mailing list archives
php ZipArchive::addGlob() crashes on invalid flags
From: Tomas Hoger <thoger () redhat com>
Date: Fri, 1 Jul 2011 17:37:20 +0200
Following PHP bug is marked as security and lists CVE-2011-1657:
The fix is committed, hence should be released with 5.3.7.
Reporter mentions this really was an underlying glob() implementation
flaw, but that's not entirely true. Maybe there are some flags that
are not recognized by glob() and still cause it to crash, but the
crashes I've been able to reproduce were due to the use of flags
supported by glob() that require some glob_t struct setup before
calling glob() (such as GLOB_ALTDIRFUNC).
Tomas Hoger / Red Hat Security Response Team
- php ZipArchive::addGlob() crashes on invalid flags Tomas Hoger (Jul 01)