stas                                     Sat, 19 Nov 2011 04:59:56 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=319538

Log:
fix bug #60164 (Stubs of a specific length break phar_open_from_fp scanning for 
__HALT_COMPILER)

Bug: https://bugs.php.net/60164 (Feedback) Stubs of a specific length break 
phar_open_from_fp scanning for __HALT_COMPILER
      
Changed paths:
    U   php/php-src/branches/PHP_5_3/NEWS
    U   php/php-src/branches/PHP_5_3/ext/phar/phar.c
    A   php/php-src/branches/PHP_5_3/ext/phar/tests/bug60164.phpt
    A   php/php-src/branches/PHP_5_3/ext/phar/tests/files/stuboflength1041.phar
    A   
php/php-src/branches/PHP_5_3/ext/phar/tests/files/stuboflength1041.phar.inc
    U   php/php-src/branches/PHP_5_4/ext/phar/phar.c
    A   php/php-src/branches/PHP_5_4/ext/phar/tests/bug60164.phpt
    A   php/php-src/branches/PHP_5_4/ext/phar/tests/files/stuboflength1041.phar
    A   
php/php-src/branches/PHP_5_4/ext/phar/tests/files/stuboflength1041.phar.inc
    U   php/php-src/trunk/ext/phar/phar.c
    A   php/php-src/trunk/ext/phar/tests/bug60164.phpt
    A   php/php-src/trunk/ext/phar/tests/files/stuboflength1041.phar
    A   php/php-src/trunk/ext/phar/tests/files/stuboflength1041.phar.inc

Modified: php/php-src/branches/PHP_5_3/NEWS
===================================================================
--- php/php-src/branches/PHP_5_3/NEWS	2011-11-19 04:52:06 UTC (rev 319537)
+++ php/php-src/branches/PHP_5_3/NEWS	2011-11-19 04:59:56 UTC (rev 319538)
@@ -42,6 +42,8 @@

 - Phar:
   . Fixed bug #60261 (NULL pointer dereference in phar). (Felipe)
+  . Fixed bug #60164 (Stubs of a specific length break phar_open_from_fp
+    scanning for __HALT_COMPILER). (Ralph Schindler)

 - Postgres:
   . Fixed bug #60244 (pg_fetch_* functions do not validate that row param

Modified: php/php-src/branches/PHP_5_3/ext/phar/phar.c
===================================================================
--- php/php-src/branches/PHP_5_3/ext/phar/phar.c	2011-11-19 04:52:06 UTC (rev 319537)
+++ php/php-src/branches/PHP_5_3/ext/phar/phar.c	2011-11-19 04:59:56 UTC (rev 319538)
@@ -1569,7 +1569,9 @@
 	const char zip_magic[] = "PK\x03\x04";
 	const char gz_magic[] = "\x1f\x8b\x08";
 	const char bz_magic[] = "BZh";
-	char *pos, buffer[1024 + sizeof(token)], test = '\0';
+	char *pos, test = '\0';
+	const int window_size = 1024;
+	char buffer[window_size + sizeof(token)]; /* a 1024 byte window + the size of the halt_compiler token (moving window) */
 	const long readsize = sizeof(buffer) - sizeof(token);
 	const long tokenlen = sizeof(token) - 1;
 	long halt_offset;
@@ -1717,7 +1719,7 @@
 		}

 		halt_offset += got;
-		memmove(buffer, buffer + tokenlen, got + 1);
+		memmove(buffer, buffer + window_size, tokenlen); /* move the memory buffer by the size of the window */
 	}

 	MAPPHAR_ALLOC_FAIL("internal corruption of phar \"%s\" (__HALT_COMPILER(); not found)")

Added: php/php-src/branches/PHP_5_3/ext/phar/tests/bug60164.phpt
===================================================================
--- php/php-src/branches/PHP_5_3/ext/phar/tests/bug60164.phpt	                        (rev 0)
+++ php/php-src/branches/PHP_5_3/ext/phar/tests/bug60164.phpt	2011-11-19 04:59:56 UTC (rev 319538)
@@ -0,0 +1,21 @@
+--TEST--
+Phar: verify stub of specific length does not break __HALT_COMPILER(); scanning in php
+--SKIPIF--
+<?php
+if (!extension_loaded("phar")) die("skip");
+?>
+--INI--
+phar.require_hash=0
+phar.readonly=0
+--FILE--
+<?php
+$phar = __DIR__ . '/files/stuboflength1041.phar';
+foreach (new RecursiveIteratorIterator(new Phar($phar, null, 'stuboflength1041.phar')) as $item) {
+    var_dump($item->getFileName());
+}
+?>
+===DONE===
+--EXPECT--
+string(5) "a.php"
+string(5) "b.php"
+===DONE===
\ No newline at end of file

