From 08cf9ff7314407224b7d1c2d0a538e5dc3c80ef8 Mon Sep 17 00:00:00 2001
From: Marcus Boerger <helly@php.net>
Date: Mon, 5 Feb 2007 07:58:29 +0000
Subject: [PATCH] - Check for illegal chars (control + potential UTF-8 (need to
 take care of in PHP 6))

---
 ext/phar/phar_internal.h    |   1 +
 ext/phar/phar_path_check.c  | 130 ++++++++++++++++++++----------------
 ext/phar/phar_path_check.re |   7 ++
 3 files changed, 81 insertions(+), 57 deletions(-)

diff --git a/ext/phar/phar_internal.h b/ext/phar/phar_internal.h
index a172686f63..285bd64975 100755
--- a/ext/phar/phar_internal.h
+++ b/ext/phar/phar_internal.h
@@ -265,6 +265,7 @@ typedef enum {
 	pcr_err_curr_dir,
 	pcr_err_back_slash,
 	pcr_err_star,
+	pcr_err_illegal_char,
 	pcr_err_empty_entry
 } phar_path_check_result;
 
diff --git a/ext/phar/phar_path_check.c b/ext/phar/phar_path_check.c
index d2d81a3770..2a92a6088c 100755
--- a/ext/phar/phar_path_check.c
+++ b/ext/phar/phar_path_check.c
@@ -1,4 +1,4 @@
-/* Generated by re2c 0.11.0 on Mon Feb  5 01:18:16 2007 */
+/* Generated by re2c 0.11.0 on Mon Feb  5 02:54:33 2007 */
 #line 1 "ext/phar/phar_path_check.re"
 /*
   +----------------------------------------------------------------------+
@@ -26,6 +26,7 @@ phar_path_check_result phar_path_check(char **s, int *len, const char **error)
 {
 	const unsigned char *p = (const unsigned char*)*s;
 	const unsigned char *m;
+
 	if (*len == 1 && *p == '.') {
 		*error = "current directory reference";
 		return pcr_err_curr_dir;
@@ -33,6 +34,7 @@ phar_path_check_result phar_path_check(char **s, int *len, const char **error)
 		*error = "upper directory reference";
 		return pcr_err_up_dir;
 	}
+
 #define YYCTYPE         unsigned char
 #define YYCURSOR        p
 #define YYLIMIT         p+*len
@@ -42,7 +44,7 @@ phar_path_check_result phar_path_check(char **s, int *len, const char **error)
 loop:
 {
 
-#line 46 "ext/phar/phar_path_check.c"
+#line 48 "ext/phar/phar_path_check.c"
 	{
 		YYCTYPE yych;
 
