cellog Thu Sep 11 03:29:42 2008 UTC
Modified files:
/php-src/ext/phar phar_object.c util.c
/php-src/ext/phar/tests bug46032.phpt
Log:
MFPHP5: fix Bug #46032: PharData::__construct wrong memory read
http://cvs.php.net/viewvc.cgi/php-src/ext/phar/phar_object.c?r1=1.282&r2=1.283&diff_format=u
Index: php-src/ext/phar/phar_object.c
diff -u php-src/ext/phar/phar_object.c:1.282
php-src/ext/phar/phar_object.c:1.283
--- php-src/ext/phar/phar_object.c:1.282 Sun Aug 31 20:54:27 2008
+++ php-src/ext/phar/phar_object.c Thu Sep 11 03:29:42 2008
@@ -17,7 +17,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: phar_object.c,v 1.282 2008/08/31 20:54:27 sfox Exp $ */
+/* $Id: phar_object.c,v 1.283 2008/09/11 03:29:42 cellog Exp $ */
#include "phar_internal.h"
#include "func_interceptors.h"
@@ -1165,10 +1165,10 @@
return;
}
+ save_fname = fname;
if (SUCCESS == phar_split_fname(fname, fname_len, &arch, &arch_len,
&entry, &entry_len, !is_data, 2 TSRMLS_CC)) {
/* use arch (the basename for the archive) for fname instead of
fname */
/* this allows support for RecursiveDirectoryIterator of
subdirectories */
- save_fname = fname;
#ifdef PHP_WIN32
phar_unixify_path_separators(arch, arch_len);
#endif
@@ -1178,7 +1178,6 @@
} else {
arch = estrndup(fname, fname_len);
arch_len = fname_len;
- save_fname = fname;
fname = arch;
phar_unixify_path_separators(arch, arch_len);
#endif
@@ -1186,7 +1185,7 @@
if (phar_open_or_create_filename(fname, fname_len, alias, alias_len,
is_data, REPORT_ERRORS, &phar_data, &error TSRMLS_CC) == FAILURE) {
- if (fname == arch) {
+ if (fname == arch && fname != save_fname) {
efree(arch);
fname = save_fname;
}
http://cvs.php.net/viewvc.cgi/php-src/ext/phar/util.c?r1=1.61&r2=1.62&diff_format=u
Index: php-src/ext/phar/util.c
diff -u php-src/ext/phar/util.c:1.61 php-src/ext/phar/util.c:1.62
--- php-src/ext/phar/util.c:1.61 Sun Aug 31 20:54:27 2008
+++ php-src/ext/phar/util.c Thu Sep 11 03:29:42 2008
@@ -18,7 +18,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: util.c,v 1.61 2008/08/31 20:54:27 sfox Exp $ */
+/* $Id: util.c,v 1.62 2008/09/11 03:29:42 cellog Exp $ */
#include "phar_internal.h"
@@ -1186,6 +1186,10 @@
}
/* }}} */
+static int phar_retrieve_apc(fname, fname_len, archive)
+{
+}
+
/**
* Looks up a phar archive in the filename map, connecting it to the alias
* (if any) or returns null
@@ -1381,11 +1385,18 @@
return SUCCESS;
}
+<<<<<<< util.c
+ if (SUCCESS == phar_retrieve_apc(fname, fname_len, archive)) {
+ efree(my_realpath);
+ return SUCCESS;
+ }
+=======
if (PHAR_G(manifest_cached) && SUCCESS ==
zend_hash_quick_find(&cached_phars, fname, fname_len, fhash, (void**)&fd_ptr)) {
goto realpath_success;
}
+>>>>>>> 1.60
efree(my_realpath);
}
http://cvs.php.net/viewvc.cgi/php-src/ext/phar/tests/bug46032.phpt?r1=1.1&r2=1.2&diff_format=u
Index: php-src/ext/phar/tests/bug46032.phpt
diff -u /dev/null php-src/ext/phar/tests/bug46032.phpt:1.2
--- /dev/null Thu Sep 11 03:29:42 2008
+++ php-src/ext/phar/tests/bug46032.phpt Thu Sep 11 03:29:42 2008
@@ -0,0 +1,34 @@
+--TEST--
+Phar: bug #46032: PharData::__construct wrong memory read
+--SKIPIF--
+<?php if (!extension_loaded("phar")) die("skip"); ?>
+<?php if (getenv('SKIP_SLOW_TESTS')) die('skip'); ?>
+--FILE--
+<?php
+
+$a = __DIR__ .'/mytest';
+
+try {
+ new phar($a);
+} catch (exception $e) { }
+
+var_dump($a);
+
+try {
+ new phar($a);
+} catch (exception $e) { }
+
+var_dump($a);
+
+new phardata('0000000000000000000');
+?>
+===DONE===
+--EXPECTF--
+string(%d) "%smytest"
+string(%d) "%smytest"
+
+Fatal error: Uncaught exception 'UnexpectedValueException' with message
'Cannot create phar '0000000000000000000', file extension (or combination) not
recognised' in %sbug46032.php:%d
+Stack trace:
+#0 /home/cellog/workspace/php5/ext/phar/tests/bug46032.php(%d):
PharData->__construct('000000000000000...')
+#1 {main}
+ thrown in %sbug46032.php on line %d
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
