diff options
Diffstat (limited to 'bug73773.patch')
-rw-r--r-- | bug73773.patch | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/bug73773.patch b/bug73773.patch new file mode 100644 index 0000000..1aab14c --- /dev/null +++ b/bug73773.patch @@ -0,0 +1,37 @@ +Backported from 5.6.30 by Remi. + + +From e5246580a85f031e1a3b8064edbaa55c1643a451 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev <stas@php.net> +Date: Sat, 31 Dec 2016 18:47:50 -0800 +Subject: [PATCH] Fix bug #73773 - Seg fault when loading hostile phar + +--- + ext/phar/phar.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/ext/phar/phar.c b/ext/phar/phar.c +index 158f417..780be43 100644 +--- a/ext/phar/phar.c ++++ b/ext/phar/phar.c +@@ -1054,7 +1054,7 @@ static int phar_parse_pharfile(php_stream *fp, char *fname, int fname_len, char + entry.is_persistent = mydata->is_persistent; + + for (manifest_index = 0; manifest_index < manifest_count; ++manifest_index) { +- if (buffer + 24 > endbuffer) { ++ if (buffer + 28 > endbuffer) { + MAPPHAR_FAIL("internal corruption of phar \"%s\" (truncated manifest entry)") + } + +@@ -1068,7 +1068,7 @@ static int phar_parse_pharfile(php_stream *fp, char *fname, int fname_len, char + entry.manifest_pos = manifest_index; + } + +- if (entry.filename_len > endbuffer - buffer - 20) { ++ if (entry.filename_len > endbuffer - buffer - 24) { + MAPPHAR_FAIL("internal corruption of phar \"%s\" (truncated manifest entry)"); + } + +-- +2.1.4 + |