Search
j0ke.net Open Build Service
>
Projects
>
home:jg
:
playground
:
zpanel
>
zpphp
> php-5.3.3-CVE-2012-2386.patch
Sign Up
|
Log In
Username
Password
Cancel
Overview
Repositories
Revisions
Requests
Users
Advanced
Attributes
Meta
File php-5.3.3-CVE-2012-2386.patch of Package zpphp
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2386 http://git.php.net/?p=php-src.git;a=commit;h=158d8a6b088662ce9d31e0c777c6ebe90efdc854 --- php-5.3.3/ext/phar/tar.c.cve2386 +++ php-5.3.3/ext/phar/tar.c @@ -38,7 +38,7 @@ static php_uint32 phar_tar_number(char * /* }}} */ /* adapted from format_octal() in libarchive - * + * * Copyright (c) 2003-2009 Tim Kientzle * All rights reserved. * @@ -161,7 +161,7 @@ static int phar_tar_process_metadata(pha size_t save = php_stream_tell(fp), read; phar_entry_info *mentry; - metadata = (char *) emalloc(entry->uncompressed_filesize + 1); + metadata = (char *) safe_emalloc(1, entry->uncompressed_filesize, 1); read = php_stream_read(fp, metadata, entry->uncompressed_filesize); if (read != entry->uncompressed_filesize) { @@ -367,7 +367,7 @@ bail: } read = php_stream_read(fp, buf, sizeof(buf)); - + if (read != sizeof(buf)) { efree(entry.filename); if (error) {