php 5.4.45-4 (security fix backported from 5.5.32)

1 files changed, 31 insertions, 0 deletions

diff --git a/bug71391.patch b/bug71391.patch
new file mode 100644
index 0000000..538953e
--- /dev/null
+++ b/bug71391.patch
@@ -0,0 +1,31 @@
+Backported from 5.5 for 5.4 by Remi Collet
+binary patch dropped
+
+From 1c1b8b69982375700d4b011eb89ea48b66dbd5aa Mon Sep 17 00:00:00 2001
+From: Stanislav Malyshev <stas@php.net>
+Date: Sat, 16 Jan 2016 20:43:43 -0800
+Subject: [PATCH] Fix bug #71391: NULL Pointer Dereference in
+ phar_tar_setupmetadata()
+
+---
+ ext/phar/tar.c               |   3 +++
+ ext/phar/tests/bug71391.phpt |  18 ++++++++++++++++++
+ ext/phar/tests/bug71391.tar  | Bin 0 -> 3584 bytes
+ 3 files changed, 21 insertions(+)
+ create mode 100644 ext/phar/tests/bug71391.phpt
+ create mode 100644 ext/phar/tests/bug71391.tar
+
+diff --git a/ext/phar/tar.c b/ext/phar/tar.c
+index 34ef0ef..5f26805 100644
+--- a/ext/phar/tar.c
++++ b/ext/phar/tar.c
+@@ -870,6 +870,9 @@ static int phar_tar_setupmetadata(void *pDest, void *argument TSRMLS_DC) /* {{{
+ 
+ 	if (entry->filename_len >= sizeof(".phar/.metadata") && !memcmp(entry->filename, ".phar/.metadata", sizeof(".phar/.metadata")-1)) {
+ 		if (entry->filename_len == sizeof(".phar/.metadata.bin")-1 && !memcmp(entry->filename, ".phar/.metadata.bin", sizeof(".phar/.metadata.bin")-1)) {
++			if (entry->phar->metadata == NULL) {
++				return ZEND_HASH_APPLY_REMOVE;
++			}
+ 			return phar_tar_setmetadata(entry->phar->metadata, entry, error TSRMLS_CC);
+ 		}
+ 		/* search for the file this metadata entry references */