php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Return to Bug #67241
Patch overflow_in_phar_build revision 2014-05-09 22:11 UTC by crrodriguez at opensuse dot org

Patch overflow_in_phar_build for PHAR related Bug #67241

Patch version 2014-05-09 22:11 UTC

Return to Bug #67241 | Download this patch
Patch Revisions:

Developer: crrodriguez@opensuse.org

From 3d10591d3e1e74dfa6105553d823c5467c24cb22 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= <crrodriguez@opensuse.org>
Date: Fri, 9 May 2014 18:08:15 -0400
Subject: [PATCH] phar: fix buffer overflow in phar_build()

---
 ext/phar/phar_object.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ext/phar/phar_object.c b/ext/phar/phar_object.c
index 407edda..75aadfb 100644
--- a/ext/phar/phar_object.c
+++ b/ext/phar/phar_object.c
@@ -1477,7 +1477,7 @@ static int phar_build(zend_object_iterator *iter, void *puser TSRMLS_DC) /* {{{
 			}
 
 			close_fp = 0;
-			opened = (char *) estrndup(str, sizeof("[stream]") + 1);
+			opened = (char *) estrndup(str, sizeof("[stream]") - 1);
 			goto after_open_fp;
 		case IS_OBJECT:
 			if (instanceof_function(Z_OBJCE_PP(value), spl_ce_SplFileInfo TSRMLS_CC)) {
-- 
1.8.4.5
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri May 17 09:01:32 2024 UTC