Fix bug #73035 (Out of bound when verify signature of tar phar in phar_parse_tarfile)

(cherry picked from commit 75ebf471ff46ec6e5ee279b3650c11d51ebaf9e3)

diff --git a/ext/phar/tar.c b/ext/phar/tar.c
index aeb5c7ef1ee5747b6e61c241daf332724564abf3..72b653db9726494a2b182e861d13d72c69c4c063 100644 (file)
--- a/ext/phar/tar.c
+++ b/ext/phar/tar.c
@@ -286,7 +286,7 @@ bail:
                        }
                        curloc = php_stream_tell(fp);
                        read = php_stream_read(fp, buf, size);
-                       if (read != size) {
+                       if (read != size || read <= 8) {
                                if (error) {
                                        spprintf(error, 4096, "phar error: tar-based phar \"%s\" signature cannot be read", fname);
                                }

diff --git a/ext/phar/tests/bug73035.phpt b/ext/phar/tests/bug73035.phpt
new file mode 100644 (file)
index 0000000..5928428
--- /dev/null
+++ b/ext/phar/tests/bug73035.phpt
@@ -0,0 +1,18 @@
+--TEST--
+Phar: #73035 (Out of bound when verify signature of tar phar in phar_parse_tarfile)
+--SKIPIF--
+<?php if (!extension_loaded("phar")) die("skip"); ?>
+--FILE--
+<?php
+chdir(__DIR__);
+try {
+$phar = new PharData('bug73035.tar');
+var_dump($phar);
+} catch(UnexpectedValueException $e) {
+       print $e->getMessage()."\n";
+}
+?>
+DONE
+--EXPECTF--
+phar error: tar-based phar "%sbug73035.tar" signature cannot be read
+DONE
\ No newline at end of file

diff --git a/ext/phar/tests/bug73035.tar b/ext/phar/tests/bug73035.tar
new file mode 100644 (file)
index 0000000..d8e4268
Binary files /dev/null and b/ext/phar/tests/bug73035.tar differ