From: Marcus Boerger Date: Mon, 5 Feb 2007 19:16:07 +0000 (+0000) Subject: - Detect \0 in paths where possible X-Git-Tag: RELEASE_1_0_0RC1~13 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=5928d89d50ed876fd5e88d1e5678cacfc7901b7c;p=php - Detect \0 in paths where possible --- diff --git a/ext/phar/phar_path_check.c b/ext/phar/phar_path_check.c index 2a92a6088c..4e35a0095c 100755 --- a/ext/phar/phar_path_check.c +++ b/ext/phar/phar_path_check.c @@ -1,4 +1,4 @@ -/* Generated by re2c 0.11.0 on Mon Feb 5 02:54:33 2007 */ +/* Generated by re2c 0.11.0 on Mon Feb 5 14:06:48 2007 */ #line 1 "ext/phar/phar_path_check.re" /* +----------------------------------------------------------------------+ @@ -78,7 +78,7 @@ yy2: if(yych <= '.') goto yy18; if(yych <= '/') goto yy20; yy3: -#line 92 "ext/phar/phar_path_check.re" +#line 97 "ext/phar/phar_path_check.re" { goto loop; } @@ -131,10 +131,15 @@ yy13: (*s)++; (*len)--; } + if ((p - (const unsigned char*)*s) - 1 != *len) + { + *error ="illegal character"; + return pcr_err_illegal_char; + } *error = NULL; return pcr_is_ok; } -#line 138 "ext/phar/phar_path_check.c" +#line 143 "ext/phar/phar_path_check.c" yy15: yych = *++YYCURSOR; goto yy3; @@ -145,7 +150,7 @@ yy16: *error = "empty directory"; return pcr_err_empty_entry; } -#line 149 "ext/phar/phar_path_check.c" +#line 154 "ext/phar/phar_path_check.c" yy18: yych = *++YYCURSOR; if(yych <= 0x00) goto yy23; @@ -162,7 +167,7 @@ yy20: *error = "double slash"; return pcr_err_double_slash; } -#line 166 "ext/phar/phar_path_check.c" +#line 171 "ext/phar/phar_path_check.c" yy22: yych = *++YYCURSOR; if(yych <= 0x00) goto yy25; @@ -175,7 +180,7 @@ yy23: *error = "current directory reference"; return pcr_err_curr_dir; } -#line 179 "ext/phar/phar_path_check.c" +#line 184 "ext/phar/phar_path_check.c" yy25: ++YYCURSOR; #line 52 "ext/phar/phar_path_check.re" @@ -183,9 +188,9 @@ yy25: *error = "upper directory reference"; return pcr_err_up_dir; } -#line 187 "ext/phar/phar_path_check.c" +#line 192 "ext/phar/phar_path_check.c" } } -#line 95 "ext/phar/phar_path_check.re" +#line 100 "ext/phar/phar_path_check.re" } diff --git a/ext/phar/phar_path_check.re b/ext/phar/phar_path_check.re index 33a5942724..6d3bd0173c 100755 --- a/ext/phar/phar_path_check.re +++ b/ext/phar/phar_path_check.re @@ -86,6 +86,11 @@ END { (*s)++; (*len)--; } + if ((p - (const unsigned char*)*s) - 1 != *len) + { + *error ="illegal character"; + return pcr_err_illegal_char; + } *error = NULL; return pcr_is_ok; } diff --git a/ext/phar/tests/create_path_error.phpt b/ext/phar/tests/create_path_error.phpt index 16176b6ad7..eb2dbe43ca 100755 --- a/ext/phar/tests/create_path_error.phpt +++ b/ext/phar/tests/create_path_error.phpt @@ -33,6 +33,20 @@ foreach($checks as $check) file_put_contents($pname . '/' . $check, "error"); } +$phar = new Phar($fname); +$checks = array("a\0"); +foreach($checks as $check) +{ + try + { + $phar[$check] = 'error'; + } + catch(Exception $e) + { + echo 'Exception: ' . $e->getMessage() . "\n"; + } +} + ?> ===DONE=== --CLEAN-- @@ -46,4 +60,5 @@ Error: file_put_contents(phar://%s/../): failed to open stream: phar error: inva Error: file_put_contents(phar://%s/a/..): failed to open stream: phar error: invalid path "a/.." contains upper directory reference Error: file_put_contents(phar://%s/a/): failed to open stream: phar error: invalid path "a/" contains empty directory Error: file_put_contents(phar://%s/b//a.php): failed to open stream: phar error: invalid path "b//a.php" contains double slash +Exception: Entry a does not exist and cannot be created: phar error: invalid path "a" contains illegal character ===DONE===