]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f600785)
Backport and apply upstream patch for CVE-2017-14107
authorAnatol Belski <ab@php.net>
Fri, 27 Oct 2017 11:16:56 +0000 (13:16 +0200)
committerAnatol Belski <ab@php.net>
Fri, 27 Oct 2017 11:16:56 +0000 (13:16 +0200)
ext/zip/lib/zip_open.c patch | blob | history

diff --git a/ext/zip/lib/zip_open.c b/ext/zip/lib/zip_open.c
index d91fe469dbebbe3603ed4cbe5a41a0f167fc7cba..3616cc544800ea3082540c1804fa2e1777fec303 100644 (file)
--- a/ext/zip/lib/zip_open.c
+++ b/ext/zip/lib/zip_open.c
@@ -726,7 +726,12 @@ _zip_read_eocd64(FILE *f, const zip_uint8_t *eocd64loc, const zip_uint8_t *buf,
         _zip_error_set(error, ZIP_ER_SEEK, EFBIG);
         return NULL;
     }
-    if ((flags & ZIP_CHECKCONS) && offset+size != eocd_offset) {
+    if (offset+size > buf_offset + eocd_offset) {
+       /* cdir spans past EOCD record */
+       _zip_error_set(error, ZIP_ER_INCONS, 0);
+       return NULL;
+    }
+    if ((flags & ZIP_CHECKCONS) && offset+size != buf_offset + eocd_offset) {
        _zip_error_set(error, ZIP_ER_INCONS, 0);
        return NULL;
     }
Unnamed repository; edit this file 'description' to name the repository.