Thread: Phar.c phar_parse_pharfile function

  1. #1
    Registered User
    Join Date
    Aug 2018
    Posts
    1

    Phar.c phar_parse_pharfile function

    I have a basic understanding of this vulnerability it is a buffer over read and sort of know what this piece of code is doing though it would be great to get some expert advice.

    static int phar_parse_pharfile(php_stream *fp, char *fname, int fname_len, char *alias, int alias_len, long halt_offset, phar_archive_dat.......... pphar, php_uint32 compression, char **error TSRMLS_DC) /* {{{ */
    {
    char b32[4], *buffer, *endbuffer, *savebuf;
    phar_archive_data *mydata = NULL;
    phar_entry_info entry;

    I see the static integer or number function which is aset of instructions being declared and the data types it returns being in the brackets. For loop that processes manifest entries does not determine and check if the metadata_length (4) is inside so the buffer can be over written what is the char b32 mean though

  2. #2
    and the hat of int overfl Salem's Avatar
    Join Date
    Aug 2001
    Location
    The edge of the known universe
    Posts
    36,491
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Function Prototype, Function Call, and Function definition
    By dmcarpenter in forum C Programming
    Replies: 9
    Last Post: 04-09-2013, 03:29 AM
  2. Replies: 13
    Last Post: 03-20-2012, 08:29 AM
  3. Print function: sending a function.. through a function?
    By scarlet00014 in forum C Programming
    Replies: 3
    Last Post: 11-05-2008, 05:03 PM
  4. Replies: 14
    Last Post: 03-02-2008, 01:27 PM
  5. Replies: 9
    Last Post: 01-02-2007, 04:22 PM

Tags for this Thread