Skip to content

Instantly share code, notes, and snippets.

/72321.diff Secret
Created Jun 13, 2016

Embed
What would you like to do?
Patch for 72321
commit d144590d38fa321b46b8e199c754006318985c84
Author: Stanislav Malyshev <stas@php.net>
Date: Sun Jun 12 16:43:12 2016 -0700
Fix bug #72321 - use efree() for emalloc allocation
diff --git a/ext/phar/phar_object.c b/ext/phar/phar_object.c
index 08d2983..64d7a6c 100644
--- a/ext/phar/phar_object.c
+++ b/ext/phar/phar_object.c
@@ -4217,14 +4217,14 @@ static int phar_extract_file(zend_bool overwrite, phar_entry_info *entry, char *
if (!php_stream_mkdir(fullpath, entry->flags & PHAR_ENT_PERM_MASK, PHP_STREAM_MKDIR_RECURSIVE, NULL)) {
spprintf(error, 4096, "Cannot extract \"%s\", could not create directory \"%s\"", entry->filename, fullpath);
efree(fullpath);
- free(new_state.cwd);
+ efree(new_state.cwd);
return FAILURE;
}
} else {
if (!php_stream_mkdir(fullpath, 0777, PHP_STREAM_MKDIR_RECURSIVE, NULL)) {
spprintf(error, 4096, "Cannot extract \"%s\", could not create directory \"%s\"", entry->filename, fullpath);
efree(fullpath);
- free(new_state.cwd);
+ efree(new_state.cwd);
return FAILURE;
}
}
diff --git a/ext/phar/tests/72321_1.zip b/ext/phar/tests/72321_1.zip
new file mode 100644
index 0000000..ebc44ea
Binary files /dev/null and b/ext/phar/tests/72321_1.zip differ
diff --git a/ext/phar/tests/72321_2.zip b/ext/phar/tests/72321_2.zip
new file mode 100644
index 0000000..de7ca26
Binary files /dev/null and b/ext/phar/tests/72321_2.zip differ
diff --git a/ext/phar/tests/bug72321.phpt b/ext/phar/tests/bug72321.phpt
new file mode 100644
index 0000000..37aca19
--- /dev/null
+++ b/ext/phar/tests/bug72321.phpt
@@ -0,0 +1,26 @@
+--TEST--
+Phar: PHP bug #72321: invalid free in phar_extract_file()
+--SKIPIF--
+<?php if (!extension_loaded("phar")) die("skip"); ?>
+--FILE--
+<?php
+chdir(__DIR__);
+mkdir("test72321");
+$phar = new PharData("72321_1.zip");
+$phar->extractTo("test72321");
+$phar = new PharData("72321_2.zip");
+try {
+$phar->extractTo("test72321");
+} catch(PharException $e) {
+ print $e->getMessage()."\n";
+}
+?>
+DONE
+--CLEAN--
+<?php unlink(__DIR__."/test72321/AAAAAAAAxxxxBBBBCCCCCCCCxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx");
+rmdir(__DIR__."/test72321");
+?>
+--EXPECTF--
+Warning: PharData::extractTo(): Not a directory in %s/bug72321.php on line %d
+Extraction from phar "%s/72321_2.zip" failed: Cannot extract "AAAAAAAAxxxxBBBBCCCCCCCCxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/b/c", could not create directory "test72321/AAAAAAAAxxxxBBBBCCCCCCCCxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/b"
+DONE
\ No newline at end of file
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.