iliaa Mon, 03 May 2010 14:41:40 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=298908
Log: Fixed bug #51690 (Phar::setStub looks for case-sensitive __HALT_COMPILER()) Bug: http://bugs.php.net/51690 (Verified) Phar::setStub looks for case-sensitive __HALT_COMPILER() Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/phar/phar.c U php/php-src/branches/PHP_5_3/ext/phar/tar.c U php/php-src/branches/PHP_5_3/ext/phar/zip.c U php/php-src/trunk/ext/phar/phar.c U php/php-src/trunk/ext/phar/tar.c U php/php-src/trunk/ext/phar/zip.c Modified: php/php-src/branches/PHP_5_3/NEWS =================================================================== --- php/php-src/branches/PHP_5_3/NEWS 2010-05-03 14:32:43 UTC (rev 298907) +++ php/php-src/branches/PHP_5_3/NEWS 2010-05-03 14:41:40 UTC (rev 298908) @@ -37,6 +37,8 @@ requests (Fixes CVE-2010-0397, bug #51288). (Raphael Geissert) - Fixed 64-bit integer overflow in mhash_keygen_s2k(). (Clément LECIGNE, Stas) +- Fixed bug #51690 (Phar::setStub looks for case-sensitive + __HALT_COMPILER()). (Ilia) - Fixed bug #51688 (ini per dir crashes when invalid document root are given). (Pierre) - Fixed bug #51671 (imagefill does not work correctly for small images). Modified: php/php-src/branches/PHP_5_3/ext/phar/phar.c =================================================================== --- php/php-src/branches/PHP_5_3/ext/phar/phar.c 2010-05-03 14:32:43 UTC (rev 298907) +++ php/php-src/branches/PHP_5_3/ext/phar/phar.c 2010-05-03 14:41:40 UTC (rev 298908) @@ -2563,8 +2563,8 @@ */ int phar_flush(phar_archive_data *phar, char *user_stub, long len, int convert, char **error TSRMLS_DC) /* {{{ */ { -/* static const char newstub[] = "<?php __HALT_COMPILER(); ?>\r\n"; */ - char *newstub; + char halt_stub[] = "__HALT_COMPILER();"; + char *newstub, *tmp; phar_entry_info *entry, *newentry; int halt_offset, restore_alias_len, global_flags = 0, closeoldfile; char *pos, has_dirs = 0; @@ -2665,8 +2665,9 @@ } else { free_user_stub = 0; } - if ((pos = strstr(user_stub, "__HALT_COMPILER();")) == NULL) - { + tmp = estrndup(user_stub, len); + if ((pos = php_stristr(tmp, halt_stub, len, sizeof(halt_stub) - 1)) == NULL) { + efree(tmp); if (closeoldfile) { php_stream_close(oldfile); } @@ -2679,6 +2680,8 @@ } return EOF; } + pos = user_stub + (pos - tmp); + efree(tmp); len = pos - user_stub + 18; if ((size_t)len != php_stream_write(newfile, user_stub, len) || 5 != php_stream_write(newfile, " ?>\r\n", 5)) { Modified: php/php-src/branches/PHP_5_3/ext/phar/tar.c =================================================================== --- php/php-src/branches/PHP_5_3/ext/phar/tar.c 2010-05-03 14:32:43 UTC (rev 298907) +++ php/php-src/branches/PHP_5_3/ext/phar/tar.c 2010-05-03 14:41:40 UTC (rev 298908) @@ -911,7 +911,8 @@ php_stream *oldfile, *newfile, *stubfile; int closeoldfile, free_user_stub, signature_length; struct _phar_pass_tar_info pass; - char *buf, *signature, sigbuf[8]; + char *buf, *signature, *tmp, sigbuf[8]; + char halt_stub[] = "__HALT_COMPILER();"; entry.flags = PHAR_ENT_PERM_DEF_FILE; entry.timestamp = time(NULL); @@ -990,7 +991,9 @@ free_user_stub = 0; } - if ((pos = strstr(user_stub, "__HALT_COMPILER();")) == NULL) { + tmp = estrndup(user_stub, len); + if ((pos = php_stristr(tmp, halt_stub, len, sizeof(halt_stub) - 1)) == NULL) { + efree(tmp); if (error) { spprintf(error, 0, "illegal stub for tar-based phar \"%s\"", phar->fname); } @@ -999,6 +1002,8 @@ } return EOF; } + pos = user_stub + (pos - tmp); + efree(tmp); len = pos - user_stub + 18; entry.fp = php_stream_fopen_tmpfile(); Modified: php/php-src/branches/PHP_5_3/ext/phar/zip.c =================================================================== --- php/php-src/branches/PHP_5_3/ext/phar/zip.c 2010-05-03 14:32:43 UTC (rev 298907) +++ php/php-src/branches/PHP_5_3/ext/phar/zip.c 2010-05-03 14:41:40 UTC (rev 298908) @@ -1167,6 +1167,9 @@ char *pos; smart_str main_metadata_str = {0}; static const char newstub[] = "<?php // zip-based phar archive stub file\n__HALT_COMPILER();"; + char