Fix CVE-2010-0397: null pointer dereference when processing invalid XML-RPC

requests (bug #51288)
author: Raphael Geissert <geissert@php.net> 2010-03-13 18:40:29 +0000
committer: Raphael Geissert <geissert@php.net> 2010-03-13 18:40:29 +0000
commit: d8da372fd0aa22d503b4204f4485b2d5c8ce75bd (patch)
tree: 29b35fb408cabb44eb325d7a735b3e49d0c3c129 /ext/xmlrpc/tests
parent: 1c6ea06c73a2fc997c350fc9ff5cac28f7f5f22e (diff)
download: php-git-d8da372fd0aa22d503b4204f4485b2d5c8ce75bd.tar.gz
1 files changed, 14 insertions, 0 deletions
diff --git a/ext/xmlrpc/tests/bug51288.phpt b/ext/xmlrpc/tests/bug51288.phpt
new file mode 100644
index 0000000000..d9bdef822e
--- /dev/null
+++ b/ext/xmlrpc/tests/bug51288.phpt
@@ -0,0 +1,14 @@
+--TEST--
+Bug #51288 (CVE-2010-0397, NULL pointer deref when no <methodName> in request)
+--FILE--
+<?php
+$method = NULL;
+$req = '<?xml version="1.0"?><methodCall></methodCall>';
+var_dump(xmlrpc_decode_request($req, $method));
+var_dump($method);
+echo "Done\n";
+?>
+--EXPECT--
+NULL
+NULL
+Done
author	Raphael Geissert <geissert@php.net>	2010-03-13 18:40:29 +0000
committer	Raphael Geissert <geissert@php.net>	2010-03-13 18:40:29 +0000
commit	d8da372fd0aa22d503b4204f4485b2d5c8ce75bd (patch)
tree	29b35fb408cabb44eb325d7a735b3e49d0c3c129 /ext/xmlrpc/tests
parent	1c6ea06c73a2fc997c350fc9ff5cac28f7f5f22e (diff)
download	php-git-d8da372fd0aa22d503b4204f4485b2d5c8ce75bd.tar.gz