rpms / rh-php56-php

Clone
Source Code
GIT

Blame SOURCES/php-5.6.5-CVE-2015-4021.patch

c7
  1.   8c52ea4cddde578a6233a1d5be6cada30df4e797
  2.   SOURCES
  3.   php-5.6.5-CVE-2015-4021.patch
Blob History Raw
f90754 
From c27f012b7a447e59d4a704688971cbfa7dddaa74 Mon Sep 17 00:00:00 2001
f90754 
From: Stanislav Malyshev <stas@php.net>
f90754 
Date: Wed, 29 Apr 2015 22:04:20 -0700
f90754 
Subject: [PATCH] Fix bug #69453 - don't try to cut empty string
f90754
f90754 
---
f90754 
 ext/phar/tar.c               |  2 +-
f90754 
 ext/phar/tests/bug69453.phpt | 21 +++++++++++++++++++++
f90754 
 2 files changed, 22 insertions(+), 1 deletion(-)
f90754 
 create mode 100644 ext/phar/tests/bug69453.phpt
f90754
f90754 
diff --git a/ext/phar/tar.c b/ext/phar/tar.c
f90754 
index ca8eafc..d6d63e6 100644
f90754 
--- a/ext/phar/tar.c
f90754 
+++ b/ext/phar/tar.c
f90754 
@@ -425,7 +425,7 @@ bail:
f90754 
 			entry.filename_len = i;
f90754 
 			entry.filename = pestrndup(hdr->name, i, myphar->is_persistent);
f90754
f90754 
-			if (entry.filename[entry.filename_len - 1] == '/') {
f90754 
+			if (i > 0 && entry.filename[entry.filename_len - 1] == '/') {
f90754 
 				/* some tar programs store directories with trailing slash */
f90754 
 				entry.filename[entry.filename_len - 1] = '\0';
f90754 
 				entry.filename_len--;
f90754 
--
f90754 
2.1.4
f90754

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation