diff options
| -rw-r--r-- | NEWS | 4 | ||||
| -rw-r--r-- | ext/phar/tar.c | 10 | ||||
| -rw-r--r-- | ext/standard/php_fopen_wrapper.c | 14 |
3 files changed, 28 insertions, 0 deletions
@@ -22,6 +22,7 @@ PHP NEWS . Fixed bug #61713 (Logic error in charset detection for htmlentities). (Anatoliy) . Fixed bug #61991 (long overflow in realpath_cache_get()). (Anatoliy) + . Changed php://fd to be available only for CLI. - Fileinfo: . Fixed bug #61812 (Uninitialised value used in libmagic). @@ -35,6 +36,9 @@ PHP NEWS . Fixed bug #61755 (A parsing bug in the prepared statements can lead to access violations). (Johannes) +- Phar: + . Fix bug #61065 (Secunia SA44335). (Rasmus) + - Iconv extension: . Fixed a bug that iconv extension fails to link to the correct library when another extension makes use of a library that links to the iconv diff --git a/ext/phar/tar.c b/ext/phar/tar.c index 9d1e5bcb1d..b914db129e 100644 --- a/ext/phar/tar.c +++ b/ext/phar/tar.c @@ -337,6 +337,16 @@ bail: last_was_longlink = 1; /* support the ././@LongLink system for storing long filenames */ entry.filename_len = entry.uncompressed_filesize; + + /* Check for overflow - bug 61065 */ + if (entry.filename_len == UINT_MAX) { + if (error) { + spprintf(error, 4096, "phar error: \"%s\" is a corrupted tar file (invalid entry size)", fname); + } + php_stream_close(fp); + phar_destroy_phar_data(myphar TSRMLS_CC); + return FAILURE; + } entry.filename = pemalloc(entry.filename_len+1, myphar->is_persistent); read = php_stream_read(fp, entry.filename, entry.filename_len); diff --git a/ext/standard/php_fopen_wrapper.c b/ext/standard/php_fopen_wrapper.c index a831dd1c16..b51aaa219f 100644 --- a/ext/standard/php_fopen_wrapper.c +++ b/ext/standard/php_fopen_wrapper.c @@ -263,6 +263,20 @@ php_stream * php_stream_url_wrap_php(php_stream_wrapper *wrapper, char *path, ch long fildes_ori; int dtablesize; + if (strcmp(sapi_module.name, "cli")) { + if (options & REPORT_ERRORS) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Direct access to file descriptors is only available from command-line PHP"); + } + return NULL; + } + + if ((options & STREAM_OPEN_FOR_INCLUDE) && !PG(allow_url_include) ) { + if (options & REPORT_ERRORS) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "URL file-access is disabled in the server configuration"); + } + return NULL; + } + start = &path[3]; fildes_ori = strtol(start, &end, 10); if (end == start || *end != '\0') { |