php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-14 11:32:11 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
4ef300ff5ee309394e78bd92d6cb9cd47cf4195a
archived-php-src/ext/phar
History
Christoph M. Becker 4ef300ff5e Fix #81726: phar wrapper: DOS when using quine gzip file 
The phar wrapper needs to uncompress the file; the uncompressed file
might be compressed, so the wrapper implementation loops. This raises
potential DOS issues regarding too deep or even infinite recursion (the
latter are called compressed file quines[1]). We avoid that by
introducing a recursion limit; we choose the somewhat arbitrary limit
`3`.

This issue has been reported by real_as3617 and gPayl0ad.

[1] <https://honno.dev/gzip-quine/>
2022-09-28 10:56:48 +02:00
..
phar
implement openssl_256 and openssl_512 for phar singatures
2021-08-11 14:13:57 +02:00
tests
Fix #81726: phar wrapper: DOS when using quine gzip file
2022-09-28 10:56:48 +02:00
build_precommand.php
Apply tidy formatting
2020-02-03 13:41:31 +01:00
config.m4
Sync HAVE_HASH, HAVE_HASH_EXT, PHAR_HASH_OK symbols
2019-06-27 23:25:33 +02:00
config.w32
Sync HAVE_HASH, HAVE_HASH_EXT, PHAR_HASH_OK symbols
2019-06-27 23:25:33 +02:00
CREDITS
dirstream.c
Remove all *_EXTERN_C() in C source files (#7054)
2021-05-27 15:52:54 +08:00
dirstream.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
func_interceptors.c
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
func_interceptors.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
gdbhelp
Sync leading and final newlines in source code files
2018-10-14 12:56:38 +02:00
Makefile.frag
Respect --program-prefix/suffix when installing phar
2020-06-05 10:10:40 +02:00
Makefile.frag.w32
Sync leading and final newlines in source code files
2018-10-14 12:56:38 +02:00
makestub.php
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
phar_internal.h
implement openssl_256 and openssl_512 for phar singatures
2021-08-11 14:13:57 +02:00
phar_object_arginfo.h
Merge branch 'PHP-8.0' into PHP-8.1
2021-09-08 12:32:58 +01:00
phar_object.c
Merge branch 'PHP-8.0'
2021-08-23 23:31:00 -07:00
phar_object.stub.php
Merge branch 'PHP-8.0' into PHP-8.1
2021-09-08 12:32:58 +01:00
phar_path_check.re
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
phar.1.in
implement openssl_256 and openssl_512 for phar singatures
2021-08-11 14:13:57 +02:00
phar.c
Fix #81726: phar wrapper: DOS when using quine gzip file
2022-09-28 10:56:48 +02:00
phar.phar.1.in
pharzip.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
php_phar.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
shortarc.php
Fix undefined variable, and remove unused test-pdo
2019-05-03 18:14:32 +02:00
stream.c
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
stream.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
stub.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
tar.c
Fixed some spaces used instead of tabs
2021-06-29 11:30:26 +02:00
tar.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
util.c
implement openssl_256 and openssl_512 for phar singatures
2021-08-11 14:13:57 +02:00
zip.c
switch phar to use sha256 signature by default
2021-08-11 14:13:54 +02:00