Tree - rpms/rh-php56-php - CentOS Git server

Blob History Raw

		4c9102	`From ef8fc4b53d92fbfcd8ef1abbd6f2f5fe2c4a11e5 Mon Sep 17 00:00:00 2001`
		4c9102	`From: Stanislav Malyshev <stas@php.net>`
		4c9102	`Date: Tue, 17 Mar 2015 21:59:56 -0700`
		4c9102	`Subject: [PATCH] Fix bug #69253 - ZIP Integer Overflow leads to writing past`
		4c9102	`heap boundary`
		4c9102
		4c9102	`---`
		4c9102	`NEWS \| 4 ++++`
		4c9102	`ext/zip/lib/zip_dirent.c \| 2 +-`
		4c9102	`2 files changed, 5 insertions(+), 1 deletion(-)`
		4c9102
		4c9102	`diff --git a/ext/zip/lib/zip_dirent.c b/ext/zip/lib/zip_dirent.c`
		4c9102	`index b9dac5c..0090801 100644`
		4c9102	`--- a/ext/zip/lib/zip_dirent.c`
		4c9102	`+++ b/ext/zip/lib/zip_dirent.c`
		4c9102	`@@ -110,7 +110,7 @@`
		4c9102
		4c9102	`if (nentry == 0)`
		4c9102	`cd->entry = NULL;`
		4c9102	`- else if ((cd->entry=(struct zip_entry )malloc(sizeof((cd->entry))*(size_t)nentry)) == NULL) {`
		4c9102	`+ else if (nentry > ((size_t)-1)/sizeof((cd->entry)) \|\| (cd->entry=(struct zip_entry )malloc(sizeof((cd->entry))(size_t)nentry)) == NULL) {`
		4c9102	`_zip_error_set(error, ZIP_ER_MEMORY, 0);`
		4c9102	`free(cd);`
		4c9102	`return NULL;`