File php-CVE-2016-3142.patch of Package php5.openSUSE_Leap_42.1_Update

X-Git-Url: https://72.52.91.13:4430/?p=php-src.git;a=blobdiff_plain;f=ext%2Fphar%2Fzip.c;h=7f294c2de2a54bbb30feca3ffa96913b72310d7a;hp=e4883d3533dd8a297b7a6eaf8de10ef9c162e82d;hb=a6fdc5bb27b20d889de0cd29318b3968aabb57bd;hpb=b1bd4119bcafab6f9a8f84d92cd65eec3afeface

--- ext/phar/zip.c
+++ ext/phar/zip.c
@@ -199,7 +199,7 @@ int phar_parse_zipfile(php_stream *fp, char *fname, int fname_len, char *alias,
 	}
 
 	while ((p=(char *) memchr(p + 1, 'P', (size_t) (size - (p + 1 - buf)))) != NULL) {
-		if (!memcmp(p + 1, "K\5\6", 3)) {
+		if ((p - buf) + sizeof(locator) <= size && !memcmp(p + 1, "K\5\6", 3)) {
 			memcpy((void *)&locator, (void *) p, sizeof(locator));
 			if (PHAR_GET_16(locator.centraldisk) != 0 || PHAR_GET_16(locator.disknumber) != 0) {
 				/* split archives not handled */