From e94aaeada9ff3f37a99156a47f4d9d6a9b2f3981 Mon Sep 17 00:00:00 2001 From: Greg Beaver Date: Sat, 19 Apr 2008 06:18:13 +0000 Subject: [PATCH] new test for unsupported compression versions, vastly enhance error messages on unsupported compression methods, fix memleak --- ext/phar/tests/zip/corrupt_008.phpt | 101 ++++++++++++++++++ ext/phar/tests/zip/files/compress_unsup1.zip | Bin 0 -> 105 bytes ext/phar/tests/zip/files/compress_unsup10.zip | Bin 0 -> 105 bytes ext/phar/tests/zip/files/compress_unsup14.zip | Bin 0 -> 105 bytes ext/phar/tests/zip/files/compress_unsup18.zip | Bin 0 -> 105 bytes ext/phar/tests/zip/files/compress_unsup19.zip | Bin 0 -> 105 bytes ext/phar/tests/zip/files/compress_unsup2.zip | Bin 0 -> 105 bytes ext/phar/tests/zip/files/compress_unsup3.zip | Bin 0 -> 105 bytes ext/phar/tests/zip/files/compress_unsup4.zip | Bin 0 -> 105 bytes ext/phar/tests/zip/files/compress_unsup5.zip | Bin 0 -> 105 bytes ext/phar/tests/zip/files/compress_unsup6.zip | Bin 0 -> 105 bytes ext/phar/tests/zip/files/compress_unsup7.zip | Bin 0 -> 105 bytes ext/phar/tests/zip/files/compress_unsup9.zip | Bin 0 -> 105 bytes ext/phar/tests/zip/files/compress_unsup97.zip | Bin 0 -> 105 bytes ext/phar/tests/zip/files/compress_unsup98.zip | Bin 0 -> 105 bytes .../tests/zip/files/compress_unsupunknown.zip | Bin 0 -> 105 bytes ext/phar/tests/zip/files/corrupt2.php.inc | 45 ++++++++ .../tests/zip/files/corrupt_zipmaker.php.inc | 25 ++++- ext/phar/tests/zip/files/encrypted.zip | Bin 191 -> 191 bytes ext/phar/tests/zip/files/stdin.zip | Bin 186 -> 186 bytes ext/phar/tests/zip/files/truncfilename.zip | Bin 190 -> 190 bytes ext/phar/zip.c | 40 ++++++- 22 files changed, 205 insertions(+), 6 deletions(-) create mode 100644 ext/phar/tests/zip/corrupt_008.phpt create mode 100644 ext/phar/tests/zip/files/compress_unsup1.zip create mode 100644 ext/phar/tests/zip/files/compress_unsup10.zip create mode 100644 ext/phar/tests/zip/files/compress_unsup14.zip create mode 100644 ext/phar/tests/zip/files/compress_unsup18.zip create mode 100644 ext/phar/tests/zip/files/compress_unsup19.zip create mode 100644 ext/phar/tests/zip/files/compress_unsup2.zip create mode 100644 ext/phar/tests/zip/files/compress_unsup3.zip create mode 100644 ext/phar/tests/zip/files/compress_unsup4.zip create mode 100644 ext/phar/tests/zip/files/compress_unsup5.zip create mode 100644 ext/phar/tests/zip/files/compress_unsup6.zip create mode 100644 ext/phar/tests/zip/files/compress_unsup7.zip create mode 100644 ext/phar/tests/zip/files/compress_unsup9.zip create mode 100644 ext/phar/tests/zip/files/compress_unsup97.zip create mode 100644 ext/phar/tests/zip/files/compress_unsup98.zip create mode 100644 ext/phar/tests/zip/files/compress_unsupunknown.zip diff --git a/ext/phar/tests/zip/corrupt_008.phpt b/ext/phar/tests/zip/corrupt_008.phpt new file mode 100644 index 0000000000..5a20f4d2ec --- /dev/null +++ b/ext/phar/tests/zip/corrupt_008.phpt @@ -0,0 +1,101 @@ +--TEST-- +Phar: unsupported compression methods +--SKIPIF-- + + +--FILE-- +getMessage() . "\n"; +} +try { + new PharData(dirname(__FILE__) . '/files/compress_unsup2.zip'); +} catch (Exception $e) { + echo $e->getMessage() . "\n"; +} +try { + new PharData(dirname(__FILE__) . '/files/compress_unsup3.zip'); +} catch (Exception $e) { + echo $e->getMessage() . "\n"; +} +try { + new PharData(dirname(__FILE__) . '/files/compress_unsup4.zip'); +} catch (Exception $e) { + echo $e->getMessage() . "\n"; +} +try { + new PharData(dirname(__FILE__) . '/files/compress_unsup5.zip'); +} catch (Exception $e) { + echo $e->getMessage() . "\n"; +} +try { + new PharData(dirname(__FILE__) . '/files/compress_unsup6.zip'); +} catch (Exception $e) { + echo $e->getMessage() . "\n"; +} +try { + new PharData(dirname(__FILE__) . '/files/compress_unsup7.zip'); +} catch (Exception $e) { + echo $e->getMessage() . "\n"; +} +try { + new PharData(dirname(__FILE__) . '/files/compress_unsup9.zip'); +} catch (Exception $e) { + echo $e->getMessage() . "\n"; +} +try { + new PharData(dirname(__FILE__) . '/files/compress_unsup10.zip'); +} catch (Exception $e) { + echo $e->getMessage() . "\n"; +} +try { + new PharData(dirname(__FILE__) . '/files/compress_unsup14.zip'); +} catch (Exception $e) { + echo $e->getMessage() . "\n"; +} +try { + new PharData(dirname(__FILE__) . '/files/compress_unsup18.zip'); +} catch (Exception $e) { + echo $e->getMessage() . "\n"; +} +try { + new PharData(dirname(__FILE__) . '/files/compress_unsup19.zip'); +} catch (Exception $e) { + echo $e->getMessage() . "\n"; +} +try { + new PharData(dirname(__FILE__) . '/files/compress_unsup97.zip'); +} catch (Exception $e) { + echo $e->getMessage() . "\n"; +} +try { + new PharData(dirname(__FILE__) . '/files/compress_unsup98.zip'); +} catch (Exception $e) { + echo $e->getMessage() . "\n"; +} +try { + new PharData(dirname(__FILE__) . '/files/compress_unsupunknown.zip'); +} catch (Exception $e) { + echo $e->getMessage() . "\n"; +} +?> +===DONE=== +--EXPECTF-- +phar error: unsupported compression method (Shrunk) used in this zip in zip-based phar "%scompress_unsup1.zip" +phar error: unsupported compression method (Reduce) used in this zip in zip-based phar "%scompress_unsup2.zip" +phar error: unsupported compression method (Reduce) used in this zip in zip-based phar "%scompress_unsup3.zip" +phar error: unsupported compression method (Reduce) used in this zip in zip-based phar "%scompress_unsup4.zip" +phar error: unsupported compression method (Reduce) used in this zip in zip-based phar "%scompress_unsup5.zip" +phar error: unsupported compression method (Implode) used in this zip in zip-based phar "%scompress_unsup6.zip" +phar error: unsupported compression method (Tokenize) used in this zip in zip-based phar "%scompress_unsup7.zip" +phar error: unsupported compression method (Deflate64) used in this zip in zip-based phar "%scompress_unsup9.zip" +phar error: unsupported compression method (PKWare Implode/old IBM TERSE) used in this zip in zip-based phar "%scompress_unsup10.zip" +phar error: unsupported compression method (LZMA) used in this zip in zip-based phar "%scompress_unsup14.zip" +phar error: unsupported compression method (IBM TERSE) used in this zip in zip-based phar "%scompress_unsup18.zip" +phar error: unsupported compression method (IBM LZ77) used in this zip in zip-based phar "%scompress_unsup19.zip" +phar error: unsupported compression method (WavPack) used in this zip in zip-based phar "%scompress_unsup97.zip" +phar error: unsupported compression method (PPMd) used in this zip in zip-based phar "%scompress_unsup98.zip" +phar