- Fixed bug #54247 (format-string vulnerability on Phar)

author Felipe Pena <felipe@php.net>

Mon, 14 Mar 2011 13:54:41 +0000 (13:54 +0000)

committer Felipe Pena <felipe@php.net>

Mon, 14 Mar 2011 13:54:41 +0000 (13:54 +0000)
author Felipe Pena <felipe@php.net>
Mon, 14 Mar 2011 13:54:41 +0000 (13:54 +0000)
committer Felipe Pena <felipe@php.net>
Mon, 14 Mar 2011 13:54:41 +0000 (13:54 +0000)
diff --git a/ext/phar/phar_object.c b/ext/phar/phar_object.c

index a659b570dda299c55610a2f14949ca1296d12562..3e98538f943ca9ad9cbddfda2fe299c9dac04a79 100644 (file)
--- a/ext/phar/phar_object.c
+++ b/ext/phar/phar_object.c
@@ -1141,7 +1141,7 @@ PHP_METHOD(Phar, loadPhar)
         RETVAL_BOOL(phar_open_from_filename(fname, fname_len, alias, alias_len, REPORT_ERRORS, NULL, &error TSRMLS_CC) == SUCCESS);
  
         if (error) {
-               zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+               zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
                 efree(error);
         }
  } /* }}} */
@@ -2007,7 +2007,7 @@ PHP_METHOD(Phar, buildFromDirectory)
                 phar_flush(phar_obj->arc.archive, 0, 0, 0, &error TSRMLS_CC);
  
                 if (error) {
-                       zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+                       zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
                         efree(error);
                 }
  
@@ -2070,7 +2070,7 @@ PHP_METHOD(Phar, buildFromIterator)
                 phar_obj->arc.archive->ufp = pass.fp;
                 phar_flush(phar_obj->arc.archive, 0, 0, 0, &error TSRMLS_CC);
                 if (error) {
-                       zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+                       zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
                         efree(error);
                 }
         } else {
@@ -2327,7 +2327,7 @@ its_ok:
         phar_flush(phar, 0, 0, 1, &error TSRMLS_CC);
  
         if (error) {
-               zend_throw_exception_ex(spl_ce_BadMethodCallException, 0 TSRMLS_CC, error);
+               zend_throw_exception_ex(spl_ce_BadMethodCallException, 0 TSRMLS_CC, "%s", error);
                 efree(error);
                 efree(oldpath);
                 return NULL;
@@ -2787,7 +2787,7 @@ PHP_METHOD(Phar, delete)
  
         phar_flush(phar_obj->arc.archive, NULL, 0, 0, &error TSRMLS_CC);
         if (error) {
-               zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+               zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
                 efree(error);
         }
  
@@ -2862,7 +2862,7 @@ PHP_METHOD(Phar, setAlias)
                                 efree(error);
                                 goto valid_alias;
                         }
-                       zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+                       zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
                         efree(error);
                         RETURN_FALSE;
                 }
@@ -2899,7 +2899,7 @@ valid_alias:
                         phar_obj->arc.archive->alias = oldalias;
                         phar_obj->arc.archive->alias_len = oldalias_len;
                         phar_obj->arc.archive->is_temporary_alias = old_temp;
-                       zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+                       zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
                         if (readd) {
                                 zend_hash_add(&(PHAR_GLOBALS->phar_alias_map), oldalias, oldalias_len, (void*)&(phar_obj->arc.archive), sizeof(phar_archive_data*), NULL);
                         }
@@ -2972,7 +2972,7 @@ PHP_METHOD(Phar, stopBuffering)
         phar_flush(phar_obj->arc.archive, 0, 0, 0, &error TSRMLS_CC);
  
         if (error) {
-               zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+               zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
                 efree(error);
         }
  }
@@ -3021,7 +3021,7 @@ PHP_METHOD(Phar, setStub)
                         }
                         phar_flush(phar_obj->arc.archive, (char *) &zstub, len, 0, &error TSRMLS_CC);
                         if (error) {
-                               zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+                               zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
                                 efree(error);
                         }
                         RETURN_TRUE;
@@ -3037,7 +3037,7 @@ PHP_METHOD(Phar, setStub)
                 phar_flush(phar_obj->arc.archive, stub, stub_len, 0, &error TSRMLS_CC);
  
                 if (error) {
-                       zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+                       zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
                         efree(error);
                 }
  
@@ -3098,7 +3098,7 @@ PHP_METHOD(Phar, setDefaultStub)
                 stub = phar_create_default_stub(index, webindex, &stub_len, &error TSRMLS_CC);
  
                 if (error) {
-                       zend_throw_exception_ex(spl_ce_UnexpectedValueException, 0 TSRMLS_CC, error);
+                       zend_throw_exception_ex(spl_ce_UnexpectedValueException, 0 TSRMLS_CC, "%s", error);
                         efree(error);
                         if (stub) {
                                 efree(stub);
@@ -3120,7 +3120,7 @@ PHP_METHOD(Phar, setDefaultStub)
         }
  
         if (error) {
-               zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+               zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
                 efree(error);
                 RETURN_FALSE;
         }
@@ -3175,7 +3175,7 @@ PHP_METHOD(Phar, setSignatureAlgorithm)
  
