php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login | |
Patch cve-2014-1943.patch for Filesystem function related Bug #66731Patch version 2014-02-18 08:34 UTC Return to Bug #66731 | Download this patchThis patch is obsolete Obsoleted by patches: Patch Revisions: 2014-02-18 12:47 UTC | 2014-02-18 08:34 UTCDeveloper: remi--- ext/fileinfo/tests/cve-2014-1943.phpt.old 2014-02-18 09:28:53.874268355 +0100 +++ ext/fileinfo/tests/cve-2014-1943.phpt 2014-02-18 09:30:12.459529972 +0100 @@ -0,0 +1,39 @@ +--TEST-- +Bug #66731: file: infinite recursion +Bug #61173: Unable to detect error from finfo constructor +--SKIPIF-- +<?php +if (!class_exists('finfo')) + die('skip no fileinfo extension'); +$fd = __DIR__.'/cve-2014-1943.data'; +$fm = __DIR__.'/cve-2014-1943.magic'; + +$a = "\105\122\000\000\000\000\000"; +$b = str_repeat("\001", 250000); +$b = str_repeat("\001", 25000); +$m = "0 byte x\n". + ">(1.b) indirect x\n"; + +file_put_contents($fd, $a); |
Copyright © 2001-2024 The PHP Group All rights reserved. |
Last updated: Fri Apr 19 11:01:28 2024 UTC |