mirror of
https://github.com/php/php-src.git
synced 2024-09-22 10:27:25 +00:00
Fix bug #69441 (Buffer Overflow when parsing tar/zip/phar in phar_set_inode)
This commit is contained in:
parent
45facd15fb
commit
f59b67ae50
@ -618,10 +618,13 @@ static inline void phar_set_inode(phar_entry_info *entry TSRMLS_DC) /* {{{ */
|
||||
{
|
||||
char tmp[MAXPATHLEN];
|
||||
int tmp_len;
|
||||
size_t len;
|
||||
|
||||
tmp_len = entry->filename_len + entry->phar->fname_len;
|
||||
memcpy(tmp, entry->phar->fname, entry->phar->fname_len);
|
||||
memcpy(tmp + entry->phar->fname_len, entry->filename, entry->filename_len);
|
||||
tmp_len = MIN(MAXPATHLEN, entry->filename_len + entry->phar->fname_len);
|
||||
len = MIN(entry->phar->fname_len, tmp_len);
|
||||
memcpy(tmp, entry->phar->fname, len);
|
||||
len = MIN(tmp_len - len, entry->filename_len);
|
||||
memcpy(tmp + entry->phar->fname_len, entry->filename, len);
|
||||
entry->inode = (unsigned short)zend_get_hash_value(tmp, tmp_len);
|
||||
}
|
||||
/* }}} */
|
||||
|
BIN
ext/phar/tests/bug69441.phar
Normal file
BIN
ext/phar/tests/bug69441.phar
Normal file
Binary file not shown.
21
ext/phar/tests/bug69441.phpt
Normal file
21
ext/phar/tests/bug69441.phpt
Normal file
@ -0,0 +1,21 @@
|
||||
--TEST--
|
||||
Phar: bug #69441: Buffer Overflow when parsing tar/zip/phar in phar_set_inode
|
||||
--SKIPIF--
|
||||
<?php if (!extension_loaded("phar")) die("skip"); ?>
|
||||
--FILE--
|
||||
<?php
|
||||
$fname = dirname(__FILE__) . '/bug69441.phar';
|
||||
try {
|
||||
$r = new Phar($fname, 0);
|
||||
} catch(UnexpectedValueException $e) {
|
||||
echo $e;
|
||||
}
|
||||
?>
|
||||
|
||||
==DONE==
|
||||
--EXPECTF--
|
||||
exception 'UnexpectedValueException' with message 'phar error: corrupted central directory entry, no magic signature in zip-based phar "%s/bug69441.phar"' in %s/bug69441.php:%d
|
||||
Stack trace:
|
||||
#0 %s/bug69441.php(%d): Phar->__construct('%s', 0)
|
||||
#1 {main}
|
||||
==DONE==
|
Loading…
Reference in New Issue
Block a user