blob: 4bfd94c9fd718b5e00e414232cd53eda4ed07bf2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
From 789a37f14405e2d1a05a76c9fb4ed2d49d4580d5 Mon Sep 17 00:00:00 2001
From: guoyiyuan <yguoaz@gmail.com>
Date: Wed, 13 Jul 2022 20:55:51 +0800
Subject: [PATCH] Prevent potential buffer overflow for large value of
php_cli_server_workers_max
Fixes #8989.
Closes #9000
Upstream-Status: Backport [https://github.com/php/php-src/commit/789a37f14405e2d1a05a76c9fb4ed2d49d4580d5]
CVE: CVE-2022-4900
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
sapi/cli/php_cli_server.c | 11 +++--------
1 file changed, 3 insertions(+), 8 deletions(-)
diff --git a/sapi/cli/php_cli_server.c b/sapi/cli/php_cli_server.c
index c3097861..48f8309d 100644
--- a/sapi/cli/php_cli_server.c
+++ b/sapi/cli/php_cli_server.c
@@ -517,13 +517,8 @@ static int sapi_cli_server_startup(sapi_module_struct *sapi_module) /* {{{ */
if (php_cli_server_workers_max > 1) {
zend_long php_cli_server_worker;
- php_cli_server_workers = calloc(
- php_cli_server_workers_max, sizeof(pid_t));
- if (!php_cli_server_workers) {
- php_cli_server_workers_max = 1;
-
- return SUCCESS;
- }
+ php_cli_server_workers = pecalloc(
+ php_cli_server_workers_max, sizeof(pid_t), 1);
php_cli_server_master = getpid();
@@ -2361,7 +2356,7 @@ static void php_cli_server_dtor(php_cli_server *server) /* {{{ */
!WIFSIGNALED(php_cli_server_worker_status));
}
- free(php_cli_server_workers);
+ pefree(php_cli_server_workers, 1);
}
#endif
} /* }}} */
--
2.25.1
|
