From: Greg Beaver <cellog@php.net>
Date: Wed, 22 Jul 2009 19:51:37 +0000 (+0000)
Subject: Fix Bug #49020: phar misinterprets ustar long filename standard
X-Git-Tag: php-5.4.0alpha1~191^2~3018
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=aef00895ad2aedef03319a0b5c52ba4d981e326e;p=php

Fix Bug #49020: phar misinterprets ustar long filename standard
---

diff --git a/ext/phar/tar.c b/ext/phar/tar.c
index 1cd0711cda..f49907e0be 100644
--- a/ext/phar/tar.c
+++ b/ext/phar/tar.c
@@ -341,6 +341,7 @@ bail:
 					break;
 				}
 			}
+			name[i++] = '/';
 			for (j = 0; j < 100; j++) {
 				name[i+j] = hdr->name[j];
 				if (name[i+j] == '\0') {
@@ -641,14 +642,25 @@ static int phar_tar_writeheaders(void *pDest, void *argument TSRMLS_DC) /* {{{ *
 	memset((char *) &header, 0, sizeof(header));
 
 	if (entry->filename_len > 100) {
-		if (entry->filename_len > 255) {
+		char *boundary;
+		if (entry->filename_len > 256) {
 			if (fp->error) {
 				spprintf(fp->error, 4096, "tar-based phar \"%s\" cannot be created, filename \"%s\" is too long for tar file format", entry->phar->fname, entry->filename);
 			}
 			return ZEND_HASH_APPLY_STOP;
 		}
-		memcpy(header.prefix, entry->filename, entry->filename_len - 100);
-		memcpy(header.name, entry->filename + (entry->filename_len - 100), 100);
+		boundary = entry->filename + entry->filename_len - 101;
+		while (*boundary && *boundary != '/') {
+			++boundary;
+		}
+		if (!*boundary || ((boundary - entry->filename) > 155)) {
+			if (fp->error) {
+				spprintf(fp->error, 4096, "tar-based phar \"%s\" cannot be created, filename \"%s\" is too long for tar file format", entry->phar->fname, entry->filename);
+			}
+			return ZEND_HASH_APPLY_STOP;
+		}
+		memcpy(header.prefix, entry->filename, boundary - entry->filename);
+		memcpy(header.name, boundary + 1, entry->filename_len - (boundary + 1 - entry->filename));
 	} else {
 		memcpy(header.name, entry->filename, entry->filename_len);
 	}
diff --git a/ext/phar/tests/tar/bignames.phpt b/ext/phar/tests/tar/bignames.phpt
index c6b6bccdb1..c10b1cea2f 100644
--- a/ext/phar/tests/tar/bignames.phpt
+++ b/ext/phar/tests/tar/bignames.phpt
@@ -8,30 +8,50 @@ phar.require_hash=0
 <?php
 $fname = dirname(__FILE__) . '/' . basename(__FILE__, '.php') . '.tar';
 $fname2 = dirname(__FILE__) . '/' . basename(__FILE__, '.php') . '.2.tar';
+$fname3 = dirname(__FILE__) . '/' . basename(__FILE__, '.php') . '.3.tar';
+$fname4 = dirname(__FILE__) . '/' . basename(__FILE__, '.php') . '.4.tar';
 $pname = 'phar://' . $fname;
 
 $p1 = new PharData($fname);
-$p1[str_repeat('a', 100) . 'b'] = 'hi';
-$p1[str_repeat('a', 255)] = 'hi2';
+$p1[str_repeat('a', 100) . '/b'] = 'hi';
+$p1[str_repeat('a', 155) . '/' . str_repeat('b', 100)] = 'hi2';
 copy($fname, $fname2);
 $p2 = new PharData($fname2);
-echo $p2[str_repeat('a', 100) . 'b']->getContent() . "\n";
-echo $p2[str_repeat('a', 255)]->getContent() . "\n";
+echo $p2[str_repeat('a', 100) . '/b']->getContent() . "\n";
+echo $p2[str_repeat('a', 155) . '/' . str_repeat('b', 100)]->getContent() . "\n";
 
 try {
 	$p2[str_repeat('a', 400)] = 'yuck';
 } catch (Exception $e) {
 	echo $e->getMessage() . "\n";
 }
+
+try {
+	$p2 = new PharData($fname3);
+	$p2[str_repeat('a', 101)] = 'yuck';
+} catch (Exception $e) {
+	echo $e->getMessage() . "\n";
+}
+
+try {
+	$p2 = new PharData($fname4);
+	$p2[str_repeat('b', 160) . '/' . str_repeat('a', 90)] = 'yuck';
+} catch (Exception $e) {
+	echo $e->getMessage() . "\n";
+}
 ?>
 ===DONE===
 --CLEAN--
 <?php
 unlink(dirname(__FILE__) . '/' . basename(__FILE__, '.clean.php') . '.tar');
 unlink(dirname(__FILE__) . '/' . basename(__FILE__, '.clean.php') . '.2.tar');
+@unlink(dirname(__FILE__) . '/' . basename(__FILE__, '.clean.php') . '.3.tar');
+@unlink(dirname(__FILE__) . '/' . basename(__FILE__, '.clean.php') . '.4.tar');
 ?>
 --EXPECTF--
 hi
 hi2
 tar-based phar "%sbignames.2.tar" cannot be created, filename "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" is too long for tar file format
+tar-based phar "%sbignames.3.tar" cannot be created, filename "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" is too long for tar file format
+tar-based phar "%sbignames.4.tar" cannot be created, filename "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" is too long for tar file format
 ===DONE===
diff --git a/ext/phar/tests/tar/bignames_overflow.phpt b/ext/phar/tests/tar/bignames_overflow.phpt
index 80873119f6..359e9c6341 100644
--- a/ext/phar/tests/tar/bignames_overflow.phpt
+++ b/ext/phar/tests/tar/bignames_overflow.phpt
@@ -22,8 +22,8 @@ $p1 = new PharData($fname);
 foreach ($p1 as $file) {
 	echo $file->getFileName(), "\n";
 }
-echo $p1[str_repeat('a', 101)]->getContent() . "\n";
-echo $p1[str_repeat('a', 255)]->getContent() . "\n";
+echo $p1['a/' . str_repeat('a', 100)]->getContent() . "\n";
+echo $p1[str_repeat('a', 155) . '/' . str_repeat('a', 100)]->getContent() . "\n";
 
 ?>
 ===DONE===
@@ -33,8 +33,8 @@ unlink(dirname(__FILE__) . '/' . basename(__FILE__, '.clean.php') . '.tar');
 unlink(dirname(__FILE__) . '/' . basename(__FILE__, '.clean.php') . '.2.tar');
 ?>
 --EXPECT--
-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+a
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 hi
 hi2
 ===DONE===