php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-24 00:02:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'PHP-8.4'

Browse Source 
* PHP-8.4:
  Fix GH-19752: Phar decompression with invalid extension can cause UAF
This commit is contained in:
Niels Dossche
2025-09-08 23:11:07 +02:00
parent 1869eff6ee c395355728
commit 79eca3f2bf
2 changed files with 18 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
ext/phar/phar_object.c
View File

@@ -2336,7 +2336,11 @@ no_copy:
if (phar->fp) {
php_stream_close(phar->fp);
}
efree(phar->fname);
if (phar->fname != source->fname) {
/* Depending on when phar_rename_archive() errors, the new filename
* may have already been assigned or it may still be the old one. */
efree(phar->fname);
}
efree(phar);
}
return NULL;

13
ext/phar/tests/gh19752.phpt Normal file
View File

@@ -0,0 +1,13 @@
--TEST--
GH-19752 (Phar decompression with invalid extension can cause UAF)
--FILE--
<?php
$phar = new PharData(__DIR__.'/gh19752.1');
try {
$phar->decompress("*");
} catch (BadMethodCallException $e) {
echo $e->getMessage(), "\n";
}
?>
--EXPECTF--
data phar converted from "%sgh19752.1" has invalid extension *