diff options
author | Stanislav Malyshev <stas@php.net> | 2014-08-04 00:08:08 -0700 |
---|---|---|
committer | Stanislav Malyshev <stas@php.net> | 2014-08-04 00:08:08 -0700 |
commit | 61ec9b5b0f80bc6016548d48f433fe22e2dc24ec (patch) | |
tree | 8acf0f6c4b9f59fd5fc9b5e21af739a602d460f4 | |
parent | eeaec70758bfc0c0e2c0f8944c8dbeae02866206 (diff) | |
download | php-git-61ec9b5b0f80bc6016548d48f433fe22e2dc24ec.tar.gz |
add test
-rw-r--r-- | ext/fileinfo/tests/cve-2014-3538.phpt | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/ext/fileinfo/tests/cve-2014-3538.phpt b/ext/fileinfo/tests/cve-2014-3538.phpt new file mode 100644 index 0000000000..d6bc9c68c8 --- /dev/null +++ b/ext/fileinfo/tests/cve-2014-3538.phpt @@ -0,0 +1,35 @@ +--TEST-- +Bug #66731: file: extensive backtraking +--SKIPIF-- +<?php +if (!class_exists('finfo')) + die('skip no fileinfo extension'); +--FILE-- +<?php +$fd = __DIR__.'/cve-2014-3538.data'; + +file_put_contents($fd, + 'try:' . + str_repeat("\n", 1000000)); + +$fi = finfo_open(FILEINFO_NONE); +$t = microtime(true); +var_dump(finfo_file($fi, $fd)); +$t = microtime(true) - $t; +finfo_close($fi); +if ($t < 1) { + echo "Ok\n"; +} else { + printf("Failed, time=%.2f\n", $t); +} + +?> +Done +--CLEAN-- +<?php +@unlink(__DIR__.'/cve-2014-3538.data'); +?> +--EXPECTF-- +string(%d) "%s" +Ok +Done
\ No newline at end of file |