diff options
author | Christoph M. Becker <cmbecker69@gmx.de> | 2019-08-28 17:56:23 +0200 |
---|---|---|
committer | Christoph M. Becker <cmbecker69@gmx.de> | 2019-08-28 17:57:10 +0200 |
commit | 195b8ae7791c9f556cd26ceb5f5d6eca91ac47ca (patch) | |
tree | 23d3cb1de70cb06279744da818c7dec44349aa20 | |
parent | 5748cec3eef3a4a7973929d4c4b43da1b68a5d7d (diff) | |
parent | b5572658166c4b8cbc1d332877a7a84c6e18a1c1 (diff) | |
download | php-git-195b8ae7791c9f556cd26ceb5f5d6eca91ac47ca.tar.gz |
Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
Fix #78473: odbc_close() closes arbitrary resources
-rw-r--r-- | NEWS | 3 | ||||
-rw-r--r-- | ext/odbc/php_odbc.c | 5 | ||||
-rw-r--r-- | ext/odbc/tests/bug78473.phpt | 14 |
3 files changed, 21 insertions, 1 deletions
@@ -23,6 +23,9 @@ PHP NEWS . Fixed connect_attr issues and added the _server_host connection attribute. (Qianqian Bu) +- ODBC: + . Fixed bug #78473 (odbc_close() closes arbitrary resources). (cmb) + 29 Aug 2019, PHP 7.3.9 - Core: diff --git a/ext/odbc/php_odbc.c b/ext/odbc/php_odbc.c index 9559491d6f..e2a16a09a7 100644 --- a/ext/odbc/php_odbc.c +++ b/ext/odbc/php_odbc.c @@ -2695,7 +2695,10 @@ PHP_FUNCTION(odbc_close) return; } - conn = (odbc_connection *)zend_fetch_resource2(Z_RES_P(pv_conn), "ODBC-Link", le_conn, le_pconn); + if (!(conn = (odbc_connection *)zend_fetch_resource2(Z_RES_P(pv_conn), "ODBC-Link", le_conn, le_pconn))) { + RETURN_FALSE; + } + if (Z_RES_P(pv_conn)->type == le_pconn) { is_pconn = 1; } diff --git a/ext/odbc/tests/bug78473.phpt b/ext/odbc/tests/bug78473.phpt new file mode 100644 index 0000000000..fd73b6cc07 --- /dev/null +++ b/ext/odbc/tests/bug78473.phpt @@ -0,0 +1,14 @@ +--TEST-- +Bug #78473 (odbc_close() closes arbitrary resources) +--SKIPIF-- +<?php +if (!extension_loaded('odbc')) die('skip odbc extension not available'); +?> +--FILE-- +<?php +odbc_close(STDIN); +var_dump(STDIN); +?> +--EXPECTF-- +Warning: odbc_close(): supplied resource is not a valid ODBC-Link resource in %s on line %d +resource(%d) of type (stream) |