[PHP-CVS] com php-src: fix bug #61065: ext/phar/tar.c
Commit:a10e778bfb7ce9caa1f91666ddf2705db7982d68 Author:Stanislav Malyshev s...@php.net Tue, 15 May 2012 22:34:34 -0700 Parents: 63401268db9cf9b0e07b7a5819644d61f572746a Branches: PHP-5.4 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=a10e778bfb7ce9caa1f91666ddf2705db7982d68 Log: fix bug #61065 Bugs: https://bugs.php.net/61065 Changed paths: M ext/phar/tar.c Diff: diff --git a/ext/phar/tar.c b/ext/phar/tar.c index 9d1e5bc..b914db1 100644 --- a/ext/phar/tar.c +++ b/ext/phar/tar.c @@ -337,6 +337,16 @@ bail: last_was_longlink = 1; /* support the ././@LongLink system for storing long filenames */ entry.filename_len = entry.uncompressed_filesize; + + /* Check for overflow - bug 61065 */ + if (entry.filename_len == UINT_MAX) { + if (error) { + spprintf(error, 4096, phar error: \%s\ is a corrupted tar file (invalid entry size), fname); + } + php_stream_close(fp); + phar_destroy_phar_data(myphar TSRMLS_CC); + return FAILURE; + } entry.filename = pemalloc(entry.filename_len+1, myphar-is_persistent); read = php_stream_read(fp, entry.filename, entry.filename_len); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: fix bug #61065: ext/phar/tar.c
Commit:1fdece54d9a53660c9bdc1464390fdd8456c0c7a Author:Stanislav Malyshev s...@php.net Tue, 15 May 2012 22:34:34 -0700 Parents: e6dc487a2b9abc22fdfc8113060d087dc75c651c Branches: PHP-5.4.4 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=1fdece54d9a53660c9bdc1464390fdd8456c0c7a Log: fix bug #61065 Bugs: https://bugs.php.net/61065 Changed paths: M ext/phar/tar.c Diff: diff --git a/ext/phar/tar.c b/ext/phar/tar.c index 9d1e5bc..b914db1 100644 --- a/ext/phar/tar.c +++ b/ext/phar/tar.c @@ -337,6 +337,16 @@ bail: last_was_longlink = 1; /* support the ././@LongLink system for storing long filenames */ entry.filename_len = entry.uncompressed_filesize; + + /* Check for overflow - bug 61065 */ + if (entry.filename_len == UINT_MAX) { + if (error) { + spprintf(error, 4096, phar error: \%s\ is a corrupted tar file (invalid entry size), fname); + } + php_stream_close(fp); + phar_destroy_phar_data(myphar TSRMLS_CC); + return FAILURE; + } entry.filename = pemalloc(entry.filename_len+1, myphar-is_persistent); read = php_stream_read(fp, entry.filename, entry.filename_len); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php