From: Stanislav Malyshev <stas@php.net>
Date: Mon, 23 Mar 2015 01:20:59 +0000 (-0700)
Subject: Bacport fix bug #68741 - Null pointer dereference
X-Git-Tag: php-5.4.40~14^2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=968fbc6acf0bc27be17c0209be7f966e89a55943;p=php

Bacport fix bug #68741 - Null pointer dereference
---

diff --git a/NEWS b/NEWS
index 715227eb38..365615418d 100644
--- a/NEWS
+++ b/NEWS
@@ -6,6 +6,9 @@ PHP                                                                        NEWS
   . Fixed bug #69152 (Type Confusion Infoleak Vulnerability in unserialize()
     with SoapFault). (Dmitry)
 
+- Postgres:
+  . Fixed bug #68741 (Null pointer deference) (CVE-2015-1352). (Xinchen Hui)
+
 19 Mar 2015 PHP 5.4.39
 
 - Core:
diff --git a/ext/pgsql/pgsql.c b/ext/pgsql/pgsql.c
index 16ce7bfb7f..eb55777758 100644
--- a/ext/pgsql/pgsql.c
+++ b/ext/pgsql/pgsql.c
@@ -6117,6 +6117,9 @@ static inline void build_tablename(smart_str *querystr, PGconn *pg_link, const c
 	/* schame.table should be "schame"."table" */
 	table_copy = estrdup(table);
 	token = php_strtok_r(table_copy, ".", &tmp);
+	if (token == NULL) {
+		token = table;
+	}
 	len = strlen(token);
 	if (_php_pgsql_detect_identifier_escape(token, len) == SUCCESS) {
 		smart_str_appendl(querystr, token, len);