cellog Sun Sep 14 06:31:20 2008 UTC Added files: (Branch: PHP_5_3) /php-src/ext/phar/tests/zip/files bz2_alias.phar.zip
Modified files: /php-src/ext/phar phar_internal.h zip.c /php-src/ext/phar/tests/zip bzip2.phpt Log: increase code coverage, fix bzip2-compressed alias in zip http://cvs.php.net/viewvc.cgi/php-src/ext/phar/phar_internal.h?r1=1.109.2.25&r2=1.109.2.26&diff_format=u Index: php-src/ext/phar/phar_internal.h diff -u php-src/ext/phar/phar_internal.h:1.109.2.25 php-src/ext/phar/phar_internal.h:1.109.2.26 --- php-src/ext/phar/phar_internal.h:1.109.2.25 Sat Sep 13 22:30:55 2008 +++ php-src/ext/phar/phar_internal.h Sun Sep 14 06:31:19 2008 @@ -17,7 +17,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: phar_internal.h,v 1.109.2.25 2008/09/13 22:30:55 cellog Exp $ */ +/* $Id: phar_internal.h,v 1.109.2.26 2008/09/14 06:31:19 cellog Exp $ */ #ifdef HAVE_CONFIG_H #include "config.h" @@ -555,7 +555,7 @@ static inline int phar_validate_alias(const char *alias, int alias_len) /* {{{ */ { return !(memchr(alias, '/', alias_len) || memchr(alias, '\\', alias_len) || memchr(alias, ':', alias_len) || - memchr(alias, ';', alias_len)); + memchr(alias, ';', alias_len) || memchr(alias, '\n', alias_len) || memchr(alias, '\r', alias_len)); } /* }}} */ http://cvs.php.net/viewvc.cgi/php-src/ext/phar/zip.c?r1=1.47.2.18&r2=1.47.2.19&diff_format=u Index: php-src/ext/phar/zip.c diff -u php-src/ext/phar/zip.c:1.47.2.18 php-src/ext/phar/zip.c:1.47.2.19 --- php-src/ext/phar/zip.c:1.47.2.18 Sun Aug 31 02:14:03 2008 +++ php-src/ext/phar/zip.c Sun Sep 14 06:31:20 2008 @@ -465,10 +465,27 @@ if (!actual_alias && entry.filename_len == sizeof(".phar/alias.txt")-1 && !strncmp(entry.filename, ".phar/alias.txt", sizeof(".phar/alias.txt")-1)) { php_stream_filter *filter; off_t saveloc; + /* verify local file header */ + phar_zip_file_header local; - /* archive alias found, seek to file contents, do not validate local header. Potentially risky, but not very. */ + /* archive alias found */ saveloc = php_stream_tell(fp); - php_stream_seek(fp, PHAR_GET_32(zipentry.offset) + sizeof(phar_zip_file_header) + entry.filename_len + PHAR_GET_16(zipentry.extra_len), SEEK_SET); + php_stream_seek(fp, PHAR_GET_32(zipentry.offset), SEEK_SET); + + if (sizeof(local) != php_stream_read(fp, (char *) &local, sizeof(local))) { + PHAR_ZIP_FAIL("phar error: internal corruption of zip-based phar (cannot read local file header for alias)"); + } + + /* verify local header */ + if (entry.filename_len != PHAR_GET_16(local.filename_len) || entry.crc32 != PHAR_GET_32(local.crc32) || entry.uncompressed_filesize != PHAR_GET_32(local.uncompsize) || entry.compressed_filesize != PHAR_GET_32(local.compsize)) { + PHAR_ZIP_FAIL("phar error: internal corruption of zip-based phar (local head of alias does not match central directory)"); + } + + /* construct actual offset to file start - local extra_len can be different from central extra_len */ + entry.offset = entry.offset_abs = + sizeof(local) + entry.header_offset + PHAR_GET_16(local.filename_len) + PHAR_GET_16(local.extra_len); + php_stream_seek(fp, entry.offset, SEEK_SET); + mydata->alias_len = entry.uncompressed_filesize; if (entry.flags & PHAR_ENT_COMPRESSED_GZ) { @@ -498,7 +515,6 @@ } php_stream_filter_append(&fp->readfilters, filter); - php_stream_filter_append(&fp->readfilters, filter); if (!(entry.uncompressed_filesize = php_stream_copy_to_mem(fp, &actual_alias, entry.uncompressed_filesize, 0)) || !actual_alias) { pefree(entry.filename, entry.is_persistent); http://cvs.php.net/viewvc.cgi/php-src/ext/phar/tests/zip/bzip2.phpt?r1=1.1.2.1&r2=1.1.2.2&diff_format=u Index: php-src/ext/phar/tests/zip/bzip2.phpt diff -u php-src/ext/phar/tests/zip/bzip2.phpt:1.1.2.1 php-src/ext/phar/tests/zip/bzip2.phpt:1.1.2.2 --- php-src/ext/phar/tests/zip/bzip2.phpt:1.1.2.1 Thu Aug 21 05:17:28 2008 +++ php-src/ext/phar/tests/zip/bzip2.phpt Sun Sep 14 06:31:20 2008 @@ -11,6 +11,8 @@ foreach ($a as $entry => $file) { echo $file->getContent(); } + $a = new Phar(dirname(__FILE__) . '/files/bz2_alias.phar.zip'); + var_dump($a->getAlias()); } catch (Exception $e) { echo $e->getMessage() . "\n"; } @@ -77,4 +79,5 @@ $a->addFile('hi', null, 'hii', null, null, 'compress', 'compress', 11); $a->writeZip(dirname(__FILE__) . '/compress_unsupunknown.zip'); ?> +string(7) "hithere" ===DONE=== http://cvs.php.net/viewvc.cgi/php-src/ext/phar/tests/zip/files/bz2_alias.phar.zip?view=markup&rev=1.1 Index: php-src/ext/phar/tests/zip/files/bz2_alias.phar.zip +++ php-src/ext/phar/tests/zip/files/bz2_alias.phar.zip -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php