Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

fix bug #61065

  • Loading branch information...
commit a10e778bfb7ce9caa1f91666ddf2705db7982d68 1 parent 6340126
@smalyshev smalyshev authored
Showing with 10 additions and 0 deletions.
  1. +10 −0 ext/phar/tar.c
View
10 ext/phar/tar.c
@@ -337,6 +337,16 @@ int phar_parse_tarfile(php_stream* fp, char *fname, int fname_len, char *alias,
last_was_longlink = 1;
/* support the ././@LongLink system for storing long filenames */
entry.filename_len = entry.uncompressed_filesize;
+
+ /* Check for overflow - bug 61065 */
+ if (entry.filename_len == UINT_MAX) {
+ if (error) {
+ spprintf(error, 4096, "phar error: \"%s\" is a corrupted tar file (invalid entry size)", fname);
+ }
+ php_stream_close(fp);
+ phar_destroy_phar_data(myphar TSRMLS_CC);
+ return FAILURE;
+ }
entry.filename = pemalloc(entry.filename_len+1, myphar->is_persistent);
read = php_stream_read(fp, entry.filename, entry.filename_len);
Please sign in to comment.
Something went wrong with that request. Please try again.