diff options
author | Stanislav Malyshev <stas@php.net> | 2019-01-06 11:57:16 -0800 |
---|---|---|
committer | Stanislav Malyshev <stas@php.net> | 2019-01-06 11:57:16 -0800 |
commit | fe820fcba616a736b80e911cfc132388acd35ace (patch) | |
tree | d958a1c3d69c8089081a807f4fb8cdfa80007422 /ext/phar | |
parent | 41af1e6781386cf540926ba9d1ff59a3402f8e01 (diff) | |
parent | 8d3dfabef459fe7815e8ea2fd68753fd17859d7b (diff) | |
download | php-git-fe820fcba616a736b80e911cfc132388acd35ace.tar.gz |
Merge branch 'PHP-7.1' into PHP-7.2
* PHP-7.1:
Fix #77369 - memcpy with negative length via crafted DNS response
Fix more issues with encodilng length
Fix #77270: imagecolormatch Out Of Bounds Write on Heap
Fix bug #77380 (Global out of bounds read in xmlrpc base64 code)
Fix bug #77371 (heap buffer overflow in mb regex functions - compile_string_node)
Fix bug #77370 - check that we do not read past buffer end when parsing multibytes
Fix #77269: Potential unsigned underflow in gdImageScale
Fix bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext)
Fix bug #77242 (heap out of bounds read in xmlrpc_decode())
Regenerate certs for openssl tests
Diffstat (limited to 'ext/phar')
-rw-r--r-- | ext/phar/phar.c | 2 | ||||
-rw-r--r-- | ext/phar/tests/bug77247.phpt | 14 |
2 files changed, 15 insertions, 1 deletions
diff --git a/ext/phar/phar.c b/ext/phar/phar.c index 90649bd288..5a13ea4369 100644 --- a/ext/phar/phar.c +++ b/ext/phar/phar.c @@ -2008,7 +2008,7 @@ next_extension: } while (pos != filename && (*(pos - 1) == '/' || *(pos - 1) == '\0')) { - pos = memchr(pos + 1, '.', filename_len - (pos - filename) + 1); + pos = memchr(pos + 1, '.', filename_len - (pos - filename) - 1); if (!pos) { return FAILURE; } diff --git a/ext/phar/tests/bug77247.phpt b/ext/phar/tests/bug77247.phpt new file mode 100644 index 0000000000..588975f9f2 --- /dev/null +++ b/ext/phar/tests/bug77247.phpt @@ -0,0 +1,14 @@ +--TEST-- +PHP bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext) +--SKIPIF-- +<?php if (!extension_loaded("phar")) die("skip"); ?> +--FILE-- +<?php +try { +var_dump(new Phar('a/.b', 0,'test.phar')); +} catch(UnexpectedValueException $e) { + echo "OK"; +} +?> +--EXPECT-- +OK
\ No newline at end of file |