From 8f7e378b9f2fb4f2bb5605d9440d7d34bee6978a Mon Sep 17 00:00:00 2001
From: Michael Wallner <mike@php.net>
Date: Mon, 30 Mar 2015 14:41:30 +0200
Subject: [PATCH] fix bug #67761

Phar::mapPhar fails for Phars inside a path containing ".tar".

Strengthen the silly .tar file extension check.
---
 NEWS                                          |   4 +++-
 ext/phar/tar.c                                |   7 +++++--
 ext/phar/tests/tar/bug67761.phpt              |  19 ++++++++++++++++++
 .../tar/files/bug67761.tar/bug67761.phar      | Bin 0 -> 12256 bytes
 4 files changed, 27 insertions(+), 3 deletions(-)
 create mode 100644 ext/phar/tests/tar/bug67761.phpt
 create mode 100644 ext/phar/tests/tar/files/bug67761.tar/bug67761.phar

diff --git a/NEWS b/NEWS
index 1cbaff8f02..f073c9cf04 100644
--- a/NEWS
+++ b/NEWS
@@ -40,8 +40,10 @@ PHP                                                                        NEWS
   . Add a check for RAND_egd to allow compiling against LibreSSL (Leigh)
 
 - Phar:
-  . Fixed bug 64343 (PharData::extractTo fails for tarball created by BSD tar).
+  . Fixed bug #64343 (PharData::extractTo fails for tarball created by BSD tar).
     (Mike)
+  . Fixed bug #67761 (Phar::mapPhar fails for Phars inside a path containing 
+    ".tar"). (Mike)
 
 - Postgres:
   . Fixed bug #68741 (Null pointer dereference) (CVE-2015-1352). (Laruence)
diff --git a/ext/phar/tar.c b/ext/phar/tar.c
index 844c6b5419..c4a81fb799 100644
--- a/ext/phar/tar.c
+++ b/ext/phar/tar.c
@@ -102,7 +102,7 @@ int phar_is_tar(char *buf, char *fname) /* {{{ */
 	tar_header *header = (tar_header *) buf;
 	php_uint32 checksum = phar_tar_number(header->checksum, sizeof(header->checksum));
 	php_uint32 ret;
-	char save[sizeof(header->checksum)];
+	char save[sizeof(header->checksum)], *bname;
 
 	/* assume that the first filename in a tar won't begin with <?php */
 	if (!strncmp(buf, "<?php", sizeof("<?php")-1)) {
@@ -113,7 +113,10 @@ int phar_is_tar(char *buf, char *fname) /* {{{ */
 	memset(header->checksum, ' ', sizeof(header->checksum));
 	ret = (checksum == phar_tar_checksum(buf, 512));
 	memcpy(header->checksum, save, sizeof(header->checksum));
-	if (!ret && strstr(fname, ".tar")) {
+	if ((bname = strrchr(fname, PHP_DIR_SEPARATOR))) {
+		fname = bname;
+	}
+	if (!ret && (bname = strstr(fname, ".tar")) && (bname[4] == '\0' || bname[4] == '.')) {
 		/* probably a corrupted tar - so we will pretend it is one */
 		return 1;
 	}
diff --git a/ext/phar/tests/tar/bug67761.phpt b/ext/phar/tests/tar/bug67761.phpt
new file mode 100644
index 0000000000..860213d28e
--- /dev/null
+++ b/ext/phar/tests/tar/bug67761.phpt
@@ -0,0 +1,19 @@
+--TEST--
+Bug #67761 (Phar::mapPhar fails for Phars inside a path containing ".tar")
+--SKIPIF--
+<?php extension_loaded("phar") or die("SKIP need ext/phar suppport"); ?>
+--FILE--
+<?php 
+
+echo "Test\n";
+
+include __DIR__."/files/bug67761.tar/bug67761.phar";
+
+?>
+
+===DONE===
+--EXPECT--
+Test
+#!/usr/bin/env php
+Test
+===DONE===
diff --git a/ext/phar/tests/tar/files/bug67761.tar/bug67761.phar b/ext/phar/tests/tar/files/bug67761.tar/bug67761.phar
new file mode 100644
index 0000000000000000000000000000000000000000..408eca1e35ca892a98bc25ce401c67f04270a8b2
GIT binary patch
literal 12256
zcmeI&ze~eF6u|N7BmoEA+|CqCyCj=KB33J6g_ahni%Y0_B^A<M^P}h_?z;F7boDQA
z6*s{@qAuN>ogBQgt$%{kH}LWvmzQuHm(O&?O)pOq@4VOdWPc=7q^zBaxm&HMllXqz
zQKl$4nM^ZR>C!0&mX*k1-b<u#%!u!Ke@_>ca&%W1*7ob|@Sxdf9oG*}O65RQc2}*l
zLZPs%V@=1Bj@h-M)BH1PUDvOB8>c2uhi~KOd7J4;2eEXs>+Hjw^_cwd_-!wGey1<w
zMKln0TTj{!isC9yGhtp7mw6oDh&0Q)U5jznf&IXLfde>z12}*KIDi8<fCD&y12}*K
zIDi8<fCD&y12}*KIDi8<fCD&y12}*KIDi8<fCD&y12}*KIDi8<fCD)2pAOuIpUL>;
XX|y%jexFRE+THC})10qAsy3=WMta&Q

literal 0
HcmV?d00001

-- 
2.40.0