$OpenBSD: patch-phar_object_c,v 1.1 2011/03/16 07:21:01 jasper Exp $ Security fix for CVE-2011-1153 PECL phar Extension Format String Vulnerabilities Fix from upstream svn: http://svn.php.net/viewvc?view=revision&revision=309254 --- phar_object.c.orig Thu Jan 1 10:14:21 1970 +++ phar_object.c Wed Mar 16 00:01:49 2011 @@ -307,7 +307,7 @@ static int phar_file_action(phar_archive_data *phar, p char *error; if (!phar_open_jit(phar, info, &error TSRMLS_CC)) { if (error) { - zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error); + zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error); efree(error); } return -1; @@ -673,7 +673,7 @@ PHP_METHOD(Phar, webPhar) if (phar_open_executed_filename(alias, alias_len, &error TSRMLS_CC) != SUCCESS) { if (error) { - zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error); + zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error); efree(error); } return; @@ -1094,7 +1094,7 @@ PHP_METHOD(Phar, createDefaultStub) stub = phar_create_default_stub(index, webindex, &stub_len, &error TSRMLS_CC); if (error) { - zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error); + zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error); efree(error); return; } @@ -1119,7 +1119,7 @@ PHP_METHOD(Phar, mapPhar) RETVAL_BOOL(phar_open_executed_filename(alias, alias_len, &error TSRMLS_CC) == SUCCESS); if (error) { - zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error); + zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error); efree(error); } } /* }}} */ @@ -1140,7 +1140,7 @@ PHP_METHOD(Phar, loadPhar) RETVAL_BOOL(phar_open_from_filename(fname, fname_len, alias, alias_len, REPORT_ERRORS, NULL, &error TSRMLS_CC) == SUCCESS); if (error) { - zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error); + zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error); efree(error); } } /* }}} */ @@ -2002,7 +2002,7 @@ PHP_METHOD(Phar, buildFromDirectory) phar_flush(phar_obj->arc.archive, 0, 0, 0, &error TSRMLS_CC); if (error) { - zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error); + zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error); efree(error); } @@ -2065,7 +2065,7 @@ PHP_METHOD(Phar, buildFromIterator) phar_obj->arc.archive->ufp = pass.fp; phar_flush(phar_obj->arc.archive, 0, 0, 0, &error TSRMLS_CC); if (error) { - zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error); + zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error); efree(error); } } else { @@ -2322,7 +2322,7 @@ its_ok: phar_flush(phar, 0, 0, 1, &error TSRMLS_CC); if (error) { - zend_throw_exception_ex(spl_ce_BadMethodCallException, 0 TSRMLS_CC, error); + zend_throw_exception_ex(spl_ce_BadMethodCallException, 0 TSRMLS_CC, "%s", error); efree(error); efree(oldpath); return NULL; @@ -2782,7 +2782,7 @@ PHP_METHOD(Phar, delete) phar_flush(phar_obj->arc.archive, NULL, 0, 0, &error TSRMLS_CC); if (error) { - zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error); + zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error); efree(error); } @@ -2857,7 +2857,7 @@ PHP_METHOD(Phar, setAlias) efree(error); goto valid_alias; } - zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error); + zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error); efree(error); RETURN_FALSE; } @@ -2894,7 +2894,7 @@ valid_alias: phar_obj->arc.archive->alias = oldalias; phar_obj->arc.archive->alias_len = oldalias_len; phar_obj->arc.archive->is_temporary_alias = old_temp; - zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error); + zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error); if (readd) { zend_hash_add(&(PHAR_GLOBALS->phar_alias_map), oldalias, oldalias_len, (void*)&(phar_obj->arc.archive), sizeof(phar_archive_data*), NULL); } @@ -2967,7 +2967,7 @@ PHP_METHOD(Phar, stopBuffering) phar_flush(phar_obj->arc.archive, 0, 0, 0, &error TSRMLS_CC); if (error) { - zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error); + zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error); efree(error); } } @@ -3016,7 +3016,7 @@ PHP_METHOD(Phar, setStub) } phar_flush(phar_obj->arc.archive, (char *) &zstub, len, 0, &error TSRMLS_CC); if (error) { - zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error); + zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error); efree(error); } RETURN_TRUE; @@ -3032,7 +3032,7 @@ PHP_METHOD(Phar, setStub) phar_flush(phar_obj->arc.archive, stub, stub_len, 0, &error TSRMLS_CC); if (error) { - zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error); + zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error); efree(error); } @@ -3093,7 +3093,7 @@ PHP_METHOD(Phar, setDefaultStub) stub = phar_create_default_stub(index, webindex, &stub_len, &error TSRMLS_CC); if (error) { - zend_throw_exception_ex(spl_ce_UnexpectedValueException, 0 TSRMLS_CC, error); + zend_throw_exception_ex(spl_ce_UnexpectedValueException, 0 TSRMLS_CC, "%s", error); efree(error); if (stub) { efree(stub); @@ -3115,7 +3115,7 @@ PHP_METHOD(Phar, setDefaultStub) } if (error) { - zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error); + zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error); efree(error); RETURN_FALSE; } @@ -3170,7 +3170,7 @@ PHP_METHOD(Phar, setSignatureAlgorithm) phar_flush(phar_obj->arc.archive, 0, 0, 0, &error TSRMLS_CC); if (error) { - zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error); + zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error); efree(error); } break; @@ -3472,7 +3472,7 @@ PHP_METHOD(Phar, compressFiles) phar_flush(phar_obj->arc.archive, 0, 0, 0, &error TSRMLS_CC); if (error) { - zend_throw_exception_ex(spl_ce_BadMethodCallException, 0 TSRMLS_CC, error); + zend_throw_exception_ex(spl_ce_BadMethodCallException, 0 TSRMLS_CC, "%s", error); efree(error); } } @@ -3512,7 +3512,7 @@ PHP_METHOD(Phar, decompressFiles) phar_flush(phar_obj->arc.archive, 0, 0, 0, &error TSRMLS_CC); if (error) { - zend_throw_exception_ex(spl_ce_BadMethodCallException, 0 TSRMLS_CC, error); + zend_throw_exception_ex(spl_ce_BadMethodCallException, 0 TSRMLS_CC, "%s", error); efree(error); } @@ -3612,7 +3612,7 @@ PHP_METHOD(Phar, copy) if (FAILURE == phar_copy_entry_fp(oldentry, &newentry, &error TSRMLS_CC)) { efree(newentry.filename); php_stream_close(newentry.fp); - zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error); + zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error); efree(error); return; } @@ -3623,7 +3623,7 @@ PHP_METHOD(Phar, copy) phar_flush(phar_obj->arc.archive, 0, 0, 0, &error TSRMLS_CC); if (error) { - zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error); + zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error); efree(error); } @@ -3769,7 +3769,7 @@ static void phar_add_file(phar_archive_data **pphar, c phar_flush(*pphar, 0, 0, 0, &error TSRMLS_CC); if (error) { - zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error); + zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error); efree(error); } } @@ -3805,7 +3805,7 @@ static void phar_mkdir(phar_archive_data **pphar, char phar_flush(*pphar, 0, 0, 0, &error TSRMLS_CC); if (error) { - zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error); + zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error); efree(error); } } @@ -3891,7 +3891,7 @@ PHP_METHOD(Phar, offsetUnset) phar_flush(phar_obj->arc.archive, 0, 0, 0, &error TSRMLS_CC); if (error) { - zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error); + zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error); efree(error); } @@ -4147,7 +4147,7 @@ PHP_METHOD(Phar, setMetadata) phar_flush(phar_obj->arc.archive, 0, 0, 0, &error TSRMLS_CC); if (error) { - zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error); + zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error); efree(error); } } @@ -4174,7 +4174,7 @@ PHP_METHOD(Phar, delMetadata) phar_flush(phar_obj->arc.archive, 0, 0, 0, &error TSRMLS_CC); if (error) { - zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error); + zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error); efree(error); RETURN_FALSE; } else { @@ -4718,7 +4718,7 @@ PHP_METHOD(PharFileInfo, chmod) phar_flush(entry_obj->ent.entry->phar, 0, 0, 0, &error TSRMLS_CC); if (error) { - zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error); + zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error); efree(error); } } @@ -4804,7 +4804,7 @@ PHP_METHOD(PharFileInfo, setMetadata) phar_flush(entry_obj->ent.entry->phar, 0, 0, 0, &error TSRMLS_CC); if (error) { - zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error); + zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error); efree(error); } } @@ -4849,7 +4849,7 @@ PHP_METHOD(PharFileInfo, delMetadata) phar_flush(entry_obj->ent.entry->phar, 0, 0, 0, &error TSRMLS_CC); if (error) { - zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error); + zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error); efree(error); RETURN_FALSE; } else { @@ -5031,7 +5031,7 @@ PHP_METHOD(PharFileInfo, compress) phar_flush(entry_obj->ent.entry->phar, 0, 0, 0, &error TSRMLS_CC); if (error) { - zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error); + zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error); efree(error); } @@ -5106,7 +5106,7 @@ PHP_METHOD(PharFileInfo, decompress) phar_flush(entry_obj->ent.entry->phar, 0, 0, 0, &error TSRMLS_CC); if (error) { - zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error); + zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error); efree(error); } RETURN_TRUE;