summaryrefslogtreecommitdiffstats
path: root/bug73773.patch
diff options
context:
space:
mode:
Diffstat (limited to 'bug73773.patch')
-rw-r--r--bug73773.patch37
1 files changed, 37 insertions, 0 deletions
diff --git a/bug73773.patch b/bug73773.patch
new file mode 100644
index 0000000..1aab14c
--- /dev/null
+++ b/bug73773.patch
@@ -0,0 +1,37 @@
+Backported from 5.6.30 by Remi.
+
+
+From e5246580a85f031e1a3b8064edbaa55c1643a451 Mon Sep 17 00:00:00 2001
+From: Stanislav Malyshev <stas@php.net>
+Date: Sat, 31 Dec 2016 18:47:50 -0800
+Subject: [PATCH] Fix bug #73773 - Seg fault when loading hostile phar
+
+---
+ ext/phar/phar.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/ext/phar/phar.c b/ext/phar/phar.c
+index 158f417..780be43 100644
+--- a/ext/phar/phar.c
++++ b/ext/phar/phar.c
+@@ -1054,7 +1054,7 @@ static int phar_parse_pharfile(php_stream *fp, char *fname, int fname_len, char
+ entry.is_persistent = mydata->is_persistent;
+
+ for (manifest_index = 0; manifest_index < manifest_count; ++manifest_index) {
+- if (buffer + 24 > endbuffer) {
++ if (buffer + 28 > endbuffer) {
+ MAPPHAR_FAIL("internal corruption of phar \"%s\" (truncated manifest entry)")
+ }
+
+@@ -1068,7 +1068,7 @@ static int phar_parse_pharfile(php_stream *fp, char *fname, int fname_len, char
+ entry.manifest_pos = manifest_index;
+ }
+
+- if (entry.filename_len > endbuffer - buffer - 20) {
++ if (entry.filename_len > endbuffer - buffer - 24) {
+ MAPPHAR_FAIL("internal corruption of phar \"%s\" (truncated manifest entry)");
+ }
+
+--
+2.1.4
+