From 11c93b84946461373c4716eedeb90385e19d59b8 Mon Sep 17 00:00:00 2001 From: Greg Beaver Date: Sat, 26 Apr 2008 22:31:44 +0000 Subject: [PATCH] add checking for invalid alias on opening tar, and test --- ext/phar/tar.c | 31 ++++++++++++++++++++ ext/phar/tests/tar/badalias.phpt | 25 ++++++++++++++++ ext/phar/tests/tar/files/badalias1.phar.tar | Bin 0 -> 3072 bytes ext/phar/tests/tar/files/badalias2.phar.tar | Bin 0 -> 3072 bytes ext/phar/tests/tar/files/badalias3.phar.tar | Bin 0 -> 3072 bytes ext/phar/tests/tar/files/badalias4.phar.tar | Bin 0 -> 3072 bytes ext/phar/tests/tar/files/badalias5.phar.tar | Bin 0 -> 3584 bytes 7 files changed, 56 insertions(+) create mode 100644 ext/phar/tests/tar/badalias.phpt create mode 100644 ext/phar/tests/tar/files/badalias1.phar.tar create mode 100644 ext/phar/tests/tar/files/badalias2.phar.tar create mode 100644 ext/phar/tests/tar/files/badalias3.phar.tar create mode 100644 ext/phar/tests/tar/files/badalias4.phar.tar create mode 100644 ext/phar/tests/tar/files/badalias5.phar.tar diff --git a/ext/phar/tar.c b/ext/phar/tar.c index fccc33c5a7..bf60763722 100644 --- a/ext/phar/tar.c +++ b/ext/phar/tar.c @@ -284,8 +284,39 @@ int phar_open_tarfile(php_stream* fp, char *fname, int fname_len, char *alias, i if (!actual_alias && entry.filename_len == sizeof(".phar/alias.txt")-1 && !strncmp(entry.filename, ".phar/alias.txt", sizeof(".phar/alias.txt")-1)) { size_t read; /* found explicit alias */ + if (size > 511) { + if (error) { + spprintf(error, 4096, "phar error: tar-based phar \"%s\" has alias that is larger than 511 bytes, cannot process", fname); + } + php_stream_close(fp); + zend_hash_destroy(&myphar->manifest); + myphar->manifest.arBuckets = 0; + zend_hash_destroy(&myphar->mounted_dirs); + myphar->mounted_dirs.arBuckets = 0; + efree(myphar); + return FAILURE; + } read = php_stream_read(fp, buf, size); if (read == size) { + buf[size] = '\0'; + if (!phar_validate_alias(buf, size)) { + if (size > 50) { + buf[50] = '.'; + buf[51] = '.'; + buf[52] = '.'; + buf[53] = '\0'; + } + if (error) { + spprintf(error, 4096, "phar error: invalid alias \"%s\" in tar-based phar \"%s\"", buf, fname); + } + php_stream_close(fp); + zend_hash_destroy(&myphar->manifest); + myphar->manifest.arBuckets = 0; + zend_hash_destroy(&myphar->mounted_dirs); + myphar->mounted_dirs.arBuckets = 0; + efree(myphar); + return FAILURE; + } actual_alias = estrndup(buf, size); myphar->alias = actual_alias; myphar->alias_len = size; diff --git a/ext/phar/tests/tar/badalias.phpt b/ext/phar/tests/tar/badalias.phpt new file mode 100644 index 0000000000..441fc03ae7 --- /dev/null +++ b/ext/phar/tests/tar/badalias.phpt @@ -0,0 +1,25 @@ +--TEST-- +Phar: invalid aliases +--SKIPIF-- + + + +--FILE-- +getMessage(), "\n"; +} +} +?