(klightspeed at netspace dot net dot au)
. Fixed bug #52624 (tempnam() by-pass open_basedir with nonexistent
directory). (Felipe)
+ . Fixed bug #55748 (multiple NULL Pointer Dereference with zend_strndup())
+ (CVE-2011-4153). (Stas)
- MS SQL:
. Fixed bug #60267 (Compile failure with freetds 0.91). (Felipe)
}
c.flags = case_sensitive; /* non persistent */
c.name = IS_INTERNED(name) ? name : zend_strndup(name, name_len);
+ if(name == NULL) {
+ RETURN_FALSE;
+ }
c.name_len = name_len+1;
c.module_number = PHP_USER_CONSTANT;
if (zend_register_constant(&c TSRMLS_CC) == SUCCESS) {
const_name = php_com_olestring_to_string(bstr_ids, &c.name_len, codepage TSRMLS_CC);
c.name = zend_strndup(const_name, c.name_len);
efree(const_name);
+ if(c.name == NULL) {
+ ITypeInfo_ReleaseVarDesc(TypeInfo, pVarDesc);
+ continue;
+ }
c.name_len++; /* include NUL */
SysFreeString(bstr_ids);
} else {
connection = (php_oci_connection *) calloc(1, sizeof(php_oci_connection));
connection->hash_key = zend_strndup(hashed_details.c, hashed_details.len);
+ if(connection->hash_key == NULL) {
+ return NULL;
+ }
connection->is_persistent = 1;
}
} else {
free(BG(syslog_device));
}
BG(syslog_device) = zend_strndup(ident, ident_len);
+ if(BG(syslog_device) == NULL) {
+ RETURN_FALSE;
+ }
openlog(BG(syslog_device), option, facility);
RETURN_TRUE;
}