From: Anatol Belski <ab@php.net>
Date: Fri, 27 Oct 2017 11:20:15 +0000 (+0200)
Subject: Apply upstream patch for CVE-2017-14107
X-Git-Tag: php-7.0.26RC1~31
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=10dc1950f734e41ae001f295b12b54114e247c5e;p=php

Apply upstream patch for CVE-2017-14107
---

diff --git a/ext/zip/lib/zip_open.c b/ext/zip/lib/zip_open.c
index d6209ee1e7..29409b747d 100644
--- a/ext/zip/lib/zip_open.c
+++ b/ext/zip/lib/zip_open.c
@@ -837,7 +837,12 @@ _zip_read_eocd64(zip_source_t *src, zip_buffer_t *buffer, zip_uint64_t buf_offse
         zip_error_set(error, ZIP_ER_SEEK, EFBIG);
         return NULL;
     }
-    if ((flags & ZIP_CHECKCONS) && offset+size != eocd_offset) {
+    if (offset+size > buf_offset + eocd_offset) {
+	/* cdir spans past EOCD record */
+	zip_error_set(error, ZIP_ER_INCONS, 0);
+	return NULL;
+    }
+    if ((flags & ZIP_CHECKCONS) && offset+size != buf_offset + eocd_offset) {
 	zip_error_set(error, ZIP_ER_INCONS, 0);
 	return NULL;
     }