diff options
| author | Benjamin W. Broersma <bw@broersma.com> | 2017-07-26 08:16:37 +0200 |
|---|---|---|
| committer | Joe Watkins <krakjoe@php.net> | 2017-07-26 10:46:50 +0100 |
| commit | 6b1fbafdf0590ec293968d38c78641283b119848 (patch) | |
| tree | 31d80cc29573181f17a48152d029c69417f64a6e | |
| parent | de65a2243f5e52ccafc69889ab0b64f4481c5358 (diff) | |
| download | php-git-6b1fbafdf0590ec293968d38c78641283b119848.tar.gz | |
Fix bug #74991 - include_path has a 4096 char (minus "__DIR__:") limit, in some PHAR cases
| -rw-r--r-- | NEWS | 4 | ||||
| -rw-r--r-- | ext/phar/tests/bug74991.phpt | 23 | ||||
| -rw-r--r-- | ext/phar/util.c | 2 |
3 files changed, 28 insertions, 1 deletions
@@ -21,6 +21,10 @@ PHP NEWS - OCI8: . Expose oci_unregister_taf_callback() (Tianfang Yang) +- phar: + . Fixed bug #74991 (include_path has a 4096 char limit in some cases). + (bwbroersma) + - SimpleXML: . Fixed bug #74950 (nullpointer deref in simplexml_element_getDocNamespaces). (Laruence) diff --git a/ext/phar/tests/bug74991.phpt b/ext/phar/tests/bug74991.phpt new file mode 100644 index 0000000000..88d47be5ab --- /dev/null +++ b/ext/phar/tests/bug74991.phpt @@ -0,0 +1,23 @@ +--TEST-- +Phar: PHP bug #74991: include_path has a 4096 char (minus "__DIR__:") limit, in some PHAR cases +--SKIPIF-- +<?php if (!extension_loaded("phar")) die("skip"); +--INI-- +phar.readonly=0 +--FILE-- +<?php +// create a sample file in a custom include_path to lookup from the phar later: +mkdir('path'); +touch('path/needle.php'); +$p = new Phar('sample.phar'); +// the use of a sub path is crucial, and make the include_path 1 byte larger (=OVERFLOW) than the MAXPATHLEN, the include_path will then be truncated to 4096 (MAXPATHLEN) into 'phar://..sample.phar/some:xx..xx:pat' so it will fail to find needle.php: +$p['some/file'] = "<?php const MAXPATHLEN = 4096, OVERFLOW = 1, PATH = 'path'; set_include_path(str_repeat('x', MAXPATHLEN - strlen(__DIR__ . PATH_SEPARATOR . PATH_SEPARATOR . PATH) + OVERFLOW) . PATH_SEPARATOR . PATH); require('needle.php');"; +$p->setStub("<?php Phar::mapPhar('sample.phar'); __HALT_COMPILER();"); +// execute the phar code: +require('phar://sample.phar/some/file'); +--CLEAN-- +<?php +unlink('path/needle.php'); +unlink('sample.phar'); +rmdir('path'); +--EXPECT-- diff --git a/ext/phar/util.c b/ext/phar/util.c index f571429bee..54ff13b5c0 100644 --- a/ext/phar/util.c +++ b/ext/phar/util.c @@ -316,7 +316,7 @@ splitted: efree(test); } - spprintf(&path, MAXPATHLEN, "phar://%s/%s%c%s", arch, PHAR_G(cwd), DEFAULT_DIR_SEPARATOR, PG(include_path)); + spprintf(&path, MAXPATHLEN + 1 + strlen(PG(include_path)), "phar://%s/%s%c%s", arch, PHAR_G(cwd), DEFAULT_DIR_SEPARATOR, PG(include_path)); efree(arch); ret = php_resolve_path(filename, filename_len, path); efree(path); |