File php-CVE-2016-4473.patch of Package php7.16129
Index: php-7.0.7/ext/phar/phar_object.c
===================================================================
--- php-7.0.7.orig/ext/phar/phar_object.c 2016-09-06 13:55:46.208275565 +0200
+++ php-7.0.7/ext/phar/phar_object.c 2016-09-06 13:56:05.132599949 +0200
@@ -4166,14 +4166,14 @@ static int phar_extract_file(zend_bool o
if (!php_stream_mkdir(fullpath, entry->flags & PHAR_ENT_PERM_MASK, PHP_STREAM_MKDIR_RECURSIVE, NULL)) {
spprintf(error, 4096, "Cannot extract \"%s\", could not create directory \"%s\"", entry->filename, fullpath);
efree(fullpath);
- free(new_state.cwd);
+ efree(new_state.cwd);
return FAILURE;
}
} else {
if (!php_stream_mkdir(fullpath, 0777, PHP_STREAM_MKDIR_RECURSIVE, NULL)) {
spprintf(error, 4096, "Cannot extract \"%s\", could not create directory \"%s\"", entry->filename, fullpath);
efree(fullpath);
- free(new_state.cwd);
+ efree(new_state.cwd);
return FAILURE;
}
}