Added: php/php-src/branches/PHP_5_3/ext/phar/tests/files/stuboflength1041.phar
===================================================================
--- php/php-src/branches/PHP_5_3/ext/phar/tests/files/stuboflength1041.phar	                        (rev 0)
+++ php/php-src/branches/PHP_5_3/ext/phar/tests/files/stuboflength1041.phar	2011-11-19 04:59:56 UTC (rev 319538)
@@ -0,0 +1,14 @@
+<?php
+/***stub of length 1041 including the halt compiler*********************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+*********************************************/
+__HALT_COMPILER(); ?>
+Ta.phpN^d\b.phpNmŶhi1hi2,'e:İ7GBMB
\ No newline at end of file

Added: php/php-src/branches/PHP_5_3/ext/phar/tests/files/stuboflength1041.phar.inc
===================================================================
--- php/php-src/branches/PHP_5_3/ext/phar/tests/files/stuboflength1041.phar.inc	                        (rev 0)
+++ php/php-src/branches/PHP_5_3/ext/phar/tests/files/stuboflength1041.phar.inc	2011-11-19 04:59:56 UTC (rev 319538)
@@ -0,0 +1,42 @@
+<?php
+
+@unlink(__DIR__ . '/stuboflength1041.phar');
+
+$phar = new Phar('./stuboflength1041.phar');
+$phar['a.php'] = 'hi1';
+$phar['b.php'] = 'hi2';
+
+$phar->setStub('<?php
+/***stub of length 1041 including the halt compiler*********************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+*********************************************/
+__HALT_COMPILER();');
+<?php
+
+@unlink(__DIR__ . '/stuboflength1041.phar');
+
+$phar = new Phar('./stuboflength1041.phar');
+$phar['a.php'] = 'hi1';
+$phar['b.php'] = 'hi2';
+
+$phar->setStub('<?php
+/***stub of length 1041 including the halt compiler*********************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+*********************************************/
+__HALT_COMPILER();');
\ No newline at end of file

Modified: php/php-src/branches/PHP_5_4/ext/phar/phar.c
===================================================================
--- php/php-src/branches/PHP_5_4/ext/phar/phar.c	2011-11-19 04:52:06 UTC (rev 319537)
+++ php/php-src/branches/PHP_5_4/ext/phar/phar.c	2011-11-19 04:59:56 UTC (rev 319538)
@@ -1569,7 +1569,9 @@
 	const char zip_magic[] = "PK\x03\x04";
 	const char gz_magic[] = "\x1f\x8b\x08";
 	const char bz_magic[] = "BZh";
-	char *pos, buffer[1024 + sizeof(token)], test = '\0';
+	char *pos, test = '\0';
+	const int window_size = 1024;
+	char buffer[window_size + sizeof(token)]; /* a 1024 byte window + the size of the halt_compiler token (moving window) */
 	const long readsize = sizeof(buffer) - sizeof(token);
 	const long tokenlen = sizeof(token) - 1;
 	long halt_offset;
@@ -1717,7 +1719,7 @@
 		}

 		halt_offset += got;
-		memmove(buffer, buffer + tokenlen, got + 1);
+		memmove(buffer, buffer + window_size, tokenlen); /* move the memory buffer by the size of the window */
 	}

 	MAPPHAR_ALLOC_FAIL("internal corruption of phar \"%s\" (__HALT_COMPILER(); not found)")

Added: php/php-src/branches/PHP_5_4/ext/phar/tests/bug60164.phpt
===================================================================
--- php/php-src/branches/PHP_5_4/ext/phar/tests/bug60164.phpt	                        (rev 0)
+++ php/php-src/branches/PHP_5_4/ext/phar/tests/bug60164.phpt	2011-11-19 04:59:56 UTC (rev 319538)
@@ -0,0 +1,21 @@
+--TEST--
+Phar: verify stub of specific length does not break __HALT_COMPILER(); scanning in php
+--SKIPIF--
+<?php
+if (!extension_loaded("phar")) die("skip");
+?>
+--INI--
+phar.require_hash=0
+phar.readonly=0
+--FILE--
+<?php
+$phar = __DIR__ . '/files/stuboflength1041.phar';
+foreach (new RecursiveIteratorIterator(new Phar($phar, null, 'stuboflength1041.phar')) as $item) {
+    var_dump($item->getFileName());
+}
+?>
+===DONE===
+--EXPECT--
+string(5) "a.php"
+string(5) "b.php"
+===DONE===
\ No newline at end of file

