diff options
Diffstat (limited to 'ext/phar/zip.c')
| -rw-r--r-- | ext/phar/zip.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/ext/phar/zip.c b/ext/phar/zip.c index 52a387bdbc..1d7c5b2217 100644 --- a/ext/phar/zip.c +++ b/ext/phar/zip.c @@ -401,8 +401,13 @@ foundit: char *sig; size_t sig_len; - php_stream_tell(fp); pefree(entry.filename, entry.is_persistent); + + if (entry.uncompressed_filesize > 0x10000) { + PHAR_ZIP_FAIL("signatures larger than 64 KiB are not supported"); + } + + php_stream_tell(fp); sigfile = php_stream_fopen_tmpfile(); if (!sigfile) { PHAR_ZIP_FAIL("couldn't open temporary file"); |