[PHP-CVS] cvs: php-src /ext/phar phar_internal.h zip.c /ext/phar/tests/zip bzip2.phpt /ext/phar/tests/zip/files bz2_alias.phar.zip

Sat, 13 Sep 2008 23:33:09 -0700 

cellog          Sun Sep 14 06:32:53 2008 UTC

  Modified files:              
    /php-src/ext/phar   phar_internal.h zip.c 
    /php-src/ext/phar/tests/zip bzip2.phpt 
    /php-src/ext/phar/tests/zip/files   bz2_alias.phar.zip 
  Log:
  MFB: increase code coverage, fix bzip2-compressed alias in zip
  
http://cvs.php.net/viewvc.cgi/php-src/ext/phar/phar_internal.h?r1=1.117&r2=1.118&diff_format=u
Index: php-src/ext/phar/phar_internal.h
diff -u php-src/ext/phar/phar_internal.h:1.117 
php-src/ext/phar/phar_internal.h:1.118
--- php-src/ext/phar/phar_internal.h:1.117      Sat Sep 13 22:31:18 2008
+++ php-src/ext/phar/phar_internal.h    Sun Sep 14 06:32:52 2008
@@ -17,7 +17,7 @@
   +----------------------------------------------------------------------+
 */
 
-/* $Id: phar_internal.h,v 1.117 2008/09/13 22:31:18 cellog Exp $ */
+/* $Id: phar_internal.h,v 1.118 2008/09/14 06:32:52 cellog Exp $ */
 
 #ifdef HAVE_CONFIG_H
 #include "config.h"
@@ -555,7 +555,7 @@
 static inline int phar_validate_alias(const char *alias, int alias_len) /* {{{ 
*/
 {
        return !(memchr(alias, '/', alias_len) || memchr(alias, '\\', 
alias_len) || memchr(alias, ':', alias_len) ||
-               memchr(alias, ';', alias_len));
+               memchr(alias, ';', alias_len) || memchr(alias, '\n', alias_len) 
|| memchr(alias, '\r', alias_len));
 }
 /* }}} */
 
http://cvs.php.net/viewvc.cgi/php-src/ext/phar/zip.c?r1=1.53&r2=1.54&diff_format=u
Index: php-src/ext/phar/zip.c
diff -u php-src/ext/phar/zip.c:1.53 php-src/ext/phar/zip.c:1.54
--- php-src/ext/phar/zip.c:1.53 Sun Aug 31 20:54:27 2008
+++ php-src/ext/phar/zip.c      Sun Sep 14 06:32:52 2008
@@ -465,10 +465,27 @@
                if (!actual_alias && entry.filename_len == 
sizeof(".phar/alias.txt")-1 && !strncmp(entry.filename, ".phar/alias.txt", 
sizeof(".phar/alias.txt")-1)) {
                        php_stream_filter *filter;
                        off_t saveloc;
+                       /* verify local file header */
+                       phar_zip_file_header local;
 
-                       /* archive alias found, seek to file contents, do not 
validate local header. Potentially risky, but not very. */
+                       /* archive alias found */
                        saveloc = php_stream_tell(fp);
-                       php_stream_seek(fp, PHAR_GET_32(zipentry.offset) + 
sizeof(phar_zip_file_header) + entry.filename_len + 
PHAR_GET_16(zipentry.extra_len), SEEK_SET);
+                       php_stream_seek(fp, PHAR_GET_32(zipentry.offset), 
SEEK_SET);
+
+                       if (sizeof(local) != php_stream_read(fp, (char *) 
&local, sizeof(local))) {
+                               PHAR_ZIP_FAIL("phar error: internal corruption 
of zip-based phar (cannot read local file header for alias)");
+                       }
+
+                       /* verify local header */
+                       if (entry.filename_len != 
PHAR_GET_16(local.filename_len) || entry.crc32 != PHAR_GET_32(local.crc32) || 
entry.uncompressed_filesize != PHAR_GET_32(local.uncompsize) || 
entry.compressed_filesize != PHAR_GET_32(local.compsize)) {
+                               PHAR_ZIP_FAIL("phar error: internal corruption 
of zip-based phar (local head of alias does not match central directory)");
+                       }
+
+                       /* construct actual offset to file start - local 
extra_len can be different from central extra_len */
+                       entry.offset = entry.offset_abs =
+                               sizeof(local) + entry.header_offset + 
PHAR_GET_16(local.filename_len) + PHAR_GET_16(local.extra_len);
+                       php_stream_seek(fp, entry.offset, SEEK_SET);
+
                        mydata->alias_len = entry.uncompressed_filesize;
 
                        if (entry.flags & PHAR_ENT_COMPRESSED_GZ) {
@@ -498,7 +515,6 @@
                                }
 
                                php_stream_filter_append(&fp->readfilters, 
filter);
-                               php_stream_filter_append(&fp->readfilters, 
filter);
 
                                if (!(entry.uncompressed_filesize = 
php_stream_copy_to_mem(fp, &actual_alias, entry.uncompressed_filesize, 0)) || 
!actual_alias) {
                                        pefree(entry.filename, 
entry.is_persistent);
http://cvs.php.net/viewvc.cgi/php-src/ext/phar/tests/zip/bzip2.phpt?r1=1.2&r2=1.3&diff_format=u
Index: php-src/ext/phar/tests/zip/bzip2.phpt
diff -u php-src/ext/phar/tests/zip/bzip2.phpt:1.2 
php-src/ext/phar/tests/zip/bzip2.phpt:1.3
--- php-src/ext/phar/tests/zip/bzip2.phpt:1.2   Sun Aug 31 20:54:28 2008
+++ php-src/ext/phar/tests/zip/bzip2.phpt       Sun Sep 14 06:32:52 2008
@@ -11,6 +11,8 @@
        foreach ($a as $entry => $file) {
                echo $file->getContent();
        }
+       $a = new Phar(dirname(__FILE__) . '/files/bz2_alias.phar.zip');
+       var_dump($a->getAlias());
 } catch (Exception $e) {
        echo $e->getMessage() . "\n";
 }
@@ -77,4 +79,5 @@
 $a->addFile('hi', null, 'hii', null, null, 'compress', 'compress', 11);
 $a->writeZip(dirname(__FILE__) . '/compress_unsupunknown.zip');
 ?>
+string(7) "hithere"
 ===DONE===
http://cvs.php.net/viewvc.cgi/php-src/ext/phar/tests/zip/files/bz2_alias.phar.zip?r1=1.1&r2=1.2&diff_format=u
Index: php-src/ext/phar/tests/zip/files/bz2_alias.phar.zip



-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to