@@ -50,56 +52,56 @@ loop:
 		yych = *YYCURSOR;
 		if(yych <= '.') {
 			if(yych <= 0x0A) {
-				if(yych <= 0x00) goto yy11;
-				if(yych <= 0x09) goto yy13;
+				if(yych <= 0x00) goto yy13;
+				if(yych <= 0x09) goto yy10;
+				goto yy12;
 			} else {
-				if(yych == '*') goto yy7;
-				goto yy13;
+				if(yych <= 0x19) goto yy10;
+				if(yych == '*') goto yy6;
+				goto yy15;
 			}
 		} else {
 			if(yych <= '?') {
-				if(yych <= '/') goto yy3;
-				if(yych <= '>') goto yy13;
-				goto yy9;
+				if(yych <= '/') goto yy2;
+				if(yych <= '>') goto yy15;
+				goto yy8;
 			} else {
-				if(yych == '\\') goto yy5;
-				goto yy13;
+				if(yych == '\\') goto yy4;
+				if(yych <= 0x7F) goto yy15;
+				goto yy10;
 			}
 		}
 yy2:
-		YYCURSOR = YYMARKER;
-		goto yy4;
-yy3:
 		yych = *(YYMARKER = ++YYCURSOR);
-		if(yych <= 0x00) goto yy14;
-		if(yych <= '-') goto yy4;
-		if(yych <= '.') goto yy16;
-		if(yych <= '/') goto yy17;
-yy4:
-#line 85 "ext/phar/phar_path_check.re"
+		if(yych <= 0x00) goto yy16;
+		if(yych <= '-') goto yy3;
+		if(yych <= '.') goto yy18;
+		if(yych <= '/') goto yy20;
+yy3:
+#line 92 "ext/phar/phar_path_check.re"
 		{
 			goto loop;
 		}
-#line 84 "ext/phar/phar_path_check.c"
-yy5:
+#line 86 "ext/phar/phar_path_check.c"
+yy4:
 		++YYCURSOR;
-#line 57 "ext/phar/phar_path_check.re"
+#line 60 "ext/phar/phar_path_check.re"
 		{
 			*error = "back-slash";
 			return pcr_err_back_slash;
 		}
-#line 92 "ext/phar/phar_path_check.c"
-yy7:
+#line 94 "ext/phar/phar_path_check.c"
+yy6:
 		++YYCURSOR;
-#line 65 "ext/phar/phar_path_check.re"
+#line 68 "ext/phar/phar_path_check.re"
 		{
 			*error = "star";
 			return pcr_err_star;
 		}
-#line 100 "ext/phar/phar_path_check.c"
-yy9:
+#line 102 "ext/phar/phar_path_check.c"
+yy8:
 		++YYCURSOR;
-#line 69 "ext/phar/phar_path_check.re"
+#line 72 "ext/phar/phar_path_check.re"
 		{
 			if (**s == '/') {
 				(*s)++;
@@ -108,10 +110,22 @@ yy9:
 			*error = NULL;
 			return pcr_use_query;
 		}
-#line 112 "ext/phar/phar_path_check.c"
+#line 114 "ext/phar/phar_path_check.c"
+yy10:
+		++YYCURSOR;
 yy11:
+#line 80 "ext/phar/phar_path_check.re"
+		{
+			*error ="illegal character";
+			return pcr_err_illegal_char;
+		}
+#line 123 "ext/phar/phar_path_check.c"
+yy12:
+		yych = *++YYCURSOR;
+		goto yy11;
+yy13:
 		++YYCURSOR;
-#line 77 "ext/phar/phar_path_check.re"
+#line 84 "ext/phar/phar_path_check.re"
 		{
 			if (**s == '/') {
 				(*s)++;
@@ -120,56 +134,58 @@ yy11:
 			*error = NULL;
 			return pcr_is_ok;
 		}
-#line 124 "ext/phar/phar_path_check.c"
-yy13:
+#line 138 "ext/phar/phar_path_check.c"
+yy15:
 		yych = *++YYCURSOR;
-		goto yy4;
-yy14:
+		goto yy3;
+yy16:
 		++YYCURSOR;
-#line 61 "ext/phar/phar_path_check.re"
+#line 64 "ext/phar/phar_path_check.re"
 		{
 			*error = "empty directory";
 			return pcr_err_empty_entry;
 		}
-#line 135 "ext/phar/phar_path_check.c"
-yy16:
+#line 149 "ext/phar/phar_path_check.c"
+yy18:
 		yych = *++YYCURSOR;
-		if(yych <= 0x00) goto yy20;
-		if(yych <= '-') goto yy2;
-		if(yych <= '.') goto yy19;
-		if(yych <= '/') goto yy20;
-		goto yy2;
-yy17:
+		if(yych <= 0x00) goto yy23;
+		if(yych <= '-') goto yy19;
+		if(yych <= '.') goto yy22;
+		if(yych <= '/') goto yy23;
+yy19:
+		YYCURSOR = YYMARKER;
+		goto yy3;
+yy20:
 		++YYCURSOR;
-#line 45 "ext/phar/phar_path_check.re"
+#line 48 "ext/phar/phar_path_check.re"
 		{
 			*error = "double slash";
 			return pcr_err_double_slash;
 		}
-#line 150 "ext/phar/phar_path_check.c"
-yy19:
+#line 166 "ext/phar/phar_path_check.c"
+yy22:
 		yych = *++YYCURSOR;
-		if(yych <= 0x00) goto yy22;
-		if(yych == '/') goto yy22;
-		goto yy2;
-yy20:
+		if(yych <= 0x00) goto yy25;
+		if(yych == '/') goto yy25;
+		goto yy19;
+yy23:
 		++YYCURSOR;
-#line 53 "ext/phar/phar_path_check.re"
+#line 56 "ext/phar/phar_path_check.re"
 		{
 			*error = "current directory reference";
 			return pcr_err_curr_dir;
 		}
-#line 163 "ext/phar/phar_path_check.c"
-yy22:
+#line 179 "ext/phar/phar_path_check.c"
+yy25:
 		++YYCURSOR;
-#line 49 "ext/phar/phar_path_check.re"
+#line 52 "ext/phar/phar_path_check.re"
 		{
 			*error = "upper directory reference";
 			return pcr_err_up_dir;
 		}
-#line 171 "ext/phar/phar_path_check.c"
+#line 187 "ext/phar/phar_path_check.c"
 	}
 }
-#line 88 "ext/phar/phar_path_check.re"
+#line 95 "ext/phar/phar_path_check.re"
 
 }
diff --git a/ext/phar/phar_path_check.re b/ext/phar/phar_path_check.re
index 07b113ddb6..33a5942724 100755
--- a/ext/phar/phar_path_check.re
+++ b/ext/phar/phar_path_check.re
@@ -24,6 +24,7 @@ phar_path_check_result phar_path_check(char **s, int *len, const char **error)
 {
 	const unsigned char *p = (const unsigned char*)*s;
 	const unsigned char *m;
+
 	if (*len == 1 && *p == '.') {
 		*error = "current directory reference";
 		return pcr_err_curr_dir;
@@ -31,6 +32,7 @@ phar_path_check_result phar_path_check(char **s, int *len, const char **error)
 		*error = "upper directory reference";
 		return pcr_err_up_dir;
 	}
+
 #define YYCTYPE         unsigned char
 #define YYCURSOR        p
 #define YYLIMIT         p+*len
@@ -40,6 +42,7 @@ phar_path_check_result phar_path_check(char **s, int *len, const char **error)
 loop:
 /*!re2c
 END = "\x00";
+ILL = [\x01-\x19\x80-\xFF];
 EOS = "/" | END;
 ANY = .;
 "//" 	{
@@ -74,6 +77,10 @@ ANY = .;
 			*error = NULL;
 			return pcr_use_query;
 		}
+ILL {
+			*error ="illegal character";
+			return pcr_err_illegal_char;
+		}
 END {
 			if (**s == '/') {
 				(*s)++;
-- 
2.40.0