PHP :: Sec Bug #68901 :: use after free in phar

Sec Bug #68901	use after free in phar_object.c
Submitted:	2015-01-24 18:44 UTC	Modified:	2015-03-18 12:12 UTC
From:	bugreports at internot dot info	Assigned:	laruence (profile)
Status:	Closed	Package:	PHAR related
PHP Version:	5.5.21	OS:	Linux Ubuntu 14.04
Private report:	No	CVE-ID:	2015-2301

View Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	bugreports at internot dot info
New email:
PHP Version:		OS:

New/Additional Comment:

[2015-01-24 18:44 UTC] bugreports at internot dot info

Description:
------------
Hi,

In /ext/phar/phar_object.c:
2131                                newpath = oldpath;
but then:

2142                efree(oldpath);
2143                zend_throw_exception_ex(spl_ce_BadMethodCallException, 0 TSRMLS_CC, "phar \"%s\" exists and must be unlinked prior to conversion", newpath);

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2015-01-28 16:15 UTC] laruence@php.net

-Status: Open +Status: Closed -Assigned To: +Assigned To: laruence

[2015-01-28 16:15 UTC] laruence@php.net

The fix for this bug has been committed.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.

[2015-01-28 18:17 UTC] stas@php.net

-Summary: use after free +Summary: use after free in phar_object.c

[2015-03-18 12:12 UTC] kaplan@php.net

-CVE-ID: +CVE-ID: 2015-2301

[2015-04-11 23:29 UTC] stas@php.net

Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=920a0afbf8f83962c70aaf9a144810f320be92b3
Log: Fixed bug #68901 (use after free)

[2015-04-14 08:31 UTC] stas@php.net

Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=920a0afbf8f83962c70aaf9a144810f320be92b3
Log: Fixed bug #68901 (use after free)

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Nov 21 13:01:29 2024 UTC