string(6) "base64" + ["scalar"]=> + int(73588229205) +} diff --git a/ext/xmlrpc/xmlrpc-epi-php.c b/ext/xmlrpc/xmlrpc-epi-php.c index 6c764347f5..e0f3463695 100644 --- a/ext/xmlrpc/xmlrpc-epi-php.c +++ b/ext/xmlrpc/xmlrpc-epi-php.c @@ -37,7 +37,7 @@ +----------------------------------------------------------------------+ | PHP Version 5 | +----------------------------------------------------------------------+ - | Copyright (c) 1997-2015 The PHP Group | + | Copyright (c) 1997-2016 The PHP Group | +----------------------------------------------------------------------+ | This source file is subject to version 3.01 of the PHP license, | | that is bundled with this package in the file LICENSE, and is | @@ -1440,7 +1440,6 @@ XMLRPC_VALUE_TYPE get_zval_xmlrpc_type(zval* value, zval** newvalue) /* {{{ */ type = xmlrpc_string; break; case IS_ARRAY: - case IS_CONSTANT_ARRAY: type = xmlrpc_vector; break; case IS_OBJECT: |