pajoye                                   Tue, 19 Oct 2010 09:55:36 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=304505

Log:
- fix Fixed NULL pointer dereference in ZipArchive::getArchiveComment, 
(CVE-2010-3709), report&patch from Maksymilian Arciemowicz

Changed paths:
    U   php/php-src/branches/PHP_5_2/ext/zip/php_zip.c
    U   php/php-src/branches/PHP_5_3/ext/zip/php_zip.c

Modified: php/php-src/branches/PHP_5_2/ext/zip/php_zip.c
===================================================================
--- php/php-src/branches/PHP_5_2/ext/zip/php_zip.c      2010-10-19 09:53:43 UTC 
(rev 304504)
+++ php/php-src/branches/PHP_5_2/ext/zip/php_zip.c      2010-10-19 09:55:36 UTC 
(rev 304505)
@@ -1954,6 +1954,9 @@

        PHP_ZIP_STAT_INDEX(intern, index, 0, sb);
        comment = zip_get_file_comment(intern, index, &comment_len, (int)flags);
+       if(comment==NULL) {
+               RETURN_FALSE;
+       }
        RETURN_STRINGL((char *)comment, (long)comment_len, 1);
 }
 /* }}} */

Modified: php/php-src/branches/PHP_5_3/ext/zip/php_zip.c
===================================================================
--- php/php-src/branches/PHP_5_3/ext/zip/php_zip.c      2010-10-19 09:53:43 UTC 
(rev 304504)
+++ php/php-src/branches/PHP_5_3/ext/zip/php_zip.c      2010-10-19 09:55:36 UTC 
(rev 304505)
@@ -1961,6 +1961,9 @@
        }

        comment = zip_get_archive_comment(intern, &comment_len, (int)flags);
+       if(comment==NULL) {
+               RETURN_FALSE;
+       }
        RETURN_STRINGL((char *)comment, (long)comment_len, 1);
 }
 /* }}} */

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to