Fix use after free on pg_close() of default connection

author: Nikita Popov <nikita.ppv@gmail.com> 2019-04-10 10:36:11 +0200
committer: Nikita Popov <nikita.ppv@gmail.com> 2019-04-10 10:38:24 +0200
commit: b55715d61a908f7732d5a2bb6b20a105f372014a (patch)
tree: f898617105f2ac9803ac0a6617cbbc8d882b6e3a /ext/pgsql/pgsql.c
parent: 7b8212f4d119b1f055238b183092249a022a7841 (diff)
download: php-git-b55715d61a908f7732d5a2bb6b20a105f372014a.tar.gz
1 files changed, 7 insertions, 5 deletions
diff --git a/ext/pgsql/pgsql.c b/ext/pgsql/pgsql.c
index 1d989ae656..658b03baaf 100644
--- a/ext/pgsql/pgsql.c
+++ b/ext/pgsql/pgsql.c
@@ -90,7 +90,7 @@
 #define PQ_SETNONBLOCKING(pg_link, flag) 0
 #endif
 
-#define CHECK_DEFAULT_LINK(x) if ((x) == NULL) { php_error_docref(NULL, E_WARNING, "No PostgreSQL link opened yet"); }
+#define CHECK_DEFAULT_LINK(x) if ((x) == NULL) { php_error_docref(NULL, E_WARNING, "No PostgreSQL link opened yet"); RETURN_FALSE; }
 #define FETCH_DEFAULT_LINK()  PGG(default_link)
 
 #ifndef HAVE_PQFREEMEM
@@ -1559,13 +1559,15 @@ PHP_FUNCTION(pg_close)
 		return;
 	}
 
-	if (pgsql_link) {
-		link = Z_RES_P(pgsql_link);
-	} else {
-		link = FETCH_DEFAULT_LINK();
+	if (!pgsql_link) {
+		link = PGG(default_link);
 		CHECK_DEFAULT_LINK(link);
+		zend_list_delete(link);
+		PGG(default_link) = NULL;
+		RETURN_TRUE;
 	}
 
+	link = Z_RES_P(pgsql_link);
 	if (zend_fetch_resource2(link, "PostgreSQL link", le_link, le_plink) == NULL) {
 		RETURN_FALSE;
 	}
author	Nikita Popov <nikita.ppv@gmail.com>	2019-04-10 10:36:11 +0200
committer	Nikita Popov <nikita.ppv@gmail.com>	2019-04-10 10:38:24 +0200
commit	b55715d61a908f7732d5a2bb6b20a105f372014a (patch)
tree	f898617105f2ac9803ac0a6617cbbc8d882b6e3a /ext/pgsql/pgsql.c
parent	7b8212f4d119b1f055238b183092249a022a7841 (diff)
download	php-git-b55715d61a908f7732d5a2bb6b20a105f372014a.tar.gz