Mercurial Mercurial > upstream > oracle > userland-gate / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/php/php56/patches/CVE-2015-4021.patch
branchs11-update
changeset 4418 7ae5fd823a4b
equal deleted inserted replaced
4415:a4e14565d114 4418:7ae5fd823a4b 
       
     1 # Source: upstream
 
       
     2 # http://git.php.net/?p=php-src.git;a=patch;h=2c1e49075ba48d93439a9e79eae43d9f8469b832;hp=739adee1912176aacf351edc5751a02ded6ef1ec
 
       
     3 # Fixed in 5.6.9
 
       
     4 
       
     5 From 2c1e49075ba48d93439a9e79eae43d9f8469b832 Mon Sep 17 00:00:00 2001
 
       
     6 From: Stanislav Malyshev <[email protected]>
 
       
     7 Date: Wed, 29 Apr 2015 22:04:20 -0700
 
       
     8 Subject: [PATCH 1/1] Fix bug #69453 - don't try to cut empty string
 
       
     9 
       
    10 ---
 
       
    11  ext/phar/tar.c               |  2 +-
 
       
    12  ext/phar/tests/bug69453.phpt | 21 +++++++++++++++++++++
 
       
    13  2 files changed, 22 insertions(+), 1 deletion(-)
 
       
    14  create mode 100644 ext/phar/tests/bug69453.phpt
 
       
    15 
       
    16 diff --git a/ext/phar/tar.c b/ext/phar/tar.c
 
       
    17 index c4a81fb..34ef0ef 100644
 
       
    18 --- a/ext/phar/tar.c
 
       
    19 +++ b/ext/phar/tar.c
 
       
    20 @@ -434,7 +434,7 @@ bail:
 
       
    21  			entry.filename_len = i;
 
       
    22  			entry.filename = pestrndup(hdr->name, i, myphar->is_persistent);
 
       
    23  
       
    24 -			if (entry.filename[entry.filename_len - 1] == '/') {
 
       
    25 +			if (i > 0 && entry.filename[entry.filename_len - 1] == '/') {
 
       
    26  				/* some tar programs store directories with trailing slash */
 
       
    27  				entry.filename[entry.filename_len - 1] = '\0';
 
       
    28  				entry.filename_len--;
 
       
    29 diff --git a/ext/phar/tests/bug69453.phpt b/ext/phar/tests/bug69453.phpt
 
       
    30 new file mode 100644
 
       
    31 index 0000000..4a2a37f
 
       
    32 --- /dev/null
 
       
    33 +++ b/ext/phar/tests/bug69453.phpt
 
       
    34 @@ -0,0 +1,21 @@
 
       
    35 +--TEST--
 
       
    36 +Phar: bug #69453: Memory Corruption in phar_parse_tarfile when entry filename starts with null
 
       
    37 +--SKIPIF--
 
       
    38 +<?php if (!extension_loaded("phar")) die("skip"); ?>
 
       
    39 +--FILE--
 
       
    40 +<?php
 
       
    41 +$fname = dirname(__FILE__) . '/bug69453.tar.phar';
 
       
    42 +try {
 
       
    43 +$r = new Phar($fname, 0);
 
       
    44 +} catch(UnexpectedValueException $e) {
 
       
    45 +	echo $e;
 
       
    46 +}
 
       
    47 +?>
 
       
    48 +
 
       
    49 +==DONE==
 
       
    50 +--EXPECTF--
 
       
    51 +exception 'UnexpectedValueException' with message 'phar error: "%s/bug69453.tar.phar" is a corrupted tar file (checksum mismatch of file "")' in %s:%d
 
       
    52 +Stack trace:
 
       
    53 +#0 %s/bug69453.php(%d): Phar->__construct('%s', 0)
 
       
    54 +#1 {main}
 
       
    55 +==DONE==
 
       
    56 \ No newline at end of file
 
       
    57 -- 
       
    58 2.1.4
 
       
    59
upstream/oracle/userland-gate