Patch overflow_in_phar_build for PHAR related Bug #67241
Patch version 2014-05-09 22:11 UTC
Return to Bug #67241 |
Download this patch
Patch Revisions:
Developer: crrodriguez@opensuse.org
From 3d10591d3e1e74dfa6105553d823c5467c24cb22 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= <crrodriguez@opensuse.org>
Date: Fri, 9 May 2014 18:08:15 -0400
Subject: [PATCH] phar: fix buffer overflow in phar_build()
---
ext/phar/phar_object.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ext/phar/phar_object.c b/ext/phar/phar_object.c
index 407edda..75aadfb 100644
--- a/ext/phar/phar_object.c
+++ b/ext/phar/phar_object.c
@@ -1477,7 +1477,7 @@ static int phar_build(zend_object_iterator *iter, void *puser TSRMLS_DC) /* {{{
}
close_fp = 0;
- opened = (char *) estrndup(str, sizeof("[stream]") + 1);
+ opened = (char *) estrndup(str, sizeof("[stream]") - 1);
goto after_open_fp;
case IS_OBJECT:
if (instanceof_function(Z_OBJCE_PP(value), spl_ce_SplFileInfo TSRMLS_CC)) {
--
1.8.4.5
|