error: unsupported compression method (unknown) used in this zip in zip-based phar "%scompress_unsupunknown.zip" +===DONE=== diff --git a/ext/phar/tests/zip/files/compress_unsup1.zip b/ext/phar/tests/zip/files/compress_unsup1.zip new file mode 100644 index 0000000000000000000000000000000000000000..bd1f72baf8f4d51266529eff7abfef352054a176 GIT binary patch literal 105 zcmWIWW@Zs#U|?WmDB+xJF~jSMB{Pr*!c0J%k(rU18Q{$bWaCx@REGpIfa+P49^S1 literal 0 HcmV?d00001 diff --git a/ext/phar/tests/zip/files/compress_unsup4.zip b/ext/phar/tests/zip/files/compress_unsup4.zip new file mode 100644 index 0000000000000000000000000000000000000000..76a4dc1aefdff50c8f25e5de2b0a05736518be94 GIT binary patch literal 105 zcmWIWW@Zs#U|?WjDB+xJF~jSMB{Pr*!c0J%k(rU18Q{$bWaCx@REGpIfa+PjODB+xJF~jSMB{Pr*!c0J%k(rU18Q{$bWaCx@REGpIfa+PjMDB+xJF~jSMB{Pr*!c0J%k(rU18Q{$bWaCx@REGpIfa+P literal 0 HcmV?d00001 diff --git a/ext/phar/tests/zip/files/compress_unsupunknown.zip b/ext/phar/tests/zip/files/compress_unsupunknown.zip new file mode 100644 index 0000000000000000000000000000000000000000..170695462adc03b6a1f279aa30853cbc67f83778 GIT binary patch literal 105 zcmWIWW@Zs#U|`^8DB+xJF~jSMB{Pr*!c0J%k(rU18Q{$bWaCx@REGpIfa+PaddFile('hii', null, 'hii', null, null, 'filename_len', 'filename_len'); $a->addFile('hi', null, 'hii'); $a->writeZip(dirname(__FILE__) . '/truncfilename.zip'); +$a = new corrupt_zipmaker; +$a->addFile('hi', null, 'hii', null, null, 'compress', 'compress'); +$a->writeZip(dirname(__FILE__) . '/compress_unsup1.zip'); +$a = new corrupt_zipmaker; +$a->addFile('hi', null, 'hii', null, null, 'compress', 'compress', 2); +$a->writeZip(dirname(__FILE__) . '/compress_unsup2.zip'); +$a = new corrupt_zipmaker; +$a->addFile('hi', null, 'hii', null, null, 'compress', 'compress', 3); +$a->writeZip(dirname(__FILE__) . '/compress_unsup3.zip'); +$a = new corrupt_zipmaker; +$a->addFile('hi', null, 'hii', null, null, 'compress', 'compress', 4); +$a->writeZip(dirname(__FILE__) . '/compress_unsup4.zip'); +$a = new corrupt_zipmaker; +$a->addFile('hi', null, 'hii', null, null, 'compress', 'compress', 5); +$a->writeZip(dirname(__FILE__) . '/compress_unsup5.zip'); +$a = new corrupt_zipmaker; +$a->addFile('hi', null, 'hii', null, null, 'compress', 'compress', 6); +$a->writeZip(dirname(__FILE__) . '/compress_unsup6.zip'); +$a = new corrupt_zipmaker; +$a->addFile('hi', null, 'hii', null, null, 'compress', 'compress', 7); +$a->writeZip(dirname(__FILE__) . '/compress_unsup7.zip'); +$a = new corrupt_zipmaker; +$a->addFile('hi', null, 'hii', null, null, 'compress', 'compress', 9); +$a->writeZip(dirname(__FILE__) . '/compress_unsup9.zip'); +$a = new corrupt_zipmaker; +$a->addFile('hi', null, 'hii', null, null, 'compress', 'compress', 10); +$a->writeZip(dirname(__FILE__) . '/compress_unsup10.zip'); +$a = new corrupt_zipmaker; +$a->addFile('hi', null, 'hii', null, null, 'compress', 'compress', 14); +$a->writeZip(dirname(__FILE__) . '/compress_unsup14.zip'); +$a = new corrupt_zipmaker; +$a->addFile('hi', null, 'hii', null, null, 'compress', 'compress', 18); +$a->writeZip(dirname(__FILE__) . '/compress_unsup18.zip'); +$a = new corrupt_zipmaker; +$a->addFile('hi', null, 'hii', null, null, 'compress', 'compress', 19); +$a->writeZip(dirname(__FILE__) . '/compress_unsup19.zip'); +$a = new corrupt_zipmaker; +$a->addFile('hi', null, 'hii', null, null, 'compress', 'compress', 97); +$a->writeZip(dirname(__FILE__) . '/compress_unsup97.zip'); +$a = new corrupt_zipmaker; +$a->addFile('hi', null, 'hii', null, null, 'compress', 'compress', 98); +$a->writeZip(dirname(__FILE__) . '/compress_unsup98.zip'); +$a = new corrupt_zipmaker; +$a->addFile('hi', null, 'hii', null, null, 'compress', 'compress', 11); +$a->writeZip(dirname(__FILE__) . '/compress_unsupunknown.zip'); ?