Overview

File php-CVE-2016-4343.patch of Package php5.openSUSE_13.2_Update

Index: php-5.6.1/ext/phar/dirstream.c
===================================================================
--- php-5.6.1.orig/ext/phar/dirstream.c	2016-05-02 11:23:40.309353006 +0200
+++ php-5.6.1/ext/phar/dirstream.c	2016-05-02 11:24:24.789354174 +0200
@@ -198,12 +198,13 @@
 	zend_hash_internal_pointer_reset(manifest);
 
 	while (FAILURE != zend_hash_has_more_elements(manifest)) {
+               keylen = 0;
 		if (HASH_KEY_NON_EXISTENT == zend_hash_get_current_key_ex(manifest, &str_key, &keylen, &unused, 0, NULL)) {
 			break;
 		}
 
 		if (keylen <= (uint)dirlen) {
-			if (keylen < (uint)dirlen || !strncmp(str_key, dir, dirlen)) {
+                       if (keylen == 0 || keylen < (uint)dirlen || !strncmp(str_key, dir, dirlen)) {
 				if (SUCCESS != zend_hash_move_forward(manifest)) {
 					break;
 				}
Index: php-5.6.1/ext/phar/tar.c
===================================================================
--- php-5.6.1.orig/ext/phar/tar.c	2016-05-02 11:23:40.309353006 +0200
+++ php-5.6.1/ext/phar/tar.c	2016-05-02 11:24:06.453353692 +0200
@@ -347,7 +347,7 @@
 			entry.filename_len = entry.uncompressed_filesize;
 
 			/* Check for overflow - bug 61065 */
-			if (entry.filename_len == UINT_MAX) {
+                       if (entry.filename_len == UINT_MAX || entry.filename_len == 0) {
 				if (error) {
 					spprintf(error, 4096, "phar error: \"%s\" is a corrupted tar file (invalid entry size)", fname);
 				}
openSUSE Build Service is sponsored by
Places