mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 05:49:57 +00:00
Code Issues Projects Releases Wiki Activity

php: Security fix CVE-2015-7804

Browse Source 
CVE-2015-7804 php: uninitialized pointer in phar_make_dirstream()

Signed-off-by: Armin Kuster <akuster@mvista.com>
This commit is contained in:
Armin Kuster
2016-02-01 08:30:05 -08:00
committed by Martin Jansa
parent 4fecce0035
commit 889258fd3a
2 changed files with 65 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-devtools/php/php-5.6.12/CVE-2015-7804.patch
+64
View File
@@ -0,0 +1,64 @@
From e78ac461dbefb7c4a3e9fde78d50fbc56b7b0183 Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <stas@php.net>
Date: Mon, 28 Sep 2015 17:12:35 -0700
Subject: [PATCH] FIx bug #70433 - Uninitialized pointer in phar_make_dirstream
when zip entry filename is "/"
Upstream-Status: Backport
https://git.php.net/?p=php-src.git;a=patch;h=e78ac461dbefb7c4a3e9fde78d50fbc56b7b0183
excluded the zip part of the original patch. Hand applied dirstream change
CVE: CVE-2015-7804
Signed-off-by: Armin Kuster <akuster@mvista.com>
---
ext/phar/dirstream.c | 2 +-
ext/phar/tests/bug70433.phpt | 23 +++++++++++++++++++++++
ext/phar/tests/bug70433.zip | Bin 0 -> 264 bytes
3 files changed, 24 insertions(+), 1 deletion(-)
create mode 100644 ext/phar/tests/bug70433.phpt
create mode 100755 ext/phar/tests/bug70433.zip
Index: php-5.6.12/ext/phar/dirstream.c
===================================================================
--- php-5.6.12.orig/ext/phar/dirstream.c
+++ php-5.6.12/ext/phar/dirstream.c
@@ -198,7 +198,7 @@ static php_stream *phar_make_dirstream(c
zend_hash_internal_pointer_reset(manifest);
while (FAILURE != zend_hash_has_more_elements(manifest)) {
- if (HASH_KEY_NON_EXISTENT == zend_hash_get_current_key_ex(manifest, &str_key, &keylen, &unused, 0, NULL)) {
+ if (HASH_KEY_IS_STRING != zend_hash_get_current_key_ex(manifest, &str_key, &keylen, &unused, 0, NULL)) {
break;
}
Index: php-5.6.12/ext/phar/tests/bug70433.phpt
===================================================================
--- /dev/null
+++ php-5.6.12/ext/phar/tests/bug70433.phpt
@@ -0,0 +1,23 @@
+--TEST--
+Phar - bug #70433 - Uninitialized pointer in phar_make_dirstream when zip entry filename is "/"
+--SKIPIF--
+<?php if (!extension_loaded("phar")) die("skip"); ?>
+--FILE--
+<?php
+$phar = new PharData(__DIR__."/bug70433.zip");
+var_dump($phar);
+$meta = $phar->getMetadata();
+var_dump($meta);
+?>
+DONE
+--EXPECTF--
+object(PharData)#1 (3) {
+ ["pathName":"SplFileInfo":private]=>
+ string(0) ""
+ ["glob":"DirectoryIterator":private]=>
+ bool(false)
+ ["subPathName":"RecursiveDirectoryIterator":private]=>
+ string(0) ""
+}
+NULL
+DONE
meta-oe/recipes-devtools/php/php_5.6.12.bb
+1
View File
@@ -2,6 +2,7 @@ require php.inc
SRC_URI += "file://change-AC_TRY_RUN-to-AC_TRY_LINK.patch \
file://CVE-2015-7803.patch \
file://CVE-2015-7804.patch \
"
SRC_URI[md5sum] = "4578dee9d979114610a444bee263ed9b"
SRC_URI[sha256sum] = "6f27104272af7b2a996f85e4100fac627630fbdaf39d7bd263f16cf529c8853a"