php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Return to Bug #77586
Patch issue-77586-buff-overflow revision 2019-02-13 05:17 UTC by bishop@php.net
Patch issue-77586-buff-overflow.patch revision 2019-02-11 21:16 UTC by bishop@php.net
Patch phar_tar_writeheaders.patch revision 2019-02-08 11:16 UTC by jordy at simplyhacker dot com

Patch issue-77586-buff-overflow.patch for PHAR related Bug #77586

Patch version 2019-02-11 21:16 UTC

Return to Bug #77586 | Download this patch
This patch is obsolete

Obsoleted by patches:

This patch renders other patches obsolete

Obsolete patches:

Patch Revisions:

Developer: bishop@php.net

--- a/ext/phar/tar.c
+++ b/ext/phar/tar.c
@@ -762,7 +762,12 @@ static int phar_tar_writeheaders_int(phar_entry_info *entry, void *argument) /*
 	header.typeflag = entry->tar_type;
 
 	if (entry->link) {
-		strncpy(header.linkname, entry->link, strlen(entry->link));
+		if (strlcpy(header.linkname, entry->link, sizeof(header.linkname)) >= sizeof(header.linkname)) {
+			if (fp->error) {
+				spprintf(fp->error, 4096, "tar-based phar \"%s\" cannot be created, link \"%s\" is too long for format", entry->phar->fname, entry->link);
+			}
+			return ZEND_HASH_APPLY_STOP;
+		}
 	}
 
 	strncpy(header.magic, "ustar", sizeof("ustar")-1);
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Tue Nov 04 23:00:01 2025 UTC