use after free in phar_object.c
| Sec Bug #68901 | use after free in phar_object.c | ||||
|---|---|---|---|---|---|
| Submitted: | 2015-01-24 18:44 UTC | Modified: | 2015-03-18 12:12 UTC | ||
| From: | bugreports at internot dot info | Assigned: | laruence (profile) | ||
| Status: | Closed | Package: | PHAR related | ||
| PHP Version: | 5.5.21 | OS: | Linux Ubuntu 14.04 | ||
| Private report: | No | CVE-ID: | 2015-2301 | ||
[2015-01-24 18:44 UTC] bugreports at internot dot info
Description: ------------ Hi, In /ext/phar/phar_object.c: 2131 newpath = oldpath; but then: 2142 efree(oldpath); 2143 zend_throw_exception_ex(spl_ce_BadMethodCallException, 0 TSRMLS_CC, "phar \"%s\" exists and must be unlinked prior to conversion", newpath);
Patches
Pull Requests
History
AllCommentsChangesGit/SVN commits
[2015-01-28 16:15 UTC] laruence@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: laruence
[2015-01-28 18:17 UTC] stas@php.net
-Summary: use after free +Summary: use after free in phar_object.c