php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Return to Bug #61065
Patch phar.diff revision 2012-05-13 02:20 UTC by rasmus@php.net

Patch phar.diff for PHAR related Bug #61065

Patch version 2012-05-13 02:20 UTC

Return to Bug #61065 | Download this patch
Patch Revisions:

Developer: rasmus@php.net

diff --git a/ext/phar/tar.c b/ext/phar/tar.c
index 9d1e5bc..b914db1 100644
--- a/ext/phar/tar.c
+++ b/ext/phar/tar.c
@@ -337,6 +337,16 @@ bail:
 			last_was_longlink = 1;
 			/* support the ././@LongLink system for storing long filenames */
 			entry.filename_len = entry.uncompressed_filesize;
+
+			/* Check for overflow - bug 61065 */
+			if (entry.filename_len == UINT_MAX) {
+				if (error) {
+					spprintf(error, 4096, "phar error: \"%s\" is a corrupted tar file (invalid entry size)", fname);
+				}
+				php_stream_close(fp);
+				phar_destroy_phar_data(myphar TSRMLS_CC);
+				return FAILURE;
+			}
 			entry.filename = pemalloc(entry.filename_len+1, myphar->is_persistent);
 
 			read = php_stream_read(fp, entry.filename, entry.filename_len);
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Mar 29 00:01:28 2024 UTC