File php-CVE-2015-3329.patch of Package php-5.3.29

X-Git-Url: http://72.52.91.13:8000/?p=php-src.git;a=blobdiff_plain;f=ext%2Fphar%2Fphar_internal.h;h=84282d2a8fe8f3a7da67fa00d9f5dba48f4d8124;hp=fcfc86457d623350b93e88ab2438a07093bdde86;hb=f59b67ae50064560d7bfcdb0d6a8ab284179053c;hpb=45facd15fb1be704ee1ae374fa306dad8450edbd

--- ext/phar/phar_internal.h
+++ ext/phar/phar_internal.h
@@ -618,10 +618,13 @@ static inline void phar_set_inode(phar_entry_info *entry TSRMLS_DC) /* {{{ */
 {
 	char tmp[MAXPATHLEN];
 	int tmp_len;
+	size_t len;
 
-	tmp_len = entry->filename_len + entry->phar->fname_len;
-	memcpy(tmp, entry->phar->fname, entry->phar->fname_len);
-	memcpy(tmp + entry->phar->fname_len, entry->filename, entry->filename_len);
+	tmp_len = MIN(MAXPATHLEN, entry->filename_len + entry->phar->fname_len);
+	len = MIN(entry->phar->fname_len, tmp_len);
+	memcpy(tmp, entry->phar->fname, len);
+	len = MIN(tmp_len - len, entry->filename_len);
+	memcpy(tmp + entry->phar->fname_len, entry->filename, len);
 	entry->inode = (unsigned short)zend_get_hash_value(tmp, tmp_len);
 }
 /* }}} */