/73768.diff Secret
Created
December 30, 2016 23:58
Star
You must be signed in to star a gist
Patch for 73768
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
commit b28b8b2fee6dfa6fcd13305c581bb835689ac3be | |
Author: Stanislav Malyshev <stas@php.net> | |
Date: Fri Dec 30 15:57:24 2016 -0800 | |
Fix bug #73768 - Memory corruption when loading hostile phar | |
diff --git a/ext/phar/phar.c b/ext/phar/phar.c | |
index 532b4c3..158f417 100644 | |
--- a/ext/phar/phar.c | |
+++ b/ext/phar/phar.c | |
@@ -981,7 +981,6 @@ static int phar_parse_pharfile(php_stream *fp, char *fname, int fname_len, char | |
/* if the alias is stored we enforce it (implicit overrides explicit) */ | |
if (alias && alias_len && (alias_len != (int)tmp_len || strncmp(alias, buffer, tmp_len))) | |
{ | |
- buffer[tmp_len] = '\0'; | |
php_stream_close(fp); | |
if (signature) { | |
@@ -989,7 +988,7 @@ static int phar_parse_pharfile(php_stream *fp, char *fname, int fname_len, char | |
} | |
if (error) { | |
- spprintf(error, 0, "cannot load phar \"%s\" with implicit alias \"%s\" under different alias \"%s\"", fname, buffer, alias); | |
+ spprintf(error, 0, "cannot load phar \"%s\" with implicit alias \"%.*s\" under different alias \"%s\"", fname, tmp_len, buffer, alias); | |
} | |
efree(savebuf); | |
diff --git a/ext/phar/tests/bug73768.phar b/ext/phar/tests/bug73768.phar | |
new file mode 100644 | |
index 0000000..3f429c2 | |
Binary files /dev/null and b/ext/phar/tests/bug73768.phar differ | |
diff --git a/ext/phar/tests/bug73768.phpt b/ext/phar/tests/bug73768.phpt | |
new file mode 100644 | |
index 0000000..37a4da0 | |
--- /dev/null | |
+++ b/ext/phar/tests/bug73768.phpt | |
@@ -0,0 +1,16 @@ | |
+--TEST-- | |
+Phar: PHP bug #73768: Memory corruption when loading hostile phar | |
+--SKIPIF-- | |
+<?php if (!extension_loaded("phar")) die("skip"); ?> | |
+--FILE-- | |
+<?php | |
+chdir(__DIR__); | |
+try { | |
+$p = Phar::LoadPhar('bug73768.phar', 'alias.phar'); | |
+echo "OK\n"; | |
+} catch(PharException $e) { | |
+ echo $e->getMessage(); | |
+} | |
+?> | |
+--EXPECTF-- | |
+cannot load phar "%sbug73768.phar" with implicit alias "" under different alias "alias.phar" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment