| 1 |
slords |
1.1.2.1 |
|
| 2 |
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2386 |
| 3 |
|
|
|
| 4 |
|
|
http://git.php.net/?p=php-src.git;a=commit;h=158d8a6b088662ce9d31e0c777c6ebe90efdc854 |
| 5 |
|
|
|
| 6 |
|
|
--- php-5.3.3/ext/phar/tar.c.cve2386 |
| 7 |
|
|
+++ php-5.3.3/ext/phar/tar.c |
| 8 |
|
|
@@ -38,7 +38,7 @@ static php_uint32 phar_tar_number(char * |
| 9 |
|
|
/* }}} */ |
| 10 |
|
|
|
| 11 |
|
|
/* adapted from format_octal() in libarchive |
| 12 |
|
|
- * |
| 13 |
|
|
+ * |
| 14 |
|
|
* Copyright (c) 2003-2009 Tim Kientzle |
| 15 |
|
|
* All rights reserved. |
| 16 |
|
|
* |
| 17 |
|
|
@@ -161,7 +161,7 @@ static int phar_tar_process_metadata(pha |
| 18 |
|
|
size_t save = php_stream_tell(fp), read; |
| 19 |
|
|
phar_entry_info *mentry; |
| 20 |
|
|
|
| 21 |
|
|
- metadata = (char *) emalloc(entry->uncompressed_filesize + 1); |
| 22 |
|
|
+ metadata = (char *) safe_emalloc(1, entry->uncompressed_filesize, 1); |
| 23 |
|
|
|
| 24 |
|
|
read = php_stream_read(fp, metadata, entry->uncompressed_filesize); |
| 25 |
|
|
if (read != entry->uncompressed_filesize) { |
| 26 |
|
|
@@ -367,7 +367,7 @@ bail: |
| 27 |
|
|
} |
| 28 |
|
|
|
| 29 |
|
|
read = php_stream_read(fp, buf, sizeof(buf)); |
| 30 |
|
|
- |
| 31 |
|
|
+ |
| 32 |
|
|
if (read != sizeof(buf)) { |
| 33 |
|
|
efree(entry.filename); |
| 34 |
|
|
if (error) { |
Parent Directory
| 
Revision Log
| 
Revision Graph