halt_stub[] = "__HALT_COMPILER();"; + char *tmp; + php_stream *stubfile, *oldfile; php_serialize_data_t metadata_hash; int free_user_stub, closeoldfile = 0; @@ -1261,8 +1264,9 @@ free_user_stub = 0; } - if ((pos = strstr(user_stub, "__HALT_COMPILER();")) == NULL) - { + tmp = estrndup(user_stub, len); + if ((pos = php_stristr(tmp, halt_stub, len, sizeof(halt_stub) - 1)) == NULL) { + efree(tmp); if (error) { spprintf(error, 0, "illegal stub for zip-based phar \"%s\"", phar->fname); } @@ -1271,6 +1275,8 @@ } return EOF; } + pos = user_stub + (pos - tmp); + efree(tmp); len = pos - user_stub + 18; entry.fp = php_stream_fopen_tmpfile(); Modified: php/php-src/trunk/ext/phar/phar.c =================================================================== --- php/php-src/trunk/ext/phar/phar.c 2010-05-03 14:32:43 UTC (rev 298907) +++ php/php-src/trunk/ext/phar/phar.c 2010-05-03 14:41:40 UTC (rev 298908) @@ -2561,8 +2561,8 @@ */ int phar_flush(phar_archive_data *phar, char *user_stub, long len, int convert, char **error TSRMLS_DC) /* {{{ */ { -/* static const char newstub[] = "<?php __HALT_COMPILER(); ?>\r\n"; */ - char *newstub; + char halt_stub[] = "__HALT_COMPILER();"; + char *newstub, *tmp; phar_entry_info *entry, *newentry; int halt_offset, restore_alias_len, global_flags = 0, closeoldfile; char *pos, has_dirs = 0; @@ -2663,8 +2663,9 @@ } else { free_user_stub = 0; } - if ((pos = strstr(user_stub, "__HALT_COMPILER();")) == NULL) - { + tmp = estrndup(user_stub, len); + if ((pos = php_stristr(tmp, halt_stub, len, sizeof(halt_stub) - 1)) == NULL) { + efree(tmp); if (closeoldfile) { php_stream_close(oldfile); } @@ -2677,6 +2678,8 @@ } return EOF; } + pos = user_stub + (pos - tmp); + efree(tmp); len = pos - user_stub + 18; if ((size_t)len != php_stream_write(newfile, user_stub, len) || 5 != php_stream_write(newfile, " ?>\r\n", 5)) { Modified: php/php-src/trunk/ext/phar/tar.c =================================================================== --- php/php-src/trunk/ext/phar/tar.c 2010-05-03 14:32:43 UTC (rev 298907) +++ php/php-src/trunk/ext/phar/tar.c 2010-05-03 14:41:40 UTC (rev 298908) @@ -911,7 +911,8 @@ php_stream *oldfile, *newfile, *stubfile; int closeoldfile, free_user_stub, signature_length; struct _phar_pass_tar_info pass; - char *buf, *signature, sigbuf[8]; + char *buf, *signature, *tmp, sigbuf[8]; + char halt_stub[] = "__HALT_COMPILER();"; entry.flags = PHAR_ENT_PERM_DEF_FILE; entry.timestamp = time(NULL); @@ -990,7 +991,9 @@ free_user_stub = 0; } - if ((pos = strstr(user_stub, "__HALT_COMPILER();")) == NULL) { + tmp = estrndup(user_stub, len); + if ((pos = php_stristr(tmp, halt_stub, len, sizeof(halt_stub) - 1)) == NULL) { + efree(tmp); if (error) { spprintf(error, 0, "illegal stub for tar-based phar \"%s\"", phar->fname); } @@ -999,6 +1002,8 @@ } return EOF; } + pos = user_stub + (pos - tmp); + efree(tmp); len = pos - user_stub + 18; entry.fp = php_stream_fopen_tmpfile(); Modified: php/php-src/trunk/ext/phar/zip.c =================================================================== --- php/php-src/trunk/ext/phar/zip.c 2010-05-03 14:32:43 UTC (rev 298907) +++ php/php-src/trunk/ext/phar/zip.c 2010-05-03 14:41:40 UTC (rev 298908) @@ -1167,6 +1167,9 @@ char *pos; smart_str main_metadata_str = {0}; static const char newstub[] = "<?php // zip-based phar archive stub file\n__HALT_COMPILER();"; + char halt_stub[] = "__HALT_COMPILER();"; + char *tmp; + php_stream *stubfile, *oldfile; php_serialize_data_t metadata_hash; int free_user_stub, closeoldfile = 0; @@ -1261,8 +1264,9 @@ free_user_stub = 0; } - if ((pos = strstr(user_stub, "__HALT_COMPILER();")) == NULL) - { + tmp = estrndup(user_stub, len); + if ((pos = php_stristr(tmp, halt_stub, len, sizeof(halt_stub) - 1)) == NULL) { + efree(tmp); if (error) { spprintf(error, 0, "illegal stub for zip-based phar \"%s\"", phar->fname); } @@ -1271,6 +1275,8 @@ } return EOF; } + pos = user_stub + (pos - tmp); + efree(tmp); len = pos - user_stub + 18; entry.fp = php_stream_fopen_tmpfile();
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php