Commit:    4eb802bb14b05b82573457bc0f528e61ca7ddc45
Author:    Stanislav Malyshev <s...@php.net>         Tue, 15 May 2012 22:34:34 
-0700
Committer: Johannes Schlüter <johan...@php.net>      Wed, 16 May 2012 16:30:29 
+0200
Parents:   93c91c733cf2259263e4d8c0f3ccc254246d404d
Branches:  PHP-5.3 PHP-5.4 master

Link:       
http://git.php.net/?p=php-src.git;a=commitdiff;h=4eb802bb14b05b82573457bc0f528e61ca7ddc45

Log:
fix bug #61065
(cherry picked from commit a10e778bfb7ce9caa1f91666ddf2705db7982d68)

Bugs:
https://bugs.php.net/61065

Changed paths:
  M  ext/phar/tar.c


Diff:
diff --git a/ext/phar/tar.c b/ext/phar/tar.c
index 9d1e5bc..b914db1 100644
--- a/ext/phar/tar.c
+++ b/ext/phar/tar.c
@@ -337,6 +337,16 @@ bail:
                        last_was_longlink = 1;
                        /* support the ././@LongLink system for storing long 
filenames */
                        entry.filename_len = entry.uncompressed_filesize;
+
+                       /* Check for overflow - bug 61065 */
+                       if (entry.filename_len == UINT_MAX) {
+                               if (error) {
+                                       spprintf(error, 4096, "phar error: 
\"%s\" is a corrupted tar file (invalid entry size)", fname);
+                               }
+                               php_stream_close(fp);
+                               phar_destroy_phar_data(myphar TSRMLS_CC);
+                               return FAILURE;
+                       }
                        entry.filename = pemalloc(entry.filename_len+1, 
myphar->is_persistent);
 
                        read = php_stream_read(fp, entry.filename, 
entry.filename_len);


--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to