mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-16 04:17:25 +00:00
php: Security fix CVE-2015-7804
CVE-2015-7804 php: uninitialized pointer in phar_make_dirstream() Signed-off-by: Armin Kuster <akuster@mvista.com>
This commit is contained in:
committed by
Martin Jansa
parent
40eed80072
commit
7cb8c764e7
@@ -0,0 +1,62 @@
|
|||||||
|
From e78ac461dbefb7c4a3e9fde78d50fbc56b7b0183 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Stanislav Malyshev <stas@php.net>
|
||||||
|
Date: Mon, 28 Sep 2015 17:12:35 -0700
|
||||||
|
Subject: [PATCH] FIx bug #70433 - Uninitialized pointer in phar_make_dirstream
|
||||||
|
when zip entry filename is "/"
|
||||||
|
|
||||||
|
Upstream-status: Backport
|
||||||
|
|
||||||
|
https://git.php.net/?p=php-src.git;a=patch;h=e78ac461dbefb7c4a3e9fde78d50fbc56b7b0183
|
||||||
|
|
||||||
|
CVE: CVE-2015-7804
|
||||||
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
||||||
|
|
||||||
|
---
|
||||||
|
ext/phar/dirstream.c | 2 +-
|
||||||
|
ext/phar/tests/bug70433.phpt | 23 +++++++++++++++++++++++
|
||||||
|
ext/phar/tests/bug70433.zip | Bin 0 -> 264 bytes
|
||||||
|
3 files changed, 24 insertions(+), 1 deletion(-)
|
||||||
|
create mode 100644 ext/phar/tests/bug70433.phpt
|
||||||
|
create mode 100755 ext/phar/tests/bug70433.zip
|
||||||
|
|
||||||
|
Index: php-5.5.21/ext/phar/dirstream.c
|
||||||
|
===================================================================
|
||||||
|
--- php-5.5.21.orig/ext/phar/dirstream.c
|
||||||
|
+++ php-5.5.21/ext/phar/dirstream.c
|
||||||
|
@@ -207,7 +207,7 @@ static php_stream *phar_make_dirstream(c
|
||||||
|
zend_hash_internal_pointer_reset(manifest);
|
||||||
|
|
||||||
|
while (FAILURE != zend_hash_has_more_elements(manifest)) {
|
||||||
|
- if (HASH_KEY_NON_EXISTENT == zend_hash_get_current_key_ex(manifest, &key, &keylen, &unused, 0, NULL)) {
|
||||||
|
+ if (HASH_KEY_IS_STRING != zend_hash_get_current_key_ex(manifest, &key, &keylen, &unused, 0, NULL)) {
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
Index: php-5.5.21/ext/phar/tests/bug70433.phpt
|
||||||
|
===================================================================
|
||||||
|
--- /dev/null
|
||||||
|
+++ php-5.5.21/ext/phar/tests/bug70433.phpt
|
||||||
|
@@ -0,0 +1,23 @@
|
||||||
|
+--TEST--
|
||||||
|
+Phar - bug #70433 - Uninitialized pointer in phar_make_dirstream when zip entry filename is "/"
|
||||||
|
+--SKIPIF--
|
||||||
|
+<?php if (!extension_loaded("phar")) die("skip"); ?>
|
||||||
|
+--FILE--
|
||||||
|
+<?php
|
||||||
|
+$phar = new PharData(__DIR__."/bug70433.zip");
|
||||||
|
+var_dump($phar);
|
||||||
|
+$meta = $phar->getMetadata();
|
||||||
|
+var_dump($meta);
|
||||||
|
+?>
|
||||||
|
+DONE
|
||||||
|
+--EXPECTF--
|
||||||
|
+object(PharData)#1 (3) {
|
||||||
|
+ ["pathName":"SplFileInfo":private]=>
|
||||||
|
+ string(0) ""
|
||||||
|
+ ["glob":"DirectoryIterator":private]=>
|
||||||
|
+ bool(false)
|
||||||
|
+ ["subPathName":"RecursiveDirectoryIterator":private]=>
|
||||||
|
+ string(0) ""
|
||||||
|
+}
|
||||||
|
+NULL
|
||||||
|
+DONE
|
||||||
@@ -15,6 +15,7 @@ SRC_URI = "http://php.net/distributions/php-${PV}.tar.bz2 \
|
|||||||
file://0001-php-don-t-use-broken-wrapper-for-mkdir.patch \
|
file://0001-php-don-t-use-broken-wrapper-for-mkdir.patch \
|
||||||
file://0001-acinclude-use-pkgconfig-for-libxml2-config.patch \
|
file://0001-acinclude-use-pkgconfig-for-libxml2-config.patch \
|
||||||
file://CVE-2015-7803.patch \
|
file://CVE-2015-7803.patch \
|
||||||
|
file://CVE-2015-7804.patch \
|
||||||
"
|
"
|
||||||
|
|
||||||
SRC_URI_append_class-target += " \
|
SRC_URI_append_class-target += " \
|
||||||
|
|||||||
Reference in New Issue
Block a user