diff options
author | Stanislav Malyshev <stas@php.net> | 2016-09-12 21:10:34 -0700 |
---|---|---|
committer | Stanislav Malyshev <stas@php.net> | 2016-09-12 21:10:34 -0700 |
commit | dad0e9d1a3ad97a9c22201523e703c8741a6b0b2 (patch) | |
tree | 735a5c95d9936f6ab8bf61d22053de485cdf3364 /ext/phar/util.c | |
parent | caea2c876b4302b9fb1b12bfa755e064ec199e68 (diff) | |
parent | 07c6bdb85d3efe21598ebb8af6fcebceb9d486e9 (diff) | |
download | php-git-dad0e9d1a3ad97a9c22201523e703c8741a6b0b2.tar.gz |
Merge branch 'PHP-7.0' into PHP-7.1
* PHP-7.0: (22 commits)
Fix bug #72293 - Heap overflow in mysqlnd related to BIT fields
I don't think 8cceb012a7aabf3c36ab7c2724a436f976cdd165 is needed
Fix test
Add check in fgetcsv in case sizeof(unit) != sizeof(size_t)
Fix bug #73065: Out-Of-Bounds Read in php_wddx_push_element of wddx.c
Fix bug #73035 (Out of bound when verify signature of tar phar in phar_parse_tarfile)
Fix bug #73052 - Memory Corruption in During Deserialized-object Destruction
Fix bug #73029 - Missing type check when unserializing SplArray
Fix bug #72860: wddx_deserialize use-after-free
Fix bug #73007: add locale length check
Fix bug #72928 - Out of bound when verify signature of zip phar in phar_parse_zipfile
sync NEWS
Revert "Merge branch 'PHP-5.6' into PHP-7.0"
Merge branch 'PHP-5.6' into PHP-7.0
Merge branch 'PHP-5.6' into PHP-7.0
Revert "Revert "Merge branch 'PHP-5.6' into PHP-7.0""
fix version
sync NEWS
Fix bug #72957
set versions
...
Diffstat (limited to 'ext/phar/util.c')
-rw-r--r-- | ext/phar/util.c | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/ext/phar/util.c b/ext/phar/util.c index e8e2b57b5d..2ab5340ee3 100644 --- a/ext/phar/util.c +++ b/ext/phar/util.c @@ -1603,6 +1603,13 @@ int phar_verify_signature(php_stream *fp, size_t end_of_phar, uint32_t sig_type, unsigned char digest[64]; PHP_SHA512_CTX context; + if (sig_len < sizeof(digest)) { + if (error) { + spprintf(error, 0, "broken signature"); + } + return FAILURE; + } + PHP_SHA512Init(&context); read_len = end_of_phar; @@ -1636,6 +1643,13 @@ int phar_verify_signature(php_stream *fp, size_t end_of_phar, uint32_t sig_type, unsigned char digest[32]; PHP_SHA256_CTX context; + if (sig_len < sizeof(digest)) { + if (error) { + spprintf(error, 0, "broken signature"); + } + return FAILURE; + } + PHP_SHA256Init(&context); read_len = end_of_phar; @@ -1677,6 +1691,13 @@ int phar_verify_signature(php_stream *fp, size_t end_of_phar, uint32_t sig_type, unsigned char digest[20]; PHP_SHA1_CTX context; + if (sig_len < sizeof(digest)) { + if (error) { + spprintf(error, 0, "broken signature"); + } + return FAILURE; + } + PHP_SHA1Init(&context); read_len = end_of_phar; @@ -1710,6 +1731,13 @@ int phar_verify_signature(php_stream *fp, size_t end_of_phar, uint32_t sig_type, unsigned char digest[16]; PHP_MD5_CTX context; + if (sig_len < sizeof(digest)) { + if (error) { + spprintf(error, 0, "broken signature"); + } + return FAILURE; + } + PHP_MD5Init(&context); read_len = end_of_phar; |