Blame SOURCES/php-5.6.5-CVE-2015-5589.patch

925b0d
Patch cleanup for 5.6.5
925b0d
Binary diff removed
925b0d
925b0d
From bf58162ddf970f63502837f366930e44d6a992cf Mon Sep 17 00:00:00 2001
925b0d
From: Stanislav Malyshev <stas@php.net>
925b0d
Date: Sat, 4 Jul 2015 21:01:50 -0700
925b0d
Subject: [PATCH] Fix bug #69958 - Segfault in Phar::convertToData on invalid
925b0d
 file
925b0d
925b0d
---
925b0d
 ext/phar/phar_object.c       |  70 ++++++++++++++++++++++---------------------
925b0d
 ext/phar/tests/bug69958.phpt |  14 +++++++++
925b0d
 ext/phar/tests/bug69958.tar  | Bin 0 -> 513 bytes
925b0d
 3 files changed, 50 insertions(+), 34 deletions(-)
925b0d
 create mode 100644 ext/phar/tests/bug69958.phpt
925b0d
 create mode 100644 ext/phar/tests/bug69958.tar
925b0d
925b0d
diff --git a/ext/phar/phar_object.c b/ext/phar/phar_object.c
925b0d
index add1fa0..1184863 100644
925b0d
--- a/ext/phar/phar_object.c
925b0d
+++ b/ext/phar/phar_object.c
925b0d
@@ -2341,7 +2341,9 @@ static zval *phar_convert_to_other(phar_archive_data *source, int convert, char
925b0d
 		zend_hash_destroy(&(phar->manifest));
925b0d
 		zend_hash_destroy(&(phar->mounted_dirs));
925b0d
 		zend_hash_destroy(&(phar->virtual_dirs));
925b0d
-		php_stream_close(phar->fp);
925b0d
+		if (phar->fp) {
925b0d
+			php_stream_close(phar->fp);
925b0d
+		}
925b0d
 		efree(phar->fname);
925b0d
 		efree(phar);
925b0d
 		return NULL;
925b0d
925b0d
From 885edfef0a0eb1016a906d197399f92375a795e4 Mon Sep 17 00:00:00 2001
925b0d
From: Stanislav Malyshev <stas@php.net>
925b0d
Date: Mon, 6 Jul 2015 22:58:28 -0700
925b0d
Subject: [PATCH] Better fix for bug #69958
925b0d
925b0d
---
925b0d
 ext/phar/phar_object.c       | 22 +++++++++++++---------
925b0d
 ext/phar/tests/bug69958.phpt |  2 ++
925b0d
 2 files changed, 15 insertions(+), 9 deletions(-)
925b0d
925b0d
diff --git a/ext/phar/phar_object.c b/ext/phar/phar_object.c
925b0d
index 1184863..8cfe0c8 100644
925b0d
--- a/ext/phar/phar_object.c
925b0d
+++ b/ext/phar/phar_object.c
925b0d
@@ -2019,9 +2019,10 @@ static int phar_copy_file_contents(phar_entry_info *entry, php_stream *fp TSRMLS
925b0d
 }
925b0d
 /* }}} */
925b0d
 
925b0d
-static zval *phar_rename_archive(phar_archive_data *phar, char *ext, zend_bool compress TSRMLS_DC) /* {{{ */
925b0d
+static zval *phar_rename_archive(phar_archive_data **sphar, char *ext, zend_bool compress TSRMLS_DC) /* {{{ */
925b0d
 {
925b0d
 	const char *oldname = NULL;
925b0d
+	phar_archive_data *phar = *sphar;
925b0d
 	char *oldpath = NULL;
925b0d
 	char *basename = NULL, *basepath = NULL;
925b0d
 	char *newname = NULL, *newpath = NULL;
925b0d
@@ -2129,6 +2130,7 @@ static zval *phar_rename_archive(phar_archive_data *phar, char *ext, zend_bool c
925b0d
 				phar->fp = NULL;
925b0d
 				phar_destroy_phar_data(phar TSRMLS_CC);
925b0d
 				phar = *pphar;
925b0d
+				*sphar = NULL;
925b0d
 				phar->refcount++;
925b0d
 				newpath = oldpath;
925b0d
 				goto its_ok;
925b0d
@@ -2335,17 +2337,19 @@ static zval *phar_convert_to_other(phar_archive_data *source, int convert, char
925b0d
 		phar_add_virtual_dirs(phar, newentry.filename, newentry.filename_len TSRMLS_CC);
925b0d
 	}
925b0d
 
925b0d
-	if ((ret = phar_rename_archive(phar, ext, 0 TSRMLS_CC))) {
925b0d
+	if ((ret = phar_rename_archive(&phar, ext, 0 TSRMLS_CC))) {
925b0d
 		return ret;
925b0d
 	} else {
925b0d
-		zend_hash_destroy(&(phar->manifest));
925b0d
-		zend_hash_destroy(&(phar->mounted_dirs));
925b0d
-		zend_hash_destroy(&(phar->virtual_dirs));
925b0d
-		if (phar->fp) {
925b0d
-			php_stream_close(phar->fp);
925b0d
+		if(phar != NULL) {
925b0d
+			zend_hash_destroy(&(phar->manifest));
925b0d
+			zend_hash_destroy(&(phar->mounted_dirs));
925b0d
+			zend_hash_destroy(&(phar->virtual_dirs));
925b0d
+			if (phar->fp) {
925b0d
+				php_stream_close(phar->fp);
925b0d
+			}
925b0d
+			efree(phar->fname);
925b0d
+			efree(phar);
925b0d
 		}
925b0d
-		efree(phar->fname);
925b0d
-		efree(phar);
925b0d
 		return NULL;
925b0d
 	}
925b0d
 }