home-work
/
alpine-pkg
1
1
Fork 0
Code Issues Pull Requests Releases Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1105 Commits
5 Branches
0 Tags
5.6 MiB
 
 
Tree: 81dc16e1f5
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '81dc16e1f5'
${ noResults }
alpine-pkg/php/php5.4/d06-u009-CVE-2016-7414.patch

73 lines
2.0 KiB
Raw Blame History

Index: php5-5.4.45/ext/phar/util.c
===================================================================
--- php5-5.4.45.orig/ext/phar/util.c 2016-12-09 15:59:08.117343042 +0100
+++ php5-5.4.45/ext/phar/util.c 2016-12-09 15:59:08.109343264 +0100
@@ -1928,6 +1928,13 @@
unsigned char digest[64];
PHP_SHA512_CTX context;
+ if (sig_len < sizeof(digest)) {
+ if (error) {
+ spprintf(error, 0, "broken signature");
+ }
+ return FAILURE;
+ }
+
PHP_SHA512Init(&context);
read_len = end_of_phar;
@@ -1961,6 +1968,13 @@
unsigned char digest[32];
PHP_SHA256_CTX context;
+ if (sig_len < sizeof(digest)) {
+ if (error) {
+ spprintf(error, 0, "broken signature");
+ }
+ return FAILURE;
+ }
+
PHP_SHA256Init(&context);
read_len = end_of_phar;
@@ -2002,6 +2016,13 @@
unsigned char digest[20];
PHP_SHA1_CTX context;
+ if (sig_len < sizeof(digest)) {
+ if (error) {
+ spprintf(error, 0, "broken signature");
+ }
+ return FAILURE;
+ }
+
PHP_SHA1Init(&context);
read_len = end_of_phar;
@@ -2035,6 +2056,13 @@
unsigned char digest[16];
PHP_MD5_CTX context;
+ if (sig_len < sizeof(digest)) {
+ if (error) {
+ spprintf(error, 0, "broken signature");
+ }
+ return FAILURE;
+ }
+
PHP_MD5Init(&context);
read_len = end_of_phar;
Index: php5-5.4.45/ext/phar/zip.c
===================================================================
--- php5-5.4.45.orig/ext/phar/zip.c 2016-12-09 15:59:08.117343042 +0100
+++ php5-5.4.45/ext/phar/zip.c 2016-12-09 15:59:08.109343264 +0100
@@ -430,7 +430,7 @@
php_stream_seek(fp, sizeof(phar_zip_file_header) + entry.header_offset + entry.filename_len + PHAR_GET_16(zipentry.extra_len), SEEK_SET);
sig = (char *) emalloc(entry.uncompressed_filesize);
read = php_stream_read(fp, sig, entry.uncompressed_filesize);
- if (read != entry.uncompressed_filesize) {
+ if (read != entry.uncompressed_filesize || read <= 8) {
php_stream_close(sigfile);
efree(sig);
PHAR_ZIP_FAIL("signature cannot be read");