search

rantoniuk / php52-backports

Automatically exported from code.google.com/p/php52-backports
Other
1 stars 1 forks source link

Possible memory leak in php_variables.c after patching #30

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago 
As I can see in original PHP 5.2 php_variables.c in php_register_variable_ex 
function:

var_orig = estrdup(var_name);
var = var_orig;

The security patch adds some code in the function to add the max_input_vars and 
fix the HashDOS vulnerability. Unfortunately the code added seems to leak 
memory as var_orig isn't efree'd before return.

Taking a look at PHP.NET commit @ 
http://git.php.net/?p=php-src.git;a=commitdiff;h=89bc5ece51dde3edcb63fb8429d544c
dcf8f1b60

There is a call to efree var_orig before return. I don't see such call in the 
security patch although it does seem necessary to be made.

I'll be attaching a patch here to fix that issue.

Regards,
NewEraCracker

Original issue reported on code.google.com by NewEraCr...@gmail.com on 15 Aug 2013 at 2:47

GoogleCodeExporter commented 8 years ago

Original comment by NewEraCr...@gmail.com on 15 Aug 2013 at 2:54

Attachments: