[php-pecl-memcache] fix php_stream_cast() usage
jorton
jorton at fedoraproject.org
Thu Jul 5 14:29:41 UTC 2012
commit eb3d2f316d9d1190d1fbac940e48e1a2779192c9
Author: Joe Orton <jorton at redhat.com>
Date: Thu Jul 5 15:29:40 2012 +0100
fix php_stream_cast() usage
- fix memory corruption after unserialization (Paul Clifford)
- package license
.gitignore | 1 +
LICENSE | 68 +++++++++++++++++++
php-pecl-memcache-3.0.5-get-mem-corrupt.patch | 89 +++++++++++++++++++++++++
php-pecl-memcache-3.0.6-fdcast.patch | 17 +++++
php-pecl-memcache.spec | 18 +++++-
5 files changed, 191 insertions(+), 2 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index e30a1c0..3edf3ed 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
/memcache-3.0.6.tgz
+/php-pecl-memcache-3.0.6
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..6c1c170
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,68 @@
+--------------------------------------------------------------------
+ The PHP License, version 3.0
+Copyright (c) 1999 - 2006 The PHP Group. All rights reserved.
+--------------------------------------------------------------------
+
+Redistribution and use in source and binary forms, with or without
+modification, is permitted provided that the following conditions
+are met:
+
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in
+ the documentation and/or other materials provided with the
+ distribution.
+
+ 3. The name "PHP" must not be used to endorse or promote products
+ derived from this software without prior written permission. For
+ written permission, please contact group at php.net.
+
+ 4. Products derived from this software may not be called "PHP", nor
+ may "PHP" appear in their name, without prior written permission
+ from group at php.net. You may indicate that your software works in
+ conjunction with PHP by saying "Foo for PHP" instead of calling
+ it "PHP Foo" or "phpfoo"
+
+ 5. The PHP Group may publish revised and/or new versions of the
+ license from time to time. Each version will be given a
+ distinguishing version number.
+ Once covered code has been published under a particular version
+ of the license, you may always continue to use it under the terms
+ of that version. You may also choose to use such covered code
+ under the terms of any subsequent version of the license
+ published by the PHP Group. No one other than the PHP Group has
+ the right to modify the terms applicable to covered code created
+ under this License.
+
+ 6. Redistributions of any form whatsoever must retain the following
+ acknowledgment:
+ "This product includes PHP, freely available from
+ <http://www.php.net/>".
+
+THIS SOFTWARE IS PROVIDED BY THE PHP DEVELOPMENT TEAM ``AS IS'' AND
+ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE PHP
+DEVELOPMENT TEAM OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+OF THE POSSIBILITY OF SUCH DAMAGE.
+
+--------------------------------------------------------------------
+
+This software consists of voluntary contributions made by many
+individuals on behalf of the PHP Group.
+
+The PHP Group can be contacted via Email at group at php.net.
+
+For more information on the PHP Group and the PHP project,
+please see <http://www.php.net>.
+
+This product includes the Zend Engine, freely available at
+<http://www.zend.com>.
diff --git a/php-pecl-memcache-3.0.5-get-mem-corrupt.patch b/php-pecl-memcache-3.0.5-get-mem-corrupt.patch
new file mode 100644
index 0000000..0b7c66c
--- /dev/null
+++ b/php-pecl-memcache-3.0.5-get-mem-corrupt.patch
@@ -0,0 +1,89 @@
+From 6e09e8db8d36de6a5020f5d517f62a8c16af8222 Mon Sep 17 00:00:00 2001
+From: "Vojtech Vitek (V-Teq)" <vvitek at redhat.com>
+Date: Mon, 17 Oct 2011 16:17:51 +0200
+Subject: [PATCH] fix get/unserialize memory corruption
+
+Possible memory corruption (and segfault) after unserialising objects:
+<?php
+$obj = new StdClass;
+$obj->obj = $obj;
+$memcache = new Memcache;
+$memcache->connect('127.0.0.1', 11211);
+$memcache->set('x', $obj, false, 300);
+$x = $memcache->get('x');
+$x = $memcache->get('x');
+$x = $memcache->get('x');
+$x = $memcache->get('x');
+$x = $memcache->get('x');
+
+Patch by Paul Clifford.
