summaryrefslogtreecommitdiffstats
path: root/bug73773.patch
diff options
context:
space:
mode:
authorRemi Collet <fedora@famillecollet.com>2017-02-18 08:58:42 +0100
committerRemi Collet <fedora@famillecollet.com>2017-02-18 08:58:42 +0100
commitb7dc0096c61deb8d3f7fb61d636b874ce1452197 (patch)
treee802418866c158a601273e6b0458e6c2d8de076f /bug73773.patch
parentf2e3a31837636de81c2f03f8a45145a5869d8575 (diff)
PHP 5.6.38-7 (security fix from 5.6.30)
Diffstat (limited to 'bug73773.patch')
-rw-r--r--bug73773.patch37
1 files changed, 37 insertions, 0 deletions
diff --git a/bug73773.patch b/bug73773.patch
new file mode 100644
index 0000000..1aab14c
--- /dev/null
+++ b/bug73773.patch
@@ -0,0 +1,37 @@
+Backported from 5.6.30 by Remi.
+
+
+From e5246580a85f031e1a3b8064edbaa55c1643a451 Mon Sep 17 00:00:00 2001
+From: Stanislav Malyshev <stas@php.net>
+Date: Sat, 31 Dec 2016 18:47:50 -0800
+Subject: [PATCH] Fix bug #73773 - Seg fault when loading hostile phar
+
+---
+ ext/phar/phar.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/ext/phar/phar.c b/ext/phar/phar.c
+index 158f417..780be43 100644
+--- a/ext/phar/phar.c
++++ b/ext/phar/phar.c
+@@ -1054,7 +1054,7 @@ static int phar_parse_pharfile(php_stream *fp, char *fname, int fname_len, char
+ entry.is_persistent = mydata->is_persistent;
+
+ for (manifest_index = 0; manifest_index < manifest_count; ++manifest_index) {
+- if (buffer + 24 > endbuffer) {
++ if (buffer + 28 > endbuffer) {
+ MAPPHAR_FAIL("internal corruption of phar \"%s\" (truncated manifest entry)")
+ }
+
+@@ -1068,7 +1068,7 @@ static int phar_parse_pharfile(php_stream *fp, char *fname, int fname_len, char
+ entry.manifest_pos = manifest_index;
+ }
+
+- if (entry.filename_len > endbuffer - buffer - 20) {
++ if (entry.filename_len > endbuffer - buffer - 24) {
+ MAPPHAR_FAIL("internal corruption of phar \"%s\" (truncated manifest entry)");
+ }
+
+--
+2.1.4
+