summaryrefslogtreecommitdiffstats
path: root/php-bug77431.patch
diff options
context:
space:
mode:
authorRemi Collet <remi@remirepo.net>2019-03-12 11:05:11 +0100
committerRemi Collet <remi@remirepo.net>2019-03-12 11:05:11 +0100
commit54c47c5cbf037ce982bf1868f79051c8af88bad3 (patch)
tree298507977d94b6b6fe84abc80c662e3dc2f73b7c /php-bug77431.patch
parentc2b0e5687f6de20065ad435a37e060f87d03604a (diff)
Fix #77396 Null Pointer Dereference in phar_create_or_parse_filename
Fix #77586 - phar_tar_writeheaders_int() buffer overflow - spl: Fix #77431 openFile() silently truncates after a null byte - security fix synced with https://github.com/Microsoft/php-src/
Diffstat (limited to 'php-bug77431.patch')
-rw-r--r--php-bug77431.patch66
1 files changed, 66 insertions, 0 deletions
diff --git a/php-bug77431.patch b/php-bug77431.patch
new file mode 100644
index 0000000..c0c27b3
--- /dev/null
+++ b/php-bug77431.patch
@@ -0,0 +1,66 @@
+From 6d9dcae7b2828a2c4d1853eecc2e62743515b36b Mon Sep 17 00:00:00 2001
+From: "Christoph M. Becker" <cmbecker69@gmx.de>
+Date: Wed, 9 Jan 2019 14:26:18 +0100
+Subject: [PATCH] Fix #77431 SplFileInfo::__construct() accepts NUL bytes
+
+`SplFileInfo::__construct()` has to expect a path instead of a string,
+analogous to `SplFileObject::__construct()`.
+
+(cherry picked from commit 254a5914ad7f9dbdc4f6090229f6b0f4317a695e)
+---
+ ext/spl/spl_directory.c | 2 +-
+ ext/spl/tests/bug77431.phpt | 9 +++++++++
+ 2 files changed, 10 insertions(+), 1 deletion(-)
+ create mode 100644 ext/spl/tests/bug77431.phpt
+
+diff --git a/ext/spl/spl_directory.c b/ext/spl/spl_directory.c
+index c08334573e..fbcf892c3d 100644
+--- a/ext/spl/spl_directory.c
++++ b/ext/spl/spl_directory.c
+@@ -1135,7 +1135,7 @@ SPL_METHOD(SplFileInfo, __construct)
+
+ zend_replace_error_handling(EH_THROW, spl_ce_RuntimeException, &error_handling TSRMLS_CC);
+
+- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &path, &len) == FAILURE) {
++ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "p", &path, &len) == FAILURE) {
+ zend_restore_error_handling(&error_handling TSRMLS_CC);
+ return;
+ }
+diff --git a/ext/spl/tests/bug77431.phpt b/ext/spl/tests/bug77431.phpt
+new file mode 100644
+index 0000000000..eb1ca96b75
+--- /dev/null
++++ b/ext/spl/tests/bug77431.phpt
+@@ -0,0 +1,9 @@
++--TEST--
++Bug #77431 (SplFileInfo::__construct() accepts NUL bytes)
++--FILE--
++<?php
++new SplFileInfo("bad\0good");
++?>
++--EXPECTF--
++Fatal error: Uncaught TypeError: SplFileInfo::__construct() expects parameter 1 to be a valid path, string given in %s:%d
++Stack trace:%A
+\ No newline at end of file
+From dfea88758c8add916be72e666b193a993540cfde Mon Sep 17 00:00:00 2001
+From: Anatol Belski <ab@php.net>
+Date: Wed, 6 Mar 2019 12:19:33 +0100
+Subject: [PATCH] Fix test
+
+---
+ ext/spl/tests/bug77431.phpt | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/ext/spl/tests/bug77431.phpt b/ext/spl/tests/bug77431.phpt
+index eb1ca96b75..04e4ce2eba 100644
+--- a/ext/spl/tests/bug77431.phpt
++++ b/ext/spl/tests/bug77431.phpt
+@@ -5,5 +5,5 @@ Bug #77431 (SplFileInfo::__construct() accepts NUL bytes)
+ new SplFileInfo("bad\0good");
+ ?>
+ --EXPECTF--
+-Fatal error: Uncaught TypeError: SplFileInfo::__construct() expects parameter 1 to be a valid path, string given in %s:%d
+-Stack trace:%A
+\ No newline at end of file
++Fatal error: Uncaught exception 'RuntimeException' with message 'SplFileInfo::__construct() expects parameter 1 to be a valid path, string given' in %s:%d
++Stack trace:%A