diff options
| author | Christoph M. Becker <cmbecker69@gmx.de> | 2018-10-21 12:06:55 +0200 |
|---|---|---|
| committer | Christoph M. Becker <cmbecker69@gmx.de> | 2018-10-21 12:06:55 +0200 |
| commit | 502b187ae8cbd24f4d8c05b8a3c4e52079314bbd (patch) | |
| tree | 158958119d802423b48b3fa8cd3852a2a07446c5 | |
| parent | ba43d5acef80b19dfe4a7a7cfc4144e748912f0d (diff) | |
| download | php-git-502b187ae8cbd24f4d8c05b8a3c4e52079314bbd.tar.gz | |
Fix #75282: xmlrpc_encode_request() crashes
Since we allow ext/xmlrpc to be built against a system libxmlrpc(-epi),
we must not `efree` memory which has been allocated via `malloc`. To
distinguish bundled and system libxmlrpc(-epi) we introduce the macro
`HAVE_XMLRPC_BUNDLED` (analogous to how it is done by ext/gd). We
deliberately keep the ugly `#ifdef`s, instead of tucking them away in
an `XMLRPC_FREE()` macro, to not forget that it is a bad idea to fork
and bundle a library, but to also allow building against an unpatched
system lib.
| -rw-r--r-- | NEWS | 3 | ||||
| -rw-r--r-- | ext/xmlrpc/config.m4 | 1 | ||||
| -rw-r--r-- | ext/xmlrpc/config.w32 | 2 | ||||
| -rw-r--r-- | ext/xmlrpc/xmlrpc-epi-php.c | 12 |
4 files changed, 17 insertions, 1 deletions
@@ -55,6 +55,9 @@ PHP NEWS . Fixed bug #30875 (xml_parse_into_struct() does not resolve entities). (cmb) . Add support for getting SKIP_TAGSTART and SKIP_WHITE options. (cmb) +- XMLRPC: + . Fixed bug #75282 (xmlrpc_encode_request() crashes). (cmb) + 11 Oct 2018, PHP 7.2.11 - Core: diff --git a/ext/xmlrpc/config.m4 b/ext/xmlrpc/config.m4 index b51b0d7afd..32042ba4d8 100644 --- a/ext/xmlrpc/config.m4 +++ b/ext/xmlrpc/config.m4 @@ -89,6 +89,7 @@ if test "$PHP_XMLRPC" = "yes"; then -I@ext_srcdir@/libxmlrpc -DVERSION="0.50") PHP_ADD_BUILD_DIR($ext_builddir/libxmlrpc) XMLRPC_MODULE_TYPE=builtin + AC_DEFINE(HAVE_XMLRPC_BUNDLED, 1, [ ]) elif test "$PHP_XMLRPC" != "no"; then diff --git a/ext/xmlrpc/config.w32 b/ext/xmlrpc/config.w32 index 49acc247f6..99211a5fd0 100644 --- a/ext/xmlrpc/config.w32 +++ b/ext/xmlrpc/config.w32 @@ -13,7 +13,7 @@ if (PHP_XMLRPC != "no") { ADD_SOURCES(configure_module_dirname + "/libxmlrpc", "base64.c simplestring.c xml_to_dandarpc.c \ xmlrpc_introspection.c encodings.c system_methods.c xml_to_xmlrpc.c \ queue.c xml_element.c xmlrpc.c xml_to_soap.c", "xmlrpc"); - + AC_DEFINE("HAVE_XMLRPC_BUNDLED", 1); } else { WARNING("xmlrpc support can't be enabled, libraries or headers are missing") PHP_XMLRPC = "no"; diff --git a/ext/xmlrpc/xmlrpc-epi-php.c b/ext/xmlrpc/xmlrpc-epi-php.c index 97e04eb2ca..36fbff123c 100644 --- a/ext/xmlrpc/xmlrpc-epi-php.c +++ b/ext/xmlrpc/xmlrpc-epi-php.c @@ -701,7 +701,11 @@ PHP_FUNCTION(xmlrpc_encode_request) outBuf = XMLRPC_REQUEST_ToXML(xRequest, 0); if (outBuf) { RETVAL_STRING(outBuf); +#ifdef HAVE_XMLRPC_BUNDLED efree(outBuf); +#else + free(outBuf); +#endif } XMLRPC_RequestFree(xRequest, 1); } @@ -735,7 +739,11 @@ PHP_FUNCTION(xmlrpc_encode) if (xOut) { if (outBuf) { RETVAL_STRING(outBuf); +#ifdef HAVE_XMLRPC_BUNDLED efree(outBuf); +#else + free(outBuf); +#endif } /* cleanup */ XMLRPC_CleanupValue(xOut); @@ -1102,7 +1110,11 @@ PHP_FUNCTION(xmlrpc_server_call_method) outBuf = XMLRPC_REQUEST_ToXML(xResponse, &buf_len); if (outBuf) { RETVAL_STRINGL(outBuf, buf_len); +#ifdef HAVE_XMLRPC_BUNDLED efree(outBuf); +#else + free(outBuf); +#endif } /* cleanup after ourselves. what a sty! */ XMLRPC_RequestFree(xResponse, 0); |