> diff --git a/ext/phar/tests/zip/files/corrupt_zipmaker.php.inc b/ext/phar/tests/zip/files/corrupt_zipmaker.php.inc index 0a8cab6e8f..2c1719920d 100644 --- a/ext/phar/tests/zip/files/corrupt_zipmaker.php.inc +++ b/ext/phar/tests/zip/files/corrupt_zipmaker.php.inc @@ -84,7 +84,7 @@ class corrupt_zipmaker return $mtime; } - private function getFileEntry($compmethod, $mtime, $crc32, $complength, $uncomplength, $filename, $data, $corrupt) + private function getFileEntry($compmethod, $mtime, $crc32, $complength, $uncomplength, $filename, $data, $corrupt, $fakecomp) { switch ($corrupt) { case null : @@ -94,6 +94,13 @@ class corrupt_zipmaker $filename . $data; break; + case 'compress' : + $file = "PK\x03\x04\x14\x00\x00\x00" . pack('v', $fakecomp) . + $mtime . + pack("VVVvv", $crc32, $complength, $uncomplength, strlen($filename), 0x00) . + $filename . + $data; + break; case 'encrypt' : $file = "PK\x03\x04\x14\x00\x01\x00" . pack('v', $compmethod) . $mtime . @@ -154,7 +161,7 @@ class corrupt_zipmaker return $file; } - private function getCentralEntry($compmethod, $mtime, $crc32, $complength, $uncomplength, $filename, $comment, $corrupt, &$offset) + private function getCentralEntry($compmethod, $mtime, $crc32, $complength, $uncomplength, $filename, $comment, $corrupt, &$offset, $fakecomp) { settype($comment, 'string'); switch ($corrupt) { @@ -174,6 +181,14 @@ class corrupt_zipmaker $filename . $comment; $offset = strlen($central); break; + case 'compress' : + $central = "PK\x01\x02\x00\x00\x14\x00\x00\x00" . pack('v', $fakecomp) . + $mtime . + pack("VVVvvvvvVV", $crc32, $complength, $uncomplength, strlen($filename), 0x00,strlen($comment),0x00,0x00, + 0x0000, $this->offset). + $filename . $comment; + $offset = strlen($central); + break; case 'crc32' : $central = "PK\x01\x02\x00\x00\x14\x00\x00\x00" . pack('v', $compmethod) . $mtime . @@ -226,7 +241,7 @@ class corrupt_zipmaker return $central; } - function addFile($filename, $mtime, $data, $comment = null, $compress = null, $filecorrupt = null, $centralcorrupt = null) + function addFile($filename, $mtime, $data, $comment = null, $compress = null, $filecorrupt = null, $centralcorrupt = null, $fakecomp = 1) { $mtime = $this->getMTime($mtime ? $mtime : null); @@ -245,10 +260,10 @@ class corrupt_zipmaker } $complength = strlen($data); - $this->start .= ($file = $this->getFileEntry($compmethod, $mtime, $crc32, $complength, $uncomplength, $filename, $data, $filecorrupt)); + $this->start .= ($file = $this->getFileEntry($compmethod, $mtime, $crc32, $complength, $uncomplength, $filename, $data, $filecorrupt, $fakecomp)); $offset = 0; - $this->central .= $this->getCentralEntry($compmethod, $mtime, $crc32, $complength, $uncomplength, $filename, $comment, $centralcorrupt, $offset); + $this->central .