> +===DONE=== +--EXPECTF-- +phar error: invalid alias "hi/thereaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa..." in tar-based phar "%sbadalias1.phar.tar" +phar error: invalid alias "hi\there" in tar-based phar "%sbadalias2.phar.tar" +phar error: invalid alias "hi;there" in tar-based phar "%sbadalias3.phar.tar" +phar error: invalid alias "hi:there" in tar-based phar "%sbadalias4.phar.tar" +phar error: tar-based phar "%sbadalias5.phar.tar" has alias that is larger than 511 bytes, cannot process +===DONE=== diff --git a/ext/phar/tests/tar/files/badalias1.phar.tar b/ext/phar/tests/tar/files/badalias1.phar.tar new file mode 100644 index 0000000000000000000000000000000000000000..6cd4716d8ff25585b91e4d2f2f9f80c9b0d05742 GIT binary patch literal 3072 zcmdNZ$Ve>GPt3_oEY>TjC}E%lFf=eQGcjRcPyhh~1ymX&W^SZl2vlTZZe(U`Vx*v8 zXk=t+tiWJE3&)_FSz26@Sj1pp5KviET8u7<#3v+=q;x1TGcxr{GE$3D6G;X`$(N&U z#T5d2;QU`)Qkn#072r}unK;4xZ)|{`{|yZcNAo{rp-!A`8+%~1E5yfpIQoRdJNx?v dc>1^oX=qv#r+ZY@Xb6mkz-S1JhQLq_0RT`HMtJ}L literal 0 HcmV?d00001 diff --git a/ext/phar/tests/tar/files/badalias2.phar.tar b/ext/phar/tests/tar/files/badalias2.phar.tar new file mode 100644 index 0000000000000000000000000000000000000000..5face85827193a054fc870a711cac2ae3390cb26 GIT binary patch literal 3072 zcmdNZ$Ve>GPt3_oEY>TjC}E%lFf=eQGcjRcPyhh~1ymX&W@w;b2vlTZZe(U`Vg%$H z8JQR>Fc{FnG3aKN7MCOzF&G#GR2G#Mqe~+33CSZV9ZJlM%$Sml)S}d(!Ph^a+V~_V*3&^l=T+ Z(6pwNeWT`%hQMeDjE2By2n>!8005IvGphgq literal 0 HcmV?d00001 diff --git a/ext/phar/tests/tar/files/badalias3.phar.tar b/ext/phar/tests/tar/files/badalias3.phar.tar new file mode 100644 index 0000000000000000000000000000000000000000..ab36e1f343689cecc35759b79527a17c5bafb70a GIT binary patch literal 3072 zcmdNZ$Ve>GPt3_oEY>TjC}E%lFf=eQGcjRcPyhh~1ymX&W@w;b2vlTZZe(U`Vg%$H z8JQR>Fc{FnG3aKN7MCOzF&G#GR2G#Mqe~+33CSZV9ZJlMOzV=2)S}d(!Ph^a+V~_V*3&^l=T+ Z(6pwNeWT`%hQMeDjE2By2n>!8002pYGl~EJ literal 0 HcmV?d00001 diff --git a/ext/phar/tests/tar/files/badalias4.phar.tar b/ext/phar/tests/tar/files/badalias4.phar.tar new file mode 100644 index 0000000000000000000000000000000000000000..c54e31d4fc45b229d641d2f81234ebc54d919ed9 GIT binary patch literal 3072 zcmdNZ$Ve>GPt3_oEY>TjC}E%lFf=eQGcjRcPyhh~1ymX&W@w;b2vlTZZe(U`Vg%$H z8JQR>Fc{FnG3aKN7MCOzF&G#GR2G#Mqe~+33CSZV9ZJlMOskTN)S}d(!Ph^a+V~_V*3&^l=T+ Z(6pwNeWT`%hQMeDjE2By2n>!8002LQGl>8I literal 0 HcmV?d00001 diff --git a/ext/phar/tests/tar/files/badalias5.phar.tar b/ext/phar/tests/tar/files/badalias5.phar.tar new file mode 100644 index 0000000000000000000000000000000000000000..dd52b6ac7de0615e1ac5c55951f609d63144ffaf GIT binary patch literal 3584 zcmdNZ$Ve>GPt3_oEY>TjC}E%lFf=eQGcjRcPyhh~1you=!O+~)K*12G$i&>p%-F;T zC}L!6Xs*CuKnus9n^{_1l32uGU=UDQR9cKKiNq%)kEC=cF%w6@Xb6mkz_1SiTxF6T zxco0JDNO>h3UH~SOq@XZub^OzQT`hm7><_zl!ZERx^3)%(XJ35@8ReZ67THq8{p~V a8l<6VO`PsgRihy=8UmvsFd70wH3R^OC##D9 literal 0 HcmV?d00001 -- 2.50.1