php-sapi/patches/320_php_20804424.patch

CVE-2015-2787
Community BUG:
https://bugs.php.net/bug.php?id=68976
Community CODE:
https://gist.github.com/smalyshev/eea9eafc7c88a4a6d10d
Below is the community patch.


diff --git a/ext/standard/var_unserializer.c b/ext/standard/var_unserializer.c
index f114080..c7749a4 100644
--- a/ext/standard/var_unserializer.c
+++ b/ext/standard/var_unserializer.c
@@ -349,6 +349,7 @@ static inline int process_nested_data(UNSERIALIZE_PARAMETER, HashTable *ht, long
            zend_hash_update(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, &data,
                    sizeof data, NULL);
        }
+       var_push_dtor(var_hash, &data);

        zval_dtor(key);
        FREE_ZVAL(key);
diff --git a/ext/standard/var_unserializer.re b/ext/standard/var_unserializer.re
index f04fc74..abac77c 100644
--- a/ext/standard/var_unserializer.re
+++ b/ext/standard/var_unserializer.re
@@ -353,6 +353,7 @@ static inline int process_nested_data(UNSERIALIZE_PARAMETER, HashTable *ht, long
            zend_hash_update(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, &data,
                    sizeof data, NULL);
        }
+       var_push_dtor(var_hash, &data);

        zval_dtor(key);
        FREE_ZVAL(key);