fix bug #67761

Phar::mapPhar fails for Phars inside a path containing ".tar".

Strengthen the silly .tar file extension check.

4 files changed, 27 insertions, 3 deletions

diff --git a/NEWS b/NEWS
index 1cbaff8f02..f073c9cf04 100644
--- a/NEWS
+++ b/NEWS
@@ -40,8 +40,10 @@ PHP                                                                        NEWS
   . Add a check for RAND_egd to allow compiling against LibreSSL (Leigh)
 
 - Phar:
-  . Fixed bug 64343 (PharData::extractTo fails for tarball created by BSD tar).
+  . Fixed bug #64343 (PharData::extractTo fails for tarball created by BSD tar).
     (Mike)
+  . Fixed bug #67761 (Phar::mapPhar fails for Phars inside a path containing 
+    ".tar"). (Mike)
 
 - Postgres:
   . Fixed bug #68741 (Null pointer dereference) (CVE-2015-1352). (Laruence)
diff --git a/ext/phar/tar.c b/ext/phar/tar.c
index 844c6b5419..c4a81fb799 100644
--- a/ext/phar/tar.c
+++ b/ext/phar/tar.c
@@ -102,7 +102,7 @@ int phar_is_tar(char *buf, char *fname) /* {{{ */
 	tar_header *header = (tar_header *) buf;
 	php_uint32 checksum = phar_tar_number(header->checksum, sizeof(header->checksum));
 	php_uint32 ret;
-	char save[sizeof(header->checksum)];
+	char save[sizeof(header->checksum)], *bname;
 
 	/* assume that the first filename in a tar won't begin with <?php */
 	if (!strncmp(buf, "<?php", sizeof("<?php")-1)) {
@@ -113,7 +113,10 @@ int phar_is_tar(char *buf, char *fname) /* {{{ */
 	memset(header->checksum, ' ', sizeof(header->checksum));
 	ret = (checksum == phar_tar_checksum(buf, 512));
 	memcpy(header->checksum, save, sizeof(header->checksum));
-	if (!ret && strstr(fname, ".tar")) {
+	if ((bname = strrchr(fname, PHP_DIR_SEPARATOR))) {
+		fname = bname;
+	}
+	if (!ret && (bname = strstr(fname, ".tar")) && (bname[4] == '\0' || bname[4] == '.')) {
 		/* probably a corrupted tar - so we will pretend it is one */
 		return 1;
 	}
diff --git a/ext/phar/tests/tar/bug67761.phpt b/ext/phar/tests/tar/bug67761.phpt
new file mode 100644
index 0000000000..860213d28e
--- /dev/null
+++ b/ext/phar/tests/tar/bug67761.phpt
@@ -0,0 +1,19 @@
+--TEST--
+Bug #67761 (Phar::mapPhar fails for Phars inside a path containing ".tar")
+--SKIPIF--
+<?php extension_loaded("phar") or die("SKIP need ext/phar suppport"); ?>
+--FILE--
+<?php 
+
+echo "Test\n";
+
+include __DIR__."/files/bug67761.tar/bug67761.phar";
+
+?>
+
+===DONE===
+--EXPECT--
+Test
+#!/usr/bin/env php
+Test
+===DONE===
diff --git a/ext/phar/tests/tar/files/bug67761.tar/bug67761.phar b/ext/phar/tests/tar/files/bug67761.tar/bug67761.phar
new file mode 100644
index 0000000000..408eca1e35
--- /dev/null
+++ b/ext/phar/tests/tar/files/bug67761.tar/bug67761.phar