mirror of
https://github.com/php/php-src.git
synced 2025-08-15 21:48:51 +02:00
9cb3d8d200
Libxml versions prior to 2.13 cannot correctly handle a call to xmlNodeSetName() with a name longer than 2G. It will leave the node object in an invalid state with a NULL name. This later causes a NULL pointer dereference when using the name during message serialization. To solve this, implement a workaround that resets the name to the sentinel name if this situation arises. Versions of libxml of 2.13 and higher are not affected. This can be exploited if a SoapVar is created with a fully qualified name that is longer than 2G. This would be possible if some application code uses a namespace prefix from an untrusted source like from a remote SOAP service. Co-authored-by: Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
||
|---|---|---|
| .. | ||
| tests | ||
| config.m4 | ||
| config.w32 | ||
| CREDITS | ||
| php_encoding.c | ||
| php_encoding.h | ||
| php_http.c | ||
| php_http.h | ||
| php_packet_soap.c | ||
| php_packet_soap.h | ||
| php_schema.c | ||
| php_schema.h | ||
| php_sdl.c | ||
| php_sdl.h | ||
| php_soap.h | ||
| php_xml.c | ||
| php_xml.h | ||
| soap.c | ||
| soap.stub.php | ||
| soap_arginfo.h | ||