File php7-CVE-2020-7063.patch of Package php7.24162
X-Git-Url: http://208.43.231.11:8000/?p=php-src.git;a=blobdiff_plain;f=ext%2Fphar%2Fphar_object.c;h=89b553c2b91ca8d9ea1b30ba186185175a450246;hp=6cf097e36fe46b372ddc86c0a769c394d110fd86;hb=ead40a66785aedaa393f953a0ed9224adaf040cd;hpb=7acaa4020d0eeb2911e70148ac57787f085e03e0
diff --git a/ext/phar/phar_object.c b/ext/phar/phar_object.c
index 6cf097e36f..89b553c2b9 100644
--- a/ext/phar/phar_object.c
+++ b/ext/phar/phar_object.c
@@ -1419,6 +1419,7 @@ static int phar_build(zend_object_iterator *iter, void *puser) /* {{{ */
char *str_key;
zend_class_entry *ce = p_obj->c;
phar_archive_object *phar_obj = p_obj->p;
+ php_stream_statbuf ssb;
value = iter->funcs->get_current_data(iter);
@@ -1686,6 +1687,16 @@ after_open_fp:
php_stream_copy_to_stream_ex(fp, p_obj->fp, PHP_STREAM_COPY_ALL, &contents_len);
data->internal_file->uncompressed_filesize = data->internal_file->compressed_filesize =
php_stream_tell(p_obj->fp) - data->internal_file->offset;
+ if (php_stream_stat(fp, &ssb) != -1) {
+ data->internal_file->flags = ssb.sb.st_mode & PHAR_ENT_PERM_MASK ;
+ } else {
+#ifndef _WIN32
+ mode_t mask;
+ mask = umask(0);
+ umask(mask);
+ data->internal_file->flags &= ~mask;
+#endif
+ }
}
if (close_fp) {
X-Git-Url: http://208.43.231.11:8000/?p=php-src.git;a=blobdiff_plain;f=ext%2Fphar%2Fphar_object.c;h=bd7cbc9174523066baa407468cf943575d353c7d;hp=905fcece7300a9619d3af977e52d6d72f5771282;hb=80ea25c28d9139e237fd65c0a0f2aa87385e03e4;hpb=2c35e49dd89b5add7420db0a2f5f0b5727eb814e
diff --git a/ext/phar/phar_object.c b/ext/phar/phar_object.c
index 905fcece73..bd7cbc9174 100644
--- a/ext/phar/phar_object.c
+++ b/ext/phar/phar_object.c
@@ -3637,7 +3637,8 @@ static void phar_add_file(phar_archive_data **pphar, char *filename, int filenam
char *error;
size_t contents_len;
phar_entry_data *data;
- php_stream *contents_file;
+ php_stream *contents_file = NULL;
+ php_stream_statbuf ssb;
if (filename_len >= (int)sizeof(".phar")-1) {
start_pos = ('/' == filename[0] ? 1 : 0); /* account for any leading slash: multiple-leads handled elsewhere */
@@ -3674,10 +3675,20 @@ static void phar_add_file(phar_archive_data **pphar, char *filename, int filenam
}
php_stream_copy_to_stream_ex(contents_file, data->fp, PHP_STREAM_COPY_ALL, &contents_len);
}
-
data->internal_file->compressed_filesize = data->internal_file->uncompressed_filesize = contents_len;
}
+ if (contents_file != NULL && php_stream_stat(contents_file, &ssb TSRMLS_CC) != -1) {
+ data->internal_file->flags = ssb.sb.st_mode & PHAR_ENT_PERM_MASK ;
+ } else {
+#ifndef _WIN32
+ mode_t mask;
+ mask = umask(0);
+ umask(mask);
+ data->internal_file->flags &= ~mask;
+#endif
+ }
+
/* check for copy-on-write */
if (pphar[0] != data->phar) {
*pphar = data->phar;