diff options
Diffstat (limited to 'ext/fileinfo/tests/cve-2014-1943.phpt')
-rw-r--r-- | ext/fileinfo/tests/cve-2014-1943.phpt | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/ext/fileinfo/tests/cve-2014-1943.phpt b/ext/fileinfo/tests/cve-2014-1943.phpt new file mode 100644 index 0000000000..b2e9c17c3f --- /dev/null +++ b/ext/fileinfo/tests/cve-2014-1943.phpt @@ -0,0 +1,39 @@ +--TEST-- +Bug #66731: file: infinite recursion +--SKIPIF-- +<?php +if (!class_exists('finfo')) + die('skip no fileinfo extension'); +--FILE-- +<?php +$fd = __DIR__.'/cve-2014-1943.data'; +$fm = __DIR__.'/cve-2014-1943.magic'; + +$a = "\105\122\000\000\000\000\000"; +$b = str_repeat("\001", 250000); +$m = "0 byte x\n". + ">(1.b) indirect x\n"; + +file_put_contents($fd, $a); +$fi = finfo_open(FILEINFO_NONE); +var_dump(finfo_file($fi, $fd)); +finfo_close($fi); + +file_put_contents($fd, $b); +file_put_contents($fm, $m); +$fi = finfo_open(FILEINFO_NONE, $fm); +var_dump(finfo_file($fi, $fd)); +finfo_close($fi); +?> +Done +--CLEAN-- +<?php +@unlink(__DIR__.'/cve-2014-1943.data'); +@unlink(__DIR__.'/cve-2014-1943.magic'); +?> +--EXPECTF-- +string(%d) "%s" + +Warning: finfo_file(): Failed identify data 0:(null) in %s on line %d +bool(false) +Done |