diff options
author | Stanislav Malyshev <stas@php.net> | 2020-02-15 22:17:14 -0800 |
---|---|---|
committer | Christoph M. Becker <cmbecker69@gmx.de> | 2020-02-18 09:12:09 +0100 |
commit | 2589f5bd83ff644d8345bb9c684fc4338435a3a3 (patch) | |
tree | b3829ae55b2dcb7e901c466f2f57acd6bdefd5d8 | |
parent | a64d111c6ee64abd4dd1dd5d372b9c1871a2df1c (diff) | |
download | php-git-2589f5bd83ff644d8345bb9c684fc4338435a3a3.tar.gz |
Fix bug #79082 - Files added to tar with Phar::buildFromIterator have all-access permissions
(cherry picked from commit 6facfa59a5273a7084fabe13f215bb17215218c4)
-rw-r--r-- | NEWS | 2 | ||||
-rw-r--r-- | ext/phar/phar_object.c | 11 | ||||
-rw-r--r-- | ext/phar/tests/bug79082.phpt | 52 | ||||
-rw-r--r-- | ext/phar/tests/test79082/test79082-testfile | 1 | ||||
-rw-r--r-- | ext/phar/tests/test79082/test79082-testfile2 | 1 |
5 files changed, 67 insertions, 0 deletions
@@ -32,6 +32,8 @@ PHP NEWS . Fixed bug #79145 (openssl memory leak). (cmb, Nikita) - Phar: + . Fixed bug #79082 (Files added to tar with Phar::buildFromIterator have + all-access permissions). (CVE-2020-7063) (stas) . Fixed bug #76584 (PharFileInfo::decompress not working). (cmb) - Reflection: diff --git a/ext/phar/phar_object.c b/ext/phar/phar_object.c index e44bb56231..14b4a795d0 100644 --- a/ext/phar/phar_object.c +++ b/ext/phar/phar_object.c @@ -1404,6 +1404,7 @@ static int phar_build(zend_object_iterator *iter, void *puser) /* {{{ */ char *str_key; zend_class_entry *ce = p_obj->c; phar_archive_object *phar_obj = p_obj->p; + php_stream_statbuf ssb; value = iter->funcs->get_current_data(iter); @@ -1671,6 +1672,16 @@ after_open_fp: php_stream_copy_to_stream_ex(fp, p_obj->fp, PHP_STREAM_COPY_ALL, &contents_len); data->internal_file->uncompressed_filesize = data->internal_file->compressed_filesize = php_stream_tell(p_obj->fp) - data->internal_file->offset; + if (php_stream_stat(fp, &ssb) != -1) { + data->internal_file->flags = ssb.sb.st_mode & PHAR_ENT_PERM_MASK ; + } else { +#ifndef _WIN32 + mode_t mask; + mask = umask(0); + umask(mask); + data->internal_file->flags &= ~mask; +#endif + } } if (close_fp) { diff --git a/ext/phar/tests/bug79082.phpt b/ext/phar/tests/bug79082.phpt new file mode 100644 index 0000000000..ca453d1b57 --- /dev/null +++ b/ext/phar/tests/bug79082.phpt @@ -0,0 +1,52 @@ +--TEST-- +Phar: Bug #79082: Files added to tar with Phar::buildFromIterator have all-access permissions +--SKIPIF-- +<?php +if (!extension_loaded("phar")) die("skip"); +if (defined("PHP_WINDOWS_VERSION_MAJOR")) die("skip not for Windows") +?> +--FILE-- +<?php +umask(022); +var_dump(decoct(umask())); +chmod(__DIR__ . '/test79082/test79082-testfile', 0644); +chmod(__DIR__ . '/test79082/test79082-testfile2', 0400); + +foreach([Phar::TAR => 'tar', Phar::ZIP => 'zip'] as $mode => $ext) { + clearstatcache(); + $phar = new PharData(__DIR__ . '/test79082.' . $ext, null, null, $mode); + $phar->buildFromIterator(new \RecursiveDirectoryIterator(__DIR__ . '/test79082', \FilesystemIterator::SKIP_DOTS), __DIR__ . '/test79082'); + $phar->extractTo(__DIR__); + var_dump(decoct(stat(__DIR__ . '/test79082-testfile')['mode'])); + var_dump(decoct(stat(__DIR__ . '/test79082-testfile2')['mode'])); + unlink(__DIR__ . '/test79082-testfile'); + unlink(__DIR__ . '/test79082-testfile2'); +} +foreach([Phar::TAR => 'tar', Phar::ZIP => 'zip'] as $mode => $ext) { + clearstatcache(); + $phar = new PharData(__DIR__ . '/test79082-d.' . $ext, null, null, $mode); + $phar->buildFromDirectory(__DIR__ . '/test79082'); + $phar->extractTo(__DIR__); + var_dump(decoct(stat(__DIR__ . '/test79082-testfile')['mode'])); + var_dump(decoct(stat(__DIR__ . '/test79082-testfile2')['mode'])); + unlink(__DIR__ . '/test79082-testfile'); + unlink(__DIR__ . '/test79082-testfile2'); +} +?> +--CLEAN-- +<? +unlink(__DIR__ . '/test79082.tar'); +unlink(__DIR__ . '/test79082.zip'); +unlink(__DIR__ . '/test79082-d.tar'); +unlink(__DIR__ . '/test79082-d.zip'); +?> +--EXPECT-- +string(2) "22" +string(6) "100644" +string(6) "100400" +string(6) "100644" +string(6) "100400" +string(6) "100644" +string(6) "100400" +string(6) "100644" +string(6) "100400" diff --git a/ext/phar/tests/test79082/test79082-testfile b/ext/phar/tests/test79082/test79082-testfile new file mode 100644 index 0000000000..9daeafb986 --- /dev/null +++ b/ext/phar/tests/test79082/test79082-testfile @@ -0,0 +1 @@ +test diff --git a/ext/phar/tests/test79082/test79082-testfile2 b/ext/phar/tests/test79082/test79082-testfile2 new file mode 100644 index 0000000000..9daeafb986 --- /dev/null +++ b/ext/phar/tests/test79082/test79082-testfile2 @@ -0,0 +1 @@ +test |