From c7a86a38a3f657ab81163ac794450fc7ada2ba3c Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Wed, 10 Apr 2019 12:18:57 +0200 Subject: Fix pgsql use after free trying to reuse closed connection When a connection is closed, we also need to remove the hash entry from the regular_list, as it now points to freed memory. To do this store a reverse mapping from the connection to the hash string. It would be nicer to introduce a wrapping structure for the pgsql link resource that could store the hash (and notices), but that would require large changes to the extension, so I'm going for a more minimal fix here. --- ext/pgsql/php_pgsql.h | 1 + 1 file changed, 1 insertion(+) (limited to 'ext/pgsql/php_pgsql.h') diff --git a/ext/pgsql/php_pgsql.h b/ext/pgsql/php_pgsql.h index 98b396c9f1..45807ea4eb 100644 --- a/ext/pgsql/php_pgsql.h +++ b/ext/pgsql/php_pgsql.h @@ -319,6 +319,7 @@ ZEND_BEGIN_MODULE_GLOBALS(pgsql) int ignore_notices,log_notices; HashTable notices; /* notice message for each connection */ zend_resource *default_link; /* default link when connection is omitted */ + HashTable hashes; /* hashes for each connection */ ZEND_END_MODULE_GLOBALS(pgsql) ZEND_EXTERN_MODULE_GLOBALS(pgsql) -- cgit v1.2.1