PHP :: Bug #77586

Return to Bug #77586
Patch issue-77586-buff-overflow	revision 2019-02-13 05:17 UTC by bishop@php.net
Patch issue-77586-buff-overflow.patch	revision 2019-02-11 21:16 UTC by bishop@php.net
Patch phar_tar_writeheaders.patch	revision 2019-02-08 11:16 UTC by jordy at simplyhacker dot com

Patch issue-77586-buff-overflow.patch for PHAR related Bug #77586

Patch version 2019-02-11 21:16 UTC

Return to Bug #77586 | Download this patch

This patch is obsolete

Obsoleted by patches:

issue-77586-buff-overflow, revision 2019-02-13 05:17 UTC

This patch renders other patches obsolete

Obsolete patches:

phar_tar_writeheaders.patch, revision 2019-02-08 11:16 UTC

Patch Revisions:

2019-02-11 21:16 UTC [diff to current]

Developer: bishop@php.net

--- a/ext/phar/tar.c
+++ b/ext/phar/tar.c
@@ -762,7 +762,12 @@ static int phar_tar_writeheaders_int(phar_entry_info *entry, void *argument) /*
 	header.typeflag = entry->tar_type;
 
 	if (entry->link) {
-		strncpy(header.linkname, entry->link, strlen(entry->link));
+		if (strlcpy(header.linkname, entry->link, sizeof(header.linkname)) >= sizeof(header.linkname)) {
+			if (fp->error) {
+				spprintf(fp->error, 4096, "tar-based phar \"%s\" cannot be created, link \"%s\" is too long for format", entry->phar->fname, entry->link);
+			}
+			return ZEND_HASH_APPLY_STOP;
+		}
 	}
 
 	strncpy(header.magic, "ustar", sizeof("ustar")-1);

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Nov 21 14:01:29 2024 UTC