diff options
| author | Christoph M. Becker <cmbecker69@gmx.de> | 2020-12-15 11:46:46 +0100 |
|---|---|---|
| committer | Christoph M. Becker <cmbecker69@gmx.de> | 2020-12-15 11:46:46 +0100 |
| commit | 6b37cdda669d40b1f3059ddb2625543b3358b8ff (patch) | |
| tree | 9e290f8824ed5010624768a5ed3f0cb5aa4c24b7 /ext/phar | |
| parent | 6e2614ef6ca176a7f2f79142f662f5cc0a12cace (diff) | |
| parent | c2fbab392c5b25aeb2daf243f4107557416942fb (diff) | |
| download | php-git-6b37cdda669d40b1f3059ddb2625543b3358b8ff.tar.gz | |
Merge branch 'PHP-8.0'
* PHP-8.0:
Fix #77322: PharData::addEmptyDir('/') Possible integer overflow
Diffstat (limited to 'ext/phar')
| -rw-r--r-- | ext/phar/tests/bug77322.phpt | 24 | ||||
| -rw-r--r-- | ext/phar/util.c | 2 |
2 files changed, 25 insertions, 1 deletions
diff --git a/ext/phar/tests/bug77322.phpt b/ext/phar/tests/bug77322.phpt new file mode 100644 index 0000000000..b9e5ce4dba --- /dev/null +++ b/ext/phar/tests/bug77322.phpt @@ -0,0 +1,24 @@ +--TEST-- +Bug #77322 (PharData::addEmptyDir('/') Possible integer overflow) +--SKIPIF-- +<?php +if (!extension_loaded('phar')) die('skip phar extension not available'); +?> +--FILE-- +<?php +$zip = new PharData(__DIR__ . '/bug77322.zip'); +$zip->addEmptyDir('/'); +var_dump($zip->count()); + +$tar = new PharData(__DIR__ . '/bug77322.tar'); +$tar->addEmptyDir('/'); +var_dump($tar->count()); +?> +--EXPECT-- +int(1) +int(1) +--CLEAN-- +<?php +unlink(__DIR__ . '/bug77322.zip'); +unlink(__DIR__ . '/bug77322.tar'); +?> diff --git a/ext/phar/util.c b/ext/phar/util.c index 6c084d8458..b45251d14a 100644 --- a/ext/phar/util.c +++ b/ext/phar/util.c @@ -567,7 +567,7 @@ phar_entry_data *phar_get_or_create_entry_data(char *fname, size_t fname_len, ch } else { etemp.flags = etemp.old_flags = PHAR_ENT_PERM_DEF_FILE; } - if (is_dir) { + if (is_dir && path_len) { etemp.filename_len--; /* strip trailing / */ path_len--; } |