File: CVE-2015-6838.patch

package info (click to toggle)

php5 5.3.3.1-7%2Bsqueeze29

links: PTS, VCS
area: main
in suites: squeeze-lts
size: 123,520 kB
ctags: 55,742
sloc: ansic: 633,963; php: 19,620; sh: 11,344; xml: 5,816; cpp: 2,400; yacc: 1,745; exp: 1,514; makefile: 1,019; pascal: 623; awk: 537; sql: 22

file content (19 lines) | stat: -rw-r--r-- 794 bytes

Index: php5-5.3.3.1/ext/xsl/xsltprocessor.c
===================================================================
--- php5-5.3.3.1.orig/ext/xsl/xsltprocessor.c	2015-10-19 10:57:11.000000000 +0200
+++ php5-5.3.3.1/ext/xsl/xsltprocessor.c	2015-10-19 11:03:11.000000000 +0200
@@ -292,9 +292,11 @@
 	fci.function_table = EG(function_table);
 	
 	obj = valuePop(ctxt);
-	if (obj->stringval == NULL) {
-		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Handler name must be a string");
-		xmlXPathFreeObject(obj);
+	if (obj == NULL || obj->stringval == NULL) {
+		if (obj && obj->stringval == NULL) {
+			php_error_docref(NULL, E_WARNING, "Handler name must be a string");
+			xmlXPathFreeObject(obj);
+		}
 		if (fci.param_count > 0) {
 			for (i = 0; i < nargs - 1; i++) {
 				zval_ptr_dtor(&args[i]);