You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 

52 lines
1.8 KiB

From 1c1b8b69982375700d4b011eb89ea48b66dbd5aa Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <stas@php.net>
Date: Sat, 16 Jan 2016 20:43:43 -0800
Subject: [PATCH] Fix bug #71391: NULL Pointer Dereference in
phar_tar_setupmetadata()
[roberto@debian.org: backported to 5.4.45]
Bug: https://bugs.php.net/bug.php?id=71391
Origin: backport, https://git.php.net/?p=php-src.git;a=commitdiff;h=1c1b8b69982375700d4b011eb89ea48b66dbd5aa
---
ext/phar/tar.c | 3 +++
ext/phar/tests/bug71391.phpt | 18 ++++++++++++++++++
ext/phar/tests/bug71391.tar | Bin 0 -> 3584 bytes
3 files changed, 21 insertions(+)
create mode 100644 ext/phar/tests/bug71391.phpt
create mode 100644 ext/phar/tests/bug71391.tar
--- php5.git.orig/ext/phar/tar.c
+++ php5.git/ext/phar/tar.c
@@ -888,6 +888,9 @@
if (entry->filename_len >= sizeof(".phar/.metadata") && !memcmp(entry->filename, ".phar/.metadata", sizeof(".phar/.metadata")-1)) {
if (entry->filename_len == sizeof(".phar/.metadata.bin")-1 && !memcmp(entry->filename, ".phar/.metadata.bin", sizeof(".phar/.metadata.bin")-1)) {
+ if (entry->phar->metadata == NULL) {
+ return ZEND_HASH_APPLY_REMOVE;
+ }
return phar_tar_setmetadata(entry->phar->metadata, entry, error TSRMLS_CC);
}
/* search for the file this metadata entry references */
--- /dev/null
+++ php5.git/ext/phar/tests/bug71391.phpt
@@ -0,0 +1,18 @@
+--TEST--
+Phar: bug #71391: NULL Pointer Dereference in phar_tar_setupmetadata()
+--SKIPIF--
+<?php if (!extension_loaded("phar")) die("skip"); ?>
+--FILE--
+<?php
+// duplicate since the tar will change
+copy(__DIR__."/bug71391.tar", __DIR__."/bug71391.test.tar");
+$p = new PharData(__DIR__."/bug71391.test.tar");
+$p->delMetaData();
+?>
+DONE
+--CLEAN--
+<?php
+unlink(__DIR__."/bug71391.test.tar");
+?>
+--EXPECT--
+DONE
\ No newline at end of file