pajoye Tue, 19 Oct 2010 09:55:36 +0000
Revision: http://svn.php.net/viewvc?view=revision&revision=304505
Log:
- fix Fixed NULL pointer dereference in ZipArchive::getArchiveComment,
(CVE-2010-3709), report&patch from Maksymilian Arciemowicz
Changed paths:
U php/php-src/branches/PHP_5_2/ext/zip/php_zip.c
U php/php-src/branches/PHP_5_3/ext/zip/php_zip.c
Modified: php/php-src/branches/PHP_5_2/ext/zip/php_zip.c
===================================================================
--- php/php-src/branches/PHP_5_2/ext/zip/php_zip.c 2010-10-19 09:53:43 UTC
(rev 304504)
+++ php/php-src/branches/PHP_5_2/ext/zip/php_zip.c 2010-10-19 09:55:36 UTC
(rev 304505)
@@ -1954,6 +1954,9 @@
PHP_ZIP_STAT_INDEX(intern, index, 0, sb);
comment = zip_get_file_comment(intern, index, &comment_len, (int)flags);
+ if(comment==NULL) {
+ RETURN_FALSE;
+ }
RETURN_STRINGL((char *)comment, (long)comment_len, 1);
}
/* }}} */
Modified: php/php-src/branches/PHP_5_3/ext/zip/php_zip.c
===================================================================
--- php/php-src/branches/PHP_5_3/ext/zip/php_zip.c 2010-10-19 09:53:43 UTC
(rev 304504)
+++ php/php-src/branches/PHP_5_3/ext/zip/php_zip.c 2010-10-19 09:55:36 UTC
(rev 304505)
@@ -1961,6 +1961,9 @@
}
comment = zip_get_archive_comment(intern, &comment_len, (int)flags);
+ if(comment==NULL) {
+ RETURN_FALSE;
+ }
RETURN_STRINGL((char *)comment, (long)comment_len, 1);
}
/* }}} */
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
