diff options
author | Michael Wallner <mike@php.net> | 2015-03-30 14:41:30 +0200 |
---|---|---|
committer | Michael Wallner <mike@php.net> | 2015-03-30 14:41:30 +0200 |
commit | 8f7e378b9f2fb4f2bb5605d9440d7d34bee6978a (patch) | |
tree | dd5b782c0833fe250db991b75cb0584a688b5752 | |
parent | f4264ebc6499b82f892cefb54c0e4a0e9642e1d9 (diff) | |
download | php-git-8f7e378b9f2fb4f2bb5605d9440d7d34bee6978a.tar.gz |
fix bug #67761
Phar::mapPhar fails for Phars inside a path containing ".tar".
Strengthen the silly .tar file extension check.
-rw-r--r-- | NEWS | 4 | ||||
-rw-r--r-- | ext/phar/tar.c | 7 | ||||
-rw-r--r-- | ext/phar/tests/tar/bug67761.phpt | 19 | ||||
-rw-r--r-- | ext/phar/tests/tar/files/bug67761.tar/bug67761.phar | bin | 0 -> 12256 bytes |
4 files changed, 27 insertions, 3 deletions
@@ -40,8 +40,10 @@ PHP NEWS . Add a check for RAND_egd to allow compiling against LibreSSL (Leigh) - Phar: - . Fixed bug 64343 (PharData::extractTo fails for tarball created by BSD tar). + . Fixed bug #64343 (PharData::extractTo fails for tarball created by BSD tar). (Mike) + . Fixed bug #67761 (Phar::mapPhar fails for Phars inside a path containing + ".tar"). (Mike) - Postgres: . Fixed bug #68741 (Null pointer dereference) (CVE-2015-1352). (Laruence) diff --git a/ext/phar/tar.c b/ext/phar/tar.c index 844c6b5419..c4a81fb799 100644 --- a/ext/phar/tar.c +++ b/ext/phar/tar.c @@ -102,7 +102,7 @@ int phar_is_tar(char *buf, char *fname) /* {{{ */ tar_header *header = (tar_header *) buf; php_uint32 checksum = phar_tar_number(header->checksum, sizeof(header->checksum)); php_uint32 ret; - char save[sizeof(header->checksum)]; + char save[sizeof(header->checksum)], *bname; /* assume that the first filename in a tar won't begin with <?php */ if (!strncmp(buf, "<?php", sizeof("<?php")-1)) { @@ -113,7 +113,10 @@ int phar_is_tar(char *buf, char *fname) /* {{{ */ memset(header->checksum, ' ', sizeof(header->checksum)); ret = (checksum == phar_tar_checksum(buf, 512)); memcpy(header->checksum, save, sizeof(header->checksum)); - if (!ret && strstr(fname, ".tar")) { + if ((bname = strrchr(fname, PHP_DIR_SEPARATOR))) { + fname = bname; + } + if (!ret && (bname = strstr(fname, ".tar")) && (bname[4] == '\0' || bname[4] == '.')) { /* probably a corrupted tar - so we will pretend it is one */ return 1; } diff --git a/ext/phar/tests/tar/bug67761.phpt b/ext/phar/tests/tar/bug67761.phpt new file mode 100644 index 0000000000..860213d28e --- /dev/null +++ b/ext/phar/tests/tar/bug67761.phpt @@ -0,0 +1,19 @@ +--TEST-- +Bug #67761 (Phar::mapPhar fails for Phars inside a path containing ".tar") +--SKIPIF-- +<?php extension_loaded("phar") or die("SKIP need ext/phar suppport"); ?> +--FILE-- +<?php + +echo "Test\n"; + +include __DIR__."/files/bug67761.tar/bug67761.phar"; + +?> + +===DONE=== +--EXPECT-- +Test +#!/usr/bin/env php +Test +===DONE=== diff --git a/ext/phar/tests/tar/files/bug67761.tar/bug67761.phar b/ext/phar/tests/tar/files/bug67761.tar/bug67761.phar Binary files differnew file mode 100644 index 0000000000..408eca1e35 --- /dev/null +++ b/ext/phar/tests/tar/files/bug67761.tar/bug67761.phar |