+
+---
+ memcache-3.0.5/memcache_pool.c | 15 +++++++--------
+ 1 files changed, 7 insertions(+), 8 deletions(-)
+
+diff --git memcache-3.0.5/memcache_pool.c memcache-3.0.5/memcache_pool.c
+index 420a773..e89ebce 100644
+--- memcache-3.0.5/memcache_pool.c
++++ memcache-3.0.5/memcache_pool.c
+@@ -422,8 +422,8 @@ int mmc_unpack_value(
+ char *data = NULL;
+ unsigned long data_len;
+
+- zval value;
+- INIT_ZVAL(value);
++ zval *object;
++ ALLOC_INIT_ZVAL(object);
+
+ if (flags & MMC_COMPRESSED) {
+ if (mmc_uncompress(buffer->value.c, bytes, &data, &data_len) != MMC_OK) {
+@@ -439,7 +439,6 @@ int mmc_unpack_value(
+ if (flags & MMC_SERIALIZED) {
+ php_unserialize_data_t var_hash;
+ const unsigned char *p = (unsigned char *)data;
+- zval *object = &value;
+
+ char key_tmp[MMC_MAX_KEY_LEN + 1];
+ mmc_request_value_handler value_handler;
+@@ -495,7 +494,7 @@ int mmc_unpack_value(
+ long val;
+ data[data_len] = '\0';
+ val = strtol(data, NULL, 10);
+- ZVAL_LONG(&value, val);
++ ZVAL_LONG(object, val);
+ break;
+ }
+
+@@ -503,17 +502,17 @@ int mmc_unpack_value(
+ double val = 0;
+ data[data_len] = '\0';
+ sscanf(data, "%lg", &val);
+- ZVAL_DOUBLE(&value, val);
++ ZVAL_DOUBLE(object, val);
+ break;
+ }
+
+ case MMC_TYPE_BOOL:
+- ZVAL_BOOL(&value, data_len == 1 && data[0] == '1');
++ ZVAL_BOOL(object, data_len == 1 && data[0] == '1');
+ break;
+
+ default:
+ data[data_len] = '\0';
+- ZVAL_STRINGL(&value, data, data_len, 0);
++ ZVAL_STRINGL(object, data, data_len, 0);
+
+ if (!(flags & MMC_COMPRESSED)) {
+ /* release buffer because it's now owned by the zval */
+@@ -522,7 +521,7 @@ int mmc_unpack_value(
+ }
+
+ /* delegate to value handler */
+- return request->value_handler(key, key_len, &value, flags, cas, request->value_handler_param TSRMLS_CC);
++ return request->value_handler(key, key_len, object, flags, cas, request->value_handler_param TSRMLS_CC);
+ }
+ }
+ /* }}}*/
+--
+1.7.6.2
+
diff --git a/php-pecl-memcache-3.0.6-fdcast.patch b/php-pecl-memcache-3.0.6-fdcast.patch
new file mode 100644
index 0000000..50d3021
--- /dev/null
+++ b/php-pecl-memcache-3.0.6-fdcast.patch
@@ -0,0 +1,17 @@
+
+Fix php_stream_cast() usage.
+
+--- memcache-3.0.6/memcache_pool.c.fdcast 2011-04-11 05:56:53.000000000 +0100
++++ memcache-3.0.6/memcache_pool.c 2012-07-05 15:27:02.447511095 +0100
+@@ -746,9 +746,9 @@ static int mmc_server_connect(mmc_pool_t
+ }
+
+ /* check connection and extract socket for select() purposes */
+- void *fd;
++ int fd;
+
+- if (!io->stream || php_stream_cast(io->stream, PHP_STREAM_AS_FD_FOR_SELECT, &fd, 1) != SUCCESS) {
++ if (!io->stream || php_stream_cast(io->stream, PHP_STREAM_AS_FD_FOR_SELECT, (void **)&fd, 1) != SUCCESS) {
+ mmc_server_seterror(mmc, errstr != NULL ? errstr : "Connection failed", errnum);
+ mmc_server_deactivate(pool, mmc TSRMLS_CC);
+
diff --git a/php-pecl-memcache.spec b/php-pecl-memcache.spec
index 02e01b7..aa6b30a 100644
--- a/php-pecl-memcache.spec
+++ b/php-pecl-memcache.spec
@@ -7,16 +7,19 @@
Summary: Extension to work with the Memcached caching daemon
Name: php-pecl-memcache
Version: 3.0.6
-Release: 3%{?dist}
+Release: 4%{?dist}
License: PHP
Group: Development/Languages
URL: http://pecl.php.net/package/%{pecl_name}
Source: http://pecl.php.net/get/%{pecl_name}-%{version}.tgz
Source2: xml2changelog
+Source3: LICENSE
# https://bugs.php.net/60284
Patch0: memcache-php54.patch
+Patch1: php-pecl-memcache-3.0.6-fdcast.patch
+Patch2: php-pecl-memcache-3.0.5-get-mem-corrupt.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: php-devel >= 4.3.11, php-pear, zlib-devel
@@ -59,9 +62,15 @@ Memcache can be used as a PHP session handler.
%setup -c -q
%patch0 -p0 -b .php54
+pushd memcache-%{version}
+%patch1 -p1 -b .fdcast
+%patch2 -p1 -b .get-mem-corrupt.patch
+popd
%{_bindir}/php -n %{SOURCE2} package.xml | tee CHANGELOG | head -n 5
+cp -p %{SOURCE3} .
+
cat >%{pecl_name}.ini << 'EOF'
; ----- Enable %{pecl_name} extension module
extension=%{pecl_name}.so
@@ -151,7 +160,7 @@ fi
%files
%defattr(-, root, root, -)
-%doc CHANGELOG %{pecl_name}-%{version}/CREDITS %{pecl_name}-%{version}/README
+%doc CHANGELOG %{pecl_name}-%{version}/CREDITS %{pecl_name}-%{version}/README LICENSE
%doc %{pecl_name}-%{version}/example.php %{pecl_name}-%{version}/memcache.php
%config(noreplace) %{_sysconfdir}/php.d/%{pecl_name}.ini
%{php_extdir}/%{pecl_name}.so
@@ -159,6 +168,11 @@ fi
%changelog
+* Thu Jul 5 2012 Joe Orton <jorton at redhat.com> - 3.0.6-4
+- fix php_stream_cast() usage
+- fix memory corruption after unserialization (Paul Clifford)
+- package license
+
* Thu Jan 19 2012 Remi Collet <remi at fedoraproject.org> - 3.0.6-3
- rebuild against PHP 5.4, with patch
- fix filters
More information about the scm-commits
mailing list