summaryrefslogtreecommitdiffstats
path: root/php-bug77630.patch
diff options
context:
space:
mode:
authorRemi Collet <remi@remirepo.net>2019-03-12 11:05:11 +0100
committerRemi Collet <remi@remirepo.net>2019-03-12 11:05:11 +0100
commit54c47c5cbf037ce982bf1868f79051c8af88bad3 (patch)
tree298507977d94b6b6fe84abc80c662e3dc2f73b7c /php-bug77630.patch
parentc2b0e5687f6de20065ad435a37e060f87d03604a (diff)
Fix #77396 Null Pointer Dereference in phar_create_or_parse_filename
Fix #77586 - phar_tar_writeheaders_int() buffer overflow - spl: Fix #77431 openFile() silently truncates after a null byte - security fix synced with https://github.com/Microsoft/php-src/
Diffstat (limited to 'php-bug77630.patch')
-rw-r--r--php-bug77630.patch36
1 files changed, 16 insertions, 20 deletions
diff --git a/php-bug77630.patch b/php-bug77630.patch
index bc3f645..71cbf12 100644
--- a/php-bug77630.patch
+++ b/php-bug77630.patch
@@ -1,8 +1,4 @@
-Backported to 5.6 from 7.1 by remi
-
-
-
-From e3133e4db70476fb7adfdedb738483e2255ce0e1 Mon Sep 17 00:00:00 2001
+From 0c78ce21f96537dbea40c1d4f7467617600d266b Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <stas@php.net>
Date: Sat, 2 Mar 2019 23:42:53 -0800
Subject: [PATCH] Fix bug #77630 - safer rename() procedure
@@ -11,15 +7,17 @@ In order to rename safer, we do the following:
- set umask to 077 (unfortunately, not TS, so excluding ZTS)
- chown() first, to set proper group before allowing group access
- chmod() after, even if chown() fails
+
+(cherry picked from commit e3133e4db70476fb7adfdedb738483e2255ce0e1)
---
- main/streams/plain_wrapper.c | 51 ++++++++++++++++++++++++------------
- 1 file changed, 34 insertions(+), 17 deletions(-)
+ main/streams/plain_wrapper.c | 48 ++++++++++++++++++++++++------------
+ 1 file changed, 32 insertions(+), 16 deletions(-)
diff --git a/main/streams/plain_wrapper.c b/main/streams/plain_wrapper.c
-index af890a9aa3bb..7fdf906e6fad 100644
+index f472bad4b9..3e114a64ea 100644
--- a/main/streams/plain_wrapper.c
+++ b/main/streams/plain_wrapper.c
-@@ -1126,34 +1126,51 @@ static int php_plain_files_rename(php_st
+@@ -1126,34 +1126,50 @@ static int php_plain_files_rename(php_stream_wrapper *wrapper, const char *url_f
# ifdef EXDEV
if (errno == EXDEV) {
struct stat sb;
@@ -33,11 +31,6 @@ index af890a9aa3bb..7fdf906e6fad 100644
+ success = 1;
# if !defined(TSRM_WIN32) && !defined(NETWARE)
- if (VCWD_CHMOD(url_to, sb.st_mode)) {
-- if (errno == EPERM) {
-- php_error_docref2(NULL TSRMLS_CC, url_from, url_to, E_WARNING, "%s", strerror(errno));
-- VCWD_UNLINK(url_from);
-- return 1;
-- }
+ /*
+ * Try to set user and permission info on the target.
+ * If we're not root, then some of these may fail.
@@ -46,21 +39,24 @@ index af890a9aa3bb..7fdf906e6fad 100644
+ * access to the file in the meantime.
+ */
+ if (VCWD_CHOWN(url_to, sb.st_uid, sb.st_gid)) {
- php_error_docref2(NULL TSRMLS_CC, url_from, url_to, E_WARNING, "%s", strerror(errno));
-- return 0;
-+ if (errno != EPERM) {
++ php_error_docref2(NULL TSRMLS_CC, url_from, url_to, E_WARNING, "%s", strerror(errno));
+ if (errno == EPERM) {
+- php_error_docref2(NULL TSRMLS_CC, url_from, url_to, E_WARNING, "%s", strerror(errno));
+- VCWD_UNLINK(url_from);
+- return 1;
+ success = 0;
-+ }
+ }
+- php_error_docref2(NULL TSRMLS_CC, url_from, url_to, E_WARNING, "%s", strerror(errno));
+- return 0;
}
- if (VCWD_CHOWN(url_to, sb.st_uid, sb.st_gid)) {
- if (errno == EPERM) {
-+
+ if (success) {
+ if (VCWD_CHMOD(url_to, sb.st_mode)) {
php_error_docref2(NULL TSRMLS_CC, url_from, url_to, E_WARNING, "%s", strerror(errno));
- VCWD_UNLINK(url_from);
- return 1;
-+ if (errno != EPERM) {
++ if (errno == EPERM) {
+ success = 0;
+ }
}