-
-
Save anonymous/91fd8c90a8852ae130eaa23cf44d41d8 to your computer and use it in GitHub Desktop.
Patch for 72321
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
commit d144590d38fa321b46b8e199c754006318985c84 | |
Author: Stanislav Malyshev <stas@php.net> | |
Date: Sun Jun 12 16:43:12 2016 -0700 | |
Fix bug #72321 - use efree() for emalloc allocation | |
diff --git a/ext/phar/phar_object.c b/ext/phar/phar_object.c | |
index 08d2983..64d7a6c 100644 | |
--- a/ext/phar/phar_object.c | |
+++ b/ext/phar/phar_object.c | |
@@ -4217,14 +4217,14 @@ static int phar_extract_file(zend_bool overwrite, phar_entry_info *entry, char * | |
if (!php_stream_mkdir(fullpath, entry->flags & PHAR_ENT_PERM_MASK, PHP_STREAM_MKDIR_RECURSIVE, NULL)) { | |
spprintf(error, 4096, "Cannot extract \"%s\", could not create directory \"%s\"", entry->filename, fullpath); | |
efree(fullpath); | |
- free(new_state.cwd); | |
+ efree(new_state.cwd); | |
return FAILURE; | |
} | |
} else { | |
if (!php_stream_mkdir(fullpath, 0777, PHP_STREAM_MKDIR_RECURSIVE, NULL)) { | |
spprintf(error, 4096, "Cannot extract \"%s\", could not create directory \"%s\"", entry->filename, fullpath); | |
efree(fullpath); | |
- free(new_state.cwd); | |
+ efree(new_state.cwd); | |
return FAILURE; | |
} | |
} | |
diff --git a/ext/phar/tests/72321_1.zip b/ext/phar/tests/72321_1.zip | |
new file mode 100644 | |
index 0000000..ebc44ea | |
Binary files /dev/null and b/ext/phar/tests/72321_1.zip differ | |
diff --git a/ext/phar/tests/72321_2.zip b/ext/phar/tests/72321_2.zip | |
new file mode 100644 | |
index 0000000..de7ca26 | |
Binary files /dev/null and b/ext/phar/tests/72321_2.zip differ | |
diff --git a/ext/phar/tests/bug72321.phpt b/ext/phar/tests/bug72321.phpt | |
new file mode 100644 | |
index 0000000..37aca19 | |
--- /dev/null | |
+++ b/ext/phar/tests/bug72321.phpt | |
@@ -0,0 +1,26 @@ | |
+--TEST-- | |
+Phar: PHP bug #72321: invalid free in phar_extract_file() | |
+--SKIPIF-- | |
+<?php if (!extension_loaded("phar")) die("skip"); ?> | |
+--FILE-- | |
+<?php | |
+chdir(__DIR__); | |
+mkdir("test72321"); | |
+$phar = new PharData("72321_1.zip"); | |
+$phar->extractTo("test72321"); | |
+$phar = new PharData("72321_2.zip"); | |
+try { | |
+$phar->extractTo("test72321"); | |
+} catch(PharException $e) { | |
+ print $e->getMessage()."\n"; | |
+} | |
+?> | |
+DONE | |
+--CLEAN-- | |
+<?php unlink(__DIR__."/test72321/AAAAAAAAxxxxBBBBCCCCCCCCxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"); | |
+rmdir(__DIR__."/test72321"); | |
+?> | |
+--EXPECTF-- | |
+Warning: PharData::extractTo(): Not a directory in %s/bug72321.php on line %d | |
+Extraction from phar "%s/72321_2.zip" failed: Cannot extract "AAAAAAAAxxxxBBBBCCCCCCCCxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/b/c", could not create directory "test72321/AAAAAAAAxxxxBBBBCCCCCCCCxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/b" | |
+DONE | |
\ No newline at end of file |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment