Merge branch 'PHP-7.1' into PHP-7.2

* PHP-7.1: Apply upstream patch for CVE-2017-14107 Backport and apply upstream patch for CVE-2017-14107
author: Anatol Belski <ab@php.net> 2017-10-27 14:18:27 +0200
committer: Anatol Belski <ab@php.net> 2017-10-27 14:18:27 +0200
commit: 40f76c9f0c52658a65479fa01456376c870ed5c9 (patch)
tree: 530826bee07c5c0c9e4a52acbca0bd3d4d0f4935 /ext/zip/lib
parent: f577a03c045e02b80ee0c3ed340bb186500a7342 (diff)
parent: 211dacd7b5c945580e763f7322be85b8be7d92ec (diff)
download: php-git-40f76c9f0c52658a65479fa01456376c870ed5c9.tar.gz
1 files changed, 6 insertions, 1 deletions
diff --git a/ext/zip/lib/zip_open.c b/ext/zip/lib/zip_open.c
index d6209ee1e7..29409b747d 100644
--- a/ext/zip/lib/zip_open.c
+++ b/ext/zip/lib/zip_open.c
@@ -837,7 +837,12 @@ _zip_read_eocd64(zip_source_t *src, zip_buffer_t *buffer, zip_uint64_t buf_offse
         zip_error_set(error, ZIP_ER_SEEK, EFBIG);
         return NULL;
     }
-    if ((flags & ZIP_CHECKCONS) && offset+size != eocd_offset) {
+    if (offset+size > buf_offset + eocd_offset) {
+	/* cdir spans past EOCD record */
+	zip_error_set(error, ZIP_ER_INCONS, 0);
+	return NULL;
+    }
+    if ((flags & ZIP_CHECKCONS) && offset+size != buf_offset + eocd_offset) {
 	zip_error_set(error, ZIP_ER_INCONS, 0);
 	return NULL;
     }
author	Anatol Belski <ab@php.net>	2017-10-27 14:18:27 +0200
committer	Anatol Belski <ab@php.net>	2017-10-27 14:18:27 +0200
commit	40f76c9f0c52658a65479fa01456376c870ed5c9 (patch)
tree	530826bee07c5c0c9e4a52acbca0bd3d4d0f4935 /ext/zip/lib
parent	f577a03c045e02b80ee0c3ed340bb186500a7342 (diff)
parent	211dacd7b5c945580e763f7322be85b8be7d92ec (diff)
download	php-git-40f76c9f0c52658a65479fa01456376c870ed5c9.tar.gz