archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-15 21:48:51 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fix pgsql use after free trying to reuse closed connection

Browse source 
When a connection is closed, we also need to remove the hash entry
from the regular_list, as it now points to freed memory. To do this
store a reverse mapping from the connection to the hash string.

It would be nicer to introduce a wrapping structure for the pgsql
link resource that could store the hash (and notices), but that would
require large changes to the extension, so I'm going for a more
minimal fix here.
This commit is contained in:
Nikita Popov 2019-04-10 12:18:57 +02:00
parent b55715d61a
commit c7a86a38a3
4 changed files with 47 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

1
ext/pgsql/php_pgsql.h
View file

@ -319,6 +319,7 @@ ZEND_BEGIN_MODULE_GLOBALS(pgsql)
int ignore_notices,log_notices;
HashTable notices; /* notice message for each connection */
zend_resource *default_link; /* default link when connection is omitted */
HashTable hashes; /* hashes for each connection */
ZEND_END_MODULE_GLOBALS(pgsql)
ZEND_EXTERN_MODULE_GLOBALS(pgsql)