mirror of
https://github.com/php/php-src.git
synced 2024-09-21 18:07:23 +00:00
Merge branch 'PHP-5.4' into PHP-5.5
* PHP-5.4: 5.4.41 next fix CVE num update NEWS Fix bug #69441 (Buffer Overflow when parsing tar/zip/phar in phar_set_inode) fix type in fix for #69085 fix CVE num Conflicts: configure.in main/php_version.h
This commit is contained in:
commit
e21f87e957
@ -119,8 +119,8 @@ int zend_sprintf(char *buffer, const char *format, ...);
|
||||
|
||||
PHP_MAJOR_VERSION=5
|
||||
PHP_MINOR_VERSION=5
|
||||
PHP_RELEASE_VERSION=24
|
||||
PHP_EXTRA_VERSION="RC1"
|
||||
PHP_RELEASE_VERSION=25
|
||||
PHP_EXTRA_VERSION="-dev"
|
||||
PHP_VERSION="$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION"
|
||||
PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 10000 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION`
|
||||
|
||||
|
@ -561,10 +561,13 @@ static inline void phar_set_inode(phar_entry_info *entry TSRMLS_DC) /* {{{ */
|
||||
{
|
||||
char tmp[MAXPATHLEN];
|
||||
int tmp_len;
|
||||
size_t len;
|
||||
|
||||
tmp_len = entry->filename_len + entry->phar->fname_len;
|
||||
memcpy(tmp, entry->phar->fname, entry->phar->fname_len);
|
||||
memcpy(tmp + entry->phar->fname_len, entry->filename, entry->filename_len);
|
||||
tmp_len = MIN(MAXPATHLEN, entry->filename_len + entry->phar->fname_len);
|
||||
len = MIN(entry->phar->fname_len, tmp_len);
|
||||
memcpy(tmp, entry->phar->fname, len);
|
||||
len = MIN(tmp_len - len, entry->filename_len);
|
||||
memcpy(tmp + entry->phar->fname_len, entry->filename, len);
|
||||
entry->inode = (unsigned short)zend_get_hash_value(tmp, tmp_len);
|
||||
}
|
||||
/* }}} */
|
||||
|
BIN
ext/phar/tests/bug69441.phar
Normal file
BIN
ext/phar/tests/bug69441.phar
Normal file
Binary file not shown.
21
ext/phar/tests/bug69441.phpt
Normal file
21
ext/phar/tests/bug69441.phpt
Normal file
@ -0,0 +1,21 @@
|
||||
--TEST--
|
||||
Phar: bug #69441: Buffer Overflow when parsing tar/zip/phar in phar_set_inode
|
||||
--SKIPIF--
|
||||
<?php if (!extension_loaded("phar")) die("skip"); ?>
|
||||
--FILE--
|
||||
<?php
|
||||
$fname = dirname(__FILE__) . '/bug69441.phar';
|
||||
try {
|
||||
$r = new Phar($fname, 0);
|
||||
} catch(UnexpectedValueException $e) {
|
||||
echo $e;
|
||||
}
|
||||
?>
|
||||
|
||||
==DONE==
|
||||
--EXPECTF--
|
||||
exception 'UnexpectedValueException' with message 'phar error: corrupted central directory entry, no magic signature in zip-based phar "%s/bug69441.phar"' in %s/bug69441.php:%d
|
||||
Stack trace:
|
||||
#0 %s/bug69441.php(%d): Phar->__construct('%s', 0)
|
||||
#1 {main}
|
||||
==DONE==
|
@ -2,7 +2,7 @@
|
||||
/* edit configure.in to change version number */
|
||||
#define PHP_MAJOR_VERSION 5
|
||||
#define PHP_MINOR_VERSION 5
|
||||
#define PHP_RELEASE_VERSION 24
|
||||
#define PHP_EXTRA_VERSION "RC1"
|
||||
#define PHP_VERSION "5.5.24RC1"
|
||||
#define PHP_VERSION_ID 50524
|
||||
#define PHP_RELEASE_VERSION 25
|
||||
#define PHP_EXTRA_VERSION "-dev"
|
||||
#define PHP_VERSION "5.5.25-dev"
|
||||
#define PHP_VERSION_ID 50525
|
||||
|
Loading…
Reference in New Issue
Block a user