File php-CVE-2019-9675.patch of Package php7

diff --git a/ext/phar/tar.c b/ext/phar/tar.c
index 9de3047..20f6882 100644
--- a/ext/phar/tar.c
+++ b/ext/phar/tar.c
@@ -762,7 +762,12 @@ static int phar_tar_writeheaders_int(phar_entry_info *entry, void *argument) /*
 	header.typeflag = entry->tar_type;
 
 	if (entry->link) {
-		strncpy(header.linkname, entry->link, strlen(entry->link));
+		if (strlcpy(header.linkname, entry->link, sizeof(header.linkname)) >= sizeof(header.linkname)) {
+			if (fp->error) {
+				spprintf(fp->error, 4096, "tar-based phar \"%s\" cannot be created, link \"%s\" is too long for format", entry->phar->fname, entry->link);
+			}
+			return ZEND_HASH_APPLY_STOP;
+		}
 	}
 
 	strncpy(header.magic, "ustar", sizeof("ustar")-1);
openSUSE Build Service is sponsored by