File php7-CVE-2020-7063.patch of Package php7

X-Git-Url: http://208.43.231.11:8000/?p=php-src.git;a=blobdiff_plain;f=ext%2Fphar%2Fphar_object.c;h=89b553c2b91ca8d9ea1b30ba186185175a450246;hp=6cf097e36fe46b372ddc86c0a769c394d110fd86;hb=ead40a66785aedaa393f953a0ed9224adaf040cd;hpb=7acaa4020d0eeb2911e70148ac57787f085e03e0

diff --git a/ext/phar/phar_object.c b/ext/phar/phar_object.c
index 6cf097e36f..89b553c2b9 100644
--- a/ext/phar/phar_object.c
+++ b/ext/phar/phar_object.c
@@ -1419,6 +1419,7 @@ static int phar_build(zend_object_iterator *iter, void *puser) /* {{{ */
 	char *str_key;
 	zend_class_entry *ce = p_obj->c;
 	phar_archive_object *phar_obj = p_obj->p;
+	php_stream_statbuf ssb;
 
 	value = iter->funcs->get_current_data(iter);
 
@@ -1686,6 +1687,16 @@ after_open_fp:
 		php_stream_copy_to_stream_ex(fp, p_obj->fp, PHP_STREAM_COPY_ALL, &contents_len);
 		data->internal_file->uncompressed_filesize = data->internal_file->compressed_filesize =
 			php_stream_tell(p_obj->fp) - data->internal_file->offset;
+		if (php_stream_stat(fp, &ssb) != -1) {
+			data->internal_file->flags = ssb.sb.st_mode & PHAR_ENT_PERM_MASK ;
+		} else {
+#ifndef _WIN32
+			mode_t mask;
+			mask = umask(0);
+			umask(mask);
+			data->internal_file->flags &= ~mask;
+#endif
+		}
 	}
 
 	if (close_fp) {

X-Git-Url: http://208.43.231.11:8000/?p=php-src.git;a=blobdiff_plain;f=ext%2Fphar%2Fphar_object.c;h=bd7cbc9174523066baa407468cf943575d353c7d;hp=905fcece7300a9619d3af977e52d6d72f5771282;hb=80ea25c28d9139e237fd65c0a0f2aa87385e03e4;hpb=2c35e49dd89b5add7420db0a2f5f0b5727eb814e

diff --git a/ext/phar/phar_object.c b/ext/phar/phar_object.c
index 905fcece73..bd7cbc9174 100644
--- a/ext/phar/phar_object.c
+++ b/ext/phar/phar_object.c
@@ -3637,7 +3637,8 @@ static void phar_add_file(phar_archive_data **pphar, char *filename, int filenam
 	char *error;
 	size_t contents_len;
 	phar_entry_data *data;
-	php_stream *contents_file;
+	php_stream *contents_file = NULL;
+	php_stream_statbuf ssb;
 
 	if (filename_len >= (int)sizeof(".phar")-1) {
 		start_pos = ('/' == filename[0] ? 1 : 0); /* account for any leading slash: multiple-leads handled elsewhere */
@@ -3674,10 +3675,20 @@ static void phar_add_file(phar_archive_data **pphar, char *filename, int filenam
 				}
 				php_stream_copy_to_stream_ex(contents_file, data->fp, PHP_STREAM_COPY_ALL, &contents_len);
 			}
-
 			data->internal_file->compressed_filesize = data->internal_file->uncompressed_filesize = contents_len;
 		}
 
+		if (contents_file != NULL && php_stream_stat(contents_file, &ssb TSRMLS_CC) != -1) {
+			data->internal_file->flags = ssb.sb.st_mode & PHAR_ENT_PERM_MASK ;
+		} else {
+#ifndef _WIN32
+			mode_t mask;
+			mask = umask(0);
+			umask(mask);
+			data->internal_file->flags &= ~mask;
+#endif
+		}
+
 		/* check for copy-on-write */
 		if (pphar[0] != data->phar) {
 			*pphar = data->phar;
openSUSE Build Service is sponsored by