diff options
author | Stanislav Malyshev <stas@php.net> | 2014-08-04 00:08:17 -0700 |
---|---|---|
committer | Stanislav Malyshev <stas@php.net> | 2014-08-04 00:08:17 -0700 |
commit | 9b9aa4b81178af7ff7c516834617d9c609b29325 (patch) | |
tree | fe6abb2440db36199369aaccdb15ce4fa9de311a | |
parent | c9e114a4515491ac454b7a058cf11fd8a407fbd1 (diff) | |
parent | 61ec9b5b0f80bc6016548d48f433fe22e2dc24ec (diff) | |
download | php-git-9b9aa4b81178af7ff7c516834617d9c609b29325.tar.gz |
Merge branch 'PHP-5.4' into PHP-5.5
* PHP-5.4:
add test
-rw-r--r-- | ext/fileinfo/tests/cve-2014-3538.phpt | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/ext/fileinfo/tests/cve-2014-3538.phpt b/ext/fileinfo/tests/cve-2014-3538.phpt new file mode 100644 index 0000000000..d6bc9c68c8 --- /dev/null +++ b/ext/fileinfo/tests/cve-2014-3538.phpt @@ -0,0 +1,35 @@ +--TEST-- +Bug #66731: file: extensive backtraking +--SKIPIF-- +<?php +if (!class_exists('finfo')) + die('skip no fileinfo extension'); +--FILE-- +<?php +$fd = __DIR__.'/cve-2014-3538.data'; + +file_put_contents($fd, + 'try:' . + str_repeat("\n", 1000000)); + +$fi = finfo_open(FILEINFO_NONE); +$t = microtime(true); +var_dump(finfo_file($fi, $fd)); +$t = microtime(true) - $t; +finfo_close($fi); +if ($t < 1) { + echo "Ok\n"; +} else { + printf("Failed, time=%.2f\n", $t); +} + +?> +Done +--CLEAN-- +<?php +@unlink(__DIR__.'/cve-2014-3538.data'); +?> +--EXPECTF-- +string(%d) "%s" +Ok +Done
\ No newline at end of file |