diff options
author | Remi Collet <fedora@famillecollet.com> | 2017-02-18 08:58:42 +0100 |
---|---|---|
committer | Remi Collet <fedora@famillecollet.com> | 2017-02-18 08:58:42 +0100 |
commit | b7dc0096c61deb8d3f7fb61d636b874ce1452197 (patch) | |
tree | e802418866c158a601273e6b0458e6c2d8de076f /bug73773.patch | |
parent | f2e3a31837636de81c2f03f8a45145a5869d8575 (diff) |
PHP 5.6.38-7 (security fix from 5.6.30)
Diffstat (limited to 'bug73773.patch')
-rw-r--r-- | bug73773.patch | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/bug73773.patch b/bug73773.patch new file mode 100644 index 0000000..1aab14c --- /dev/null +++ b/bug73773.patch @@ -0,0 +1,37 @@ +Backported from 5.6.30 by Remi. + + +From e5246580a85f031e1a3b8064edbaa55c1643a451 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev <stas@php.net> +Date: Sat, 31 Dec 2016 18:47:50 -0800 +Subject: [PATCH] Fix bug #73773 - Seg fault when loading hostile phar + +--- + ext/phar/phar.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/ext/phar/phar.c b/ext/phar/phar.c +index 158f417..780be43 100644 +--- a/ext/phar/phar.c ++++ b/ext/phar/phar.c +@@ -1054,7 +1054,7 @@ static int phar_parse_pharfile(php_stream *fp, char *fname, int fname_len, char + entry.is_persistent = mydata->is_persistent; + + for (manifest_index = 0; manifest_index < manifest_count; ++manifest_index) { +- if (buffer + 24 > endbuffer) { ++ if (buffer + 28 > endbuffer) { + MAPPHAR_FAIL("internal corruption of phar \"%s\" (truncated manifest entry)") + } + +@@ -1068,7 +1068,7 @@ static int phar_parse_pharfile(php_stream *fp, char *fname, int fname_len, char + entry.manifest_pos = manifest_index; + } + +- if (entry.filename_len > endbuffer - buffer - 20) { ++ if (entry.filename_len > endbuffer - buffer - 24) { + MAPPHAR_FAIL("internal corruption of phar \"%s\" (truncated manifest entry)"); + } + +-- +2.1.4 + |