php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Return to Bug #66731
Patch cve-2014-1943.patch revision 2014-02-18 12:47 UTC by remi@php.net
revision 2014-02-18 08:34 UTC by remi

Patch cve-2014-1943.patch for Filesystem function related Bug #66731

Patch version 2014-02-18 12:47 UTC

Return to Bug #66731 | Download this patch
This patch renders other patches obsolete

Obsolete patches:

Patch Revisions: 2014-02-18 12:47 UTC | 2014-02-18 08:34 UTC

Developer: remi@php.net



  --- ext/fileinfo/tests/cve-2014-1943.phpt.old	2014-02-18 09:28:53.874268355 +0100
  +++ ext/fileinfo/tests/cve-2014-1943.phpt	2014-02-18 09:30:12.459529972 +0100
  @@ -0,0 +1,39 @@
  +--TEST--
 +Bug #61173: Unable to detect error from finfo constructor
 +Bug #66731: file: infinite recursion
  +--SKIPIF--
  +<?php
  +if (!class_exists('finfo'))
  +	die('skip no fileinfo extension');


  +$fd = __DIR__.'/cve-2014-1943.data';
  +$fm = __DIR__.'/cve-2014-1943.magic';
  +
  +$a = "\105\122\000\000\000\000\000";
 +$b = str_repeat("\001", 25000);
 +$b = str_repeat("\001", 250000);
  +$m =  "0           byte        x\n".
  +      ">(1.b)      indirect    x\n";
  +
  +file_put_contents($fd, $a);
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Wed Jul 06 17:05:44 2022 UTC