[Pkg-php-commits] [php/debian-sid] Cherry pick fix for crash in zip extract method (possible CWE-170)
Ondřej Surý
ondrej at sury.org
Tue Dec 7 10:17:33 UTC 2010
---
debian/patches/crash_in_zip_extract.patch | 12 ++++++++++++
debian/patches/series | 1 +
2 files changed, 13 insertions(+), 0 deletions(-)
create mode 100644 debian/patches/crash_in_zip_extract.patch
diff --git a/debian/patches/crash_in_zip_extract.patch b/debian/patches/crash_in_zip_extract.patch
new file mode 100644
index 0000000..597c4b0
--- /dev/null
+++ b/debian/patches/crash_in_zip_extract.patch
@@ -0,0 +1,12 @@
+--- a/ext/zip/php_zip.c
++++ b/ext/zip/php_zip.c
+@@ -162,6 +162,9 @@ static int php_zip_extract_file(struct z
+ */
+ virtual_file_ex(&new_state, file, NULL, CWD_EXPAND);
+ path_cleaned = php_zip_make_relative_path(new_state.cwd, new_state.cwd_length);
++ if(!path_cleaned) {
++ return 0;
++ }
+ path_cleaned_len = strlen(path_cleaned);
+
+ if (path_cleaned_len >= MAXPATHLEN || zip_stat(za, file, 0, &sb) != 0) {
diff --git a/debian/patches/series b/debian/patches/series
index 4fd8cea..24778e8 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -72,3 +72,4 @@ bug53323.patch
reject-filenames-with-null-r305507.patch
fix-open_basedir-with-separator-r305698.patch
CVE-2010-4409.patch
+crash_in_zip_extract.patch
--
1.7.1
More information about the Pkg-php-commits
mailing list