File: 123-CVE-2007-1399-MOPB-16.patch

package info (click to toggle)
php5 5.2.0%2Bdfsg-8%2Betch16
  • links: PTS
  • area: main
  • in suites: etch
  • size: 58,940 kB
  • ctags: 45,388
  • sloc: ansic: 533,605; sh: 17,835; php: 11,336; cpp: 4,289; xml: 3,809; yacc: 2,446; lex: 2,174; makefile: 1,150; tcl: 1,128; awk: 693; perl: 71; sql: 22; pascal: 15
file content (31 lines) | stat: -rw-r--r-- 882 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
http://cvs.php.net/viewvc.cgi/php-src/ext/zip/zip_stream.c?r1=1.1.2.2&r2=1.1.2.3&pathrev=PHP_5_2&view=patch
--- old/ext/zip/zip_stream.c	2006/11/12 00:41:16	1.1.2.2
+++ new/ext/zip/zip_stream.c	2006/12/23 23:28:39	1.1.2.3
@@ -153,7 +153,7 @@
 
 	char *file_basename;
 	size_t file_basename_len;
-	char file_dirname[MAXPATHLEN+1];
+	char file_dirname[MAXPATHLEN];
 
 	struct zip *za;
 	struct zip_file *zf = NULL;
@@ -179,15 +179,15 @@
 		return NULL;
 	}
 	path_len = strlen(path);
+	if (path_len >= MAXPATHLEN || mode[0] != 'r') {
+		return NULL;
+	}
 
 	memcpy(file_dirname, path, path_len - fragment_len);
 	file_dirname[path_len - fragment_len] = '\0';
 
 	php_basename(path, path_len - fragment_len, NULL, 0, &file_basename, &file_basename_len TSRMLS_CC);
 	fragment++;
-	if (mode[0] != 'r') {
-		return NULL;
-	}
 
 	za = zip_open(file_dirname, ZIP_CREATE, &err);
 	if (za) {