= $this->getCentralEntry($compmethod, $mtime, $crc32, $complength, $uncomplength, $filename, $comment, $centralcorrupt, $offset, $fakecomp); $this->offset += $offset; $this->count++; diff --git a/ext/phar/tests/zip/files/encrypted.zip b/ext/phar/tests/zip/files/encrypted.zip index 99a38c821a3d399ed8aafa3e5c0801799951c70a..dee73cad37083807ac6e234f87e5dc9af747c728 100644 GIT binary patch delta 38 kcmdnbxSx?Hz?+#xgaHIfI4ANbG66|_RS+4b2O`@n0h7K6MF0Q* delta 38 kcmdnbxSx?Hz?+#xgaHH$*(dTSG66|_RS+4b2O`@n0fepxF#rGn diff --git a/ext/phar/tests/zip/files/stdin.zip b/ext/phar/tests/zip/files/stdin.zip index 836b74d8cd9fc3da5005fa43732e0b8b65f3df60..4376eb67fa50e89d221cffd7f29761e66844e07b 100644 GIT binary patch delta 38 kcmdnRxQme|z?+#xgaHIfI4ANbG66|_We^#n2O?X{0FoOBG5`Po delta 38 kcmdnRxQme|z?+#xgaHH$*(dTSG66|_We^#n2O?X{0D}t$9smFU diff --git a/ext/phar/tests/zip/files/truncfilename.zip b/ext/phar/tests/zip/files/truncfilename.zip index 1682e1f0aaf9e6335ac4ba3e7da0f097e79f848c..d8a526a4bb4319bf09a1606e1e93891b36595fcc 100644 GIT binary patch delta 41 ncmdnTxQ~%1z?+#xgaHIfI42s2OjO`w0x^_9WT-xfY_k9WuV)Dt delta 41 ncmdnTxQ~%1z?+#xgaHH$*(Vx^OjO`w0x^_9WT-xfY_k9WpNI$p diff --git a/ext/phar/zip.c b/ext/phar/zip.c index 6724cf6825..0d3a207611 100644 --- a/ext/phar/zip.c +++ b/ext/phar/zip.c @@ -304,6 +304,7 @@ foundit: if (PHAR_GET_16(zipentry.extra_len)) { off_t loc = php_stream_tell(fp); if (FAILURE == phar_zip_process_extra(fp, &entry, PHAR_GET_16(zipentry.extra_len) TSRMLS_CC)) { + efree(entry.filename); PHAR_ZIP_FAIL("Unable to process extra field header for file in central directory"); } php_stream_seek(fp, loc + PHAR_GET_16(zipentry.extra_len), SEEK_SET); @@ -324,8 +325,45 @@ foundit: PHAR_ZIP_FAIL("bzip2 extension is required"); } break; + case 1 : + efree(entry.filename); + PHAR_ZIP_FAIL("unsupported compression method (Shrunk) used in this zip"); + case 2 : + case 3 : + case 4 : + case 5 : + efree(entry.filename); + PHAR_ZIP_FAIL("unsupported compression method (Reduce) used in this zip"); + case 6 : + efree(entry.filename); + PHAR_ZIP_FAIL("unsupported compression method (Implode) used in this zip"); + case 7 : + efree(entry.filename); + PHAR_ZIP_FAIL("unsupported compression method (Tokenize) used in this zip"); + case 9 : + efree(entry.filename); + PHAR_ZIP_FAIL("unsupported compression method (Deflate64) used in this zip"); + case 10 : + efree(entry.filename); + PHAR_ZIP_FAIL("unsupported compression method (PKWare Implode/old IBM TERSE) used in this zip"); + case 14 : + efree(entry.filename); + PHAR_ZIP_FAIL("unsupported compression method (LZMA) used in this zip"); + case 18 : + efree(entry.filename); + PHAR_ZIP_FAIL("unsupported compression method (IBM TERSE) used in this zip"); + case 19 : + efree(entry.filename); + PHAR_ZIP_FAIL("unsupported compression method (IBM LZ77) used in this zip"); + case 97 : + efree(entry.filename); + PHAR_ZIP_FAIL("unsupported compression method (WavPack) used in this zip"); + case 98 : + efree(entry.filename); + PHAR_ZIP_FAIL("unsupported compression method (PPMd) used in this zip"); default : - PHAR_ZIP_FAIL("unsupported compression method used in this zip"); + efree(entry.filename); + PHAR_ZIP_FAIL("unsupported compression method (unknown) used in this zip"); } /* get file metadata */ if (zipentry.comment_len) { -- 2.50.1