diff mbox series

[meta-oe,dunfell] php: CVE-2022-4900 fix potential buffer overflow

Message ID 20231121050727.5968-1-hprajapati@mvista.com
State New
Headers show
Series [meta-oe,dunfell] php: CVE-2022-4900 fix potential buffer overflow | expand

Commit Message

Hitendra Prajapati Nov. 21, 2023, 5:07 a.m. UTC 
Upstream-Status: Backport from https://github.com/php/php-src/commit/789a37f14405e2d1a05a76c9fb4ed2d49d4580d5

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
 .../php/php/CVE-2022-4900.patch               | 48 +++++++++++++++++++
 meta-oe/recipes-devtools/php/php_7.4.33.bb    |  1 +
 2 files changed, 49 insertions(+)
 create mode 100644 meta-oe/recipes-devtools/php/php/CVE-2022-4900.patch
diff mbox series

Patch

diff --git a/meta-oe/recipes-devtools/php/php/CVE-2022-4900.patch b/meta-oe/recipes-devtools/php/php/CVE-2022-4900.patch
new file mode 100644
index 0000000000..4bfd94c9fd
--- /dev/null
+++ b/meta-oe/recipes-devtools/php/php/CVE-2022-4900.patch
@@ -0,0 +1,48 @@ 
+From 789a37f14405e2d1a05a76c9fb4ed2d49d4580d5 Mon Sep 17 00:00:00 2001
+From: guoyiyuan <yguoaz@gmail.com>
+Date: Wed, 13 Jul 2022 20:55:51 +0800
+Subject: [PATCH] Prevent potential buffer overflow for large value of
+ php_cli_server_workers_max
+
+Fixes #8989.
+Closes #9000
+
+Upstream-Status: Backport [https://github.com/php/php-src/commit/789a37f14405e2d1a05a76c9fb4ed2d49d4580d5]
+CVE: CVE-2022-4900
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ sapi/cli/php_cli_server.c | 11 +++--------
+ 1 file changed, 3 insertions(+), 8 deletions(-)
+
+diff --git a/sapi/cli/php_cli_server.c b/sapi/cli/php_cli_server.c
+index c3097861..48f8309d 100644
+--- a/sapi/cli/php_cli_server.c
++++ b/sapi/cli/php_cli_server.c
+@@ -517,13 +517,8 @@ static int sapi_cli_server_startup(sapi_module_struct *sapi_module) /* {{{ */
+ 		if (php_cli_server_workers_max > 1) {
+ 			zend_long php_cli_server_worker;
+ 
+-			php_cli_server_workers = calloc(
+-				php_cli_server_workers_max, sizeof(pid_t));
+-			if (!php_cli_server_workers) {
+-				php_cli_server_workers_max = 1;
+-
+-				return SUCCESS;
+-			}
++			php_cli_server_workers = pecalloc(
++			php_cli_server_workers_max, sizeof(pid_t), 1);
+ 
+ 			php_cli_server_master = getpid();
+ 
+@@ -2361,7 +2356,7 @@ static void php_cli_server_dtor(php_cli_server *server) /* {{{ */
+ 					  !WIFSIGNALED(php_cli_server_worker_status));
+ 		}
+ 
+-		free(php_cli_server_workers);
++		pefree(php_cli_server_workers, 1);
+ 	}
+ #endif
+ } /* }}} */
+-- 
+2.25.1
+
diff --git a/meta-oe/recipes-devtools/php/php_7.4.33.bb b/meta-oe/recipes-devtools/php/php_7.4.33.bb
index 2a82d62ca0..74606e4883 100644
--- a/meta-oe/recipes-devtools/php/php_7.4.33.bb
+++ b/meta-oe/recipes-devtools/php/php_7.4.33.bb
@@ -17,6 +17,7 @@  SRC_URI = "http://php.net/distributions/php-${PV}.tar.bz2 \
            file://0001-configure.ac-don-t-include-build-libtool.m4.patch \
            file://0001-php.m4-don-t-unset-cache-variables.patch \
            file://CVE-2023-3824.patch \
+           file://CVE-2022-4900.patch \
           "
 
 SRC_URI_append_class-target = " \