Added: php/php-src/branches/PHP_5_4/ext/phar/tests/files/stuboflength1041.phar
===================================================================
--- php/php-src/branches/PHP_5_4/ext/phar/tests/files/stuboflength1041.phar	                        (rev 0)
+++ php/php-src/branches/PHP_5_4/ext/phar/tests/files/stuboflength1041.phar	2011-11-19 04:59:56 UTC (rev 319538)
@@ -0,0 +1,14 @@
+<?php
+/***stub of length 1041 including the halt compiler*********************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+*********************************************/
+__HALT_COMPILER(); ?>
+Ta.phpN^d\b.phpNmŶhi1hi2,'e:İ7GBMB
\ No newline at end of file

Added: php/php-src/branches/PHP_5_4/ext/phar/tests/files/stuboflength1041.phar.inc
===================================================================
--- php/php-src/branches/PHP_5_4/ext/phar/tests/files/stuboflength1041.phar.inc	                        (rev 0)
+++ php/php-src/branches/PHP_5_4/ext/phar/tests/files/stuboflength1041.phar.inc	2011-11-19 04:59:56 UTC (rev 319538)
@@ -0,0 +1,21 @@
+<?php
+
+@unlink(__DIR__ . '/stuboflength1041.phar');
+
+$phar = new Phar('./stuboflength1041.phar');
+$phar['a.php'] = 'hi1';
+$phar['b.php'] = 'hi2';
+
+$phar->setStub('<?php
+/***stub of length 1041 including the halt compiler*********************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+*********************************************/
+__HALT_COMPILER();');
\ No newline at end of file

Modified: php/php-src/trunk/ext/phar/phar.c
===================================================================
--- php/php-src/trunk/ext/phar/phar.c	2011-11-19 04:52:06 UTC (rev 319537)
+++ php/php-src/trunk/ext/phar/phar.c	2011-11-19 04:59:56 UTC (rev 319538)
@@ -1569,7 +1569,9 @@
 	const char zip_magic[] = "PK\x03\x04";
 	const char gz_magic[] = "\x1f\x8b\x08";
 	const char bz_magic[] = "BZh";
-	char *pos, buffer[1024 + sizeof(token)], test = '\0';
+	char *pos, test = '\0';
+	const int window_size = 1024;
+	char buffer[window_size + sizeof(token)]; /* a 1024 byte window + the size of the halt_compiler token (moving window) */
 	const long readsize = sizeof(buffer) - sizeof(token);
 	const long tokenlen = sizeof(token) - 1;
 	long halt_offset;
@@ -1717,7 +1719,7 @@
 		}

 		halt_offset += got;
-		memmove(buffer, buffer + tokenlen, got + 1);
+		memmove(buffer, buffer + window_size, tokenlen); /* move the memory buffer by the size of the window */
 	}

 	MAPPHAR_ALLOC_FAIL("internal corruption of phar \"%s\" (__HALT_COMPILER(); not found)")

Added: php/php-src/trunk/ext/phar/tests/bug60164.phpt
===================================================================
--- php/php-src/trunk/ext/phar/tests/bug60164.phpt	                        (rev 0)
+++ php/php-src/trunk/ext/phar/tests/bug60164.phpt	2011-11-19 04:59:56 UTC (rev 319538)
@@ -0,0 +1,21 @@
+--TEST--
+Phar: verify stub of specific length does not break __HALT_COMPILER(); scanning in php
+--SKIPIF--
+<?php
+if (!extension_loaded("phar")) die("skip");
+?>
+--INI--
+phar.require_hash=0
+phar.readonly=0
+--FILE--
+<?php
+$phar = __DIR__ . '/files/stuboflength1041.phar';
+foreach (new RecursiveIteratorIterator(new Phar($phar, null, 'stuboflength1041.phar')) as $item) {
+    var_dump($item->getFileName());
+}
+?>
+===DONE===
+--EXPECT--
+string(5) "a.php"
+string(5) "b.php"
+===DONE===
\ No newline at end of file

Added: php/php-src/trunk/ext/phar/tests/files/stuboflength1041.phar
===================================================================
--- php/php-src/trunk/ext/phar/tests/files/stuboflength1041.phar	                        (rev 0)
+++ php/php-src/trunk/ext/phar/tests/files/stuboflength1041.phar	