diff options
| -rw-r--r-- | NEWS | 2 | ||||
| -rw-r--r-- | main/streams/memory.c | 4 |
2 files changed, 6 insertions, 0 deletions
@@ -6,6 +6,8 @@ PHP NEWS ?? ??? 2015, PHP 5.5.22 - Core: + . Fixed bug #68986 (pointer returned by php_stream_fopen_temporary_file + not validated in memory.c). (nayana at ddproperty dot com) . Fixed bug #67068 (getClosure returns somethings that's not a closure). (Danack at basereality dot com) . Fixed bug #68925 (Mitigation for CVE-2015-0235 – GHOST: glibc gethostbyname diff --git a/main/streams/memory.c b/main/streams/memory.c index 0d00505664..d0f2511aa7 100644 --- a/main/streams/memory.c +++ b/main/streams/memory.c @@ -374,6 +374,10 @@ static size_t php_stream_temp_write(php_stream *stream, const char *buf, size_t if (memsize + count >= ts->smax) { php_stream *file = php_stream_fopen_tmpfile(); + if (file == NULL) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to create temporary file, Check permissions in temporary files directory."); + return 0; + } php_stream_write(file, membuf, memsize); php_stream_free_enclosed(ts->innerstream, PHP_STREAM_FREE_CLOSE); ts->innerstream = file; |