From: Greg Beaver Date: Sat, 26 Apr 2008 22:31:44 +0000 (+0000) Subject: add checking for invalid alias on opening tar, and test X-Git-Tag: RELEASE_2_0_0b1~184 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=11c93b84946461373c4716eedeb90385e19d59b8;p=php add checking for invalid alias on opening tar, and test --- diff --git a/ext/phar/tar.c b/ext/phar/tar.c index fccc33c5a7..bf60763722 100644 --- a/ext/phar/tar.c +++ b/ext/phar/tar.c @@ -284,8 +284,39 @@ int phar_open_tarfile(php_stream* fp, char *fname, int fname_len, char *alias, i if (!actual_alias && entry.filename_len == sizeof(".phar/alias.txt")-1 && !strncmp(entry.filename, ".phar/alias.txt", sizeof(".phar/alias.txt")-1)) { size_t read; /* found explicit alias */ + if (size > 511) { + if (error) { + spprintf(error, 4096, "phar error: tar-based phar \"%s\" has alias that is larger than 511 bytes, cannot process", fname); + } + php_stream_close(fp); + zend_hash_destroy(&myphar->manifest); + myphar->manifest.arBuckets = 0; + zend_hash_destroy(&myphar->mounted_dirs); + myphar->mounted_dirs.arBuckets = 0; + efree(myphar); + return FAILURE; + } read = php_stream_read(fp, buf, size); if (read == size) { + buf[size] = '\0'; + if (!phar_validate_alias(buf, size)) { + if (size > 50) { + buf[50] = '.'; + buf[51] = '.'; + buf[52] = '.'; + buf[53] = '\0'; + } + if (error) { + spprintf(error, 4096, "phar error: invalid alias \"%s\" in tar-based phar \"%s\"", buf, fname); + } + php_stream_close(fp); + zend_hash_destroy(&myphar->manifest); + myphar->manifest.arBuckets = 0; + zend_hash_destroy(&myphar->mounted_dirs); + myphar->mounted_dirs.arBuckets = 0; + efree(myphar); + return FAILURE; + } actual_alias = estrndup(buf, size); myphar->alias = actual_alias; myphar->alias_len = size; diff --git a/ext/phar/tests/tar/badalias.phpt b/ext/phar/tests/tar/badalias.phpt new file mode 100644 index 0000000000..441fc03ae7 --- /dev/null +++ b/ext/phar/tests/tar/badalias.phpt @@ -0,0 +1,25 @@ +--TEST-- +Phar: invalid aliases +--SKIPIF-- + + + +--FILE-- +getMessage(), "\n"; +} +} +?> +===DONE=== +--EXPECTF-- +phar error: invalid alias "hi/thereaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa..." in tar-based phar "%sbadalias1.phar.tar" +phar error: invalid alias "hi\there" in tar-based phar "%sbadalias2.phar.tar" +phar error: invalid alias "hi;there" in tar-based phar "%sbadalias3.phar.tar" +phar error: invalid alias "hi:there" in tar-based phar "%sbadalias4.phar.tar" +phar error: tar-based phar "%sbadalias5.phar.tar" has alias that is larger than 511 bytes, cannot process +===DONE=== diff --git a/ext/phar/tests/tar/files/badalias1.phar.tar b/ext/phar/tests/tar/files/badalias1.phar.tar new file mode 100644 index 0000000000..6cd4716d8f Binary files /dev/null and b/ext/phar/tests/tar/files/badalias1.phar.tar differ diff --git a/ext/phar/tests/tar/files/badalias2.phar.tar b/ext/phar/tests/tar/files/badalias2.phar.tar new file mode 100644 index 0000000000..5face85827 Binary files /dev/null and b/ext/phar/tests/tar/files/badalias2.phar.tar differ diff --git a/ext/phar/tests/tar/files/badalias3.phar.tar b/ext/phar/tests/tar/files/badalias3.phar.tar new file mode 100644 index 0000000000..ab36e1f343 Binary files /dev/null and b/ext/phar/tests/tar/files/badalias3.phar.tar differ diff --git a/ext/phar/tests/tar/files/badalias4.phar.tar b/ext/phar/tests/tar/files/badalias4.phar.tar new file mode 100644 index 0000000000..c54e31d4fc Binary files /dev/null and b/ext/phar/tests/tar/files/badalias4.phar.tar differ diff --git a/ext/phar/tests/tar/files/badalias5.phar.tar b/ext/phar/tests/tar/files/badalias5.phar.tar new file mode 100644 index 0000000000..dd52b6ac7d Binary files /dev/null and b/ext/phar/tests/tar/files/badalias5.phar.tar differ