                         phar_flush(phar_obj->arc.archive, 0, 0, 0, &error TSRMLS_CC);
                         if (error) {
-                               zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+                               zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
                                 efree(error);
                         }
                         break;
@@ -3477,7 +3477,7 @@ PHP_METHOD(Phar, compressFiles)
         phar_flush(phar_obj->arc.archive, 0, 0, 0, &error TSRMLS_CC);
  
         if (error) {
-               zend_throw_exception_ex(spl_ce_BadMethodCallException, 0 TSRMLS_CC, error);
+               zend_throw_exception_ex(spl_ce_BadMethodCallException, 0 TSRMLS_CC, "%s", error);
                 efree(error);
         }
  }
@@ -3517,7 +3517,7 @@ PHP_METHOD(Phar, decompressFiles)
         phar_flush(phar_obj->arc.archive, 0, 0, 0, &error TSRMLS_CC);
  
         if (error) {
-               zend_throw_exception_ex(spl_ce_BadMethodCallException, 0 TSRMLS_CC, error);
+               zend_throw_exception_ex(spl_ce_BadMethodCallException, 0 TSRMLS_CC, "%s", error);
                 efree(error);
         }
  
@@ -3617,7 +3617,7 @@ PHP_METHOD(Phar, copy)
                 if (FAILURE == phar_copy_entry_fp(oldentry, &newentry, &error TSRMLS_CC)) {
                         efree(newentry.filename);
                         php_stream_close(newentry.fp);
-                       zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+                       zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
                         efree(error);
                         return;
                 }
@@ -3628,7 +3628,7 @@ PHP_METHOD(Phar, copy)
         phar_flush(phar_obj->arc.archive, 0, 0, 0, &error TSRMLS_CC);
  
         if (error) {
-               zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+               zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
                 efree(error);
         }
  
@@ -3774,7 +3774,7 @@ static void phar_add_file(phar_archive_data **pphar, char *filename, int filenam
                 phar_flush(*pphar, 0, 0, 0, &error TSRMLS_CC);
  
                 if (error) {
-                       zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+                       zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
                         efree(error);
                 }
         }
@@ -3810,7 +3810,7 @@ static void phar_mkdir(phar_archive_data **pphar, char *dirname, int dirname_len
                 phar_flush(*pphar, 0, 0, 0, &error TSRMLS_CC);
  
                 if (error) {
-                       zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+                       zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
                         efree(error);
                 }
         }
@@ -3896,7 +3896,7 @@ PHP_METHOD(Phar, offsetUnset)
                         phar_flush(phar_obj->arc.archive, 0, 0, 0, &error TSRMLS_CC);
  
                         if (error) {
-                               zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+                               zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
                                 efree(error);
                         }
  
@@ -4152,7 +4152,7 @@ PHP_METHOD(Phar, setMetadata)
         phar_flush(phar_obj->arc.archive, 0, 0, 0, &error TSRMLS_CC);
  
         if (error) {
-               zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+               zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
                 efree(error);
         }
  }
@@ -4179,7 +4179,7 @@ PHP_METHOD(Phar, delMetadata)
                 phar_flush(phar_obj->arc.archive, 0, 0, 0, &error TSRMLS_CC);
  
                 if (error) {
-                       zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+                       zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
                         efree(error);
                         RETURN_FALSE;
                 } else {
@@ -4727,7 +4727,7 @@ PHP_METHOD(PharFileInfo, chmod)
         phar_flush(entry_obj->ent.entry->phar, 0, 0, 0, &error TSRMLS_CC);
  
         if (error) {
-               zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+               zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
                 efree(error);
         }
  }
@@ -4813,7 +4813,7 @@ PHP_METHOD(PharFileInfo, setMetadata)
         phar_flush(entry_obj->ent.entry->phar, 0, 0, 0, &error TSRMLS_CC);
  
         if (error) {
-               zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+               zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
                 efree(error);
         }
  }
@@ -4858,7 +4858,7 @@ PHP_METHOD(PharFileInfo, delMetadata)
                 phar_flush(entry_obj->ent.entry->phar, 0, 0, 0, &error TSRMLS_CC);
  
                 if (error) {
-                       zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+                       zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
                         efree(error);
                         RETURN_FALSE;
                 } else {
@@ -5040,7 +5040,7 @@ PHP_METHOD(PharFileInfo, compress)
         phar_flush(entry_obj->ent.entry->phar, 0, 0, 0, &error TSRMLS_CC);
  
         if (error) {
-               zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+               zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
                 efree(error);
         }
  
@@ -5115,7 +5115,7 @@ PHP_METHOD(PharFileInfo, decompress)
         phar_flush(entry_obj->ent.entry->phar, 0, 0, 0, &error TSRMLS_CC);
  
         if (error) {
-               zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+               zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
                 efree(error);
         }
         RETURN_TRUE;
author	Felipe Pena <felipe@php.net>
	Mon, 14 Mar 2011 13:54:41 +0000 (13:54 +0000)
committer	Felipe Pena <felipe@php.net>
	Mon, 14 Mar 2011 13:54:41 +0000 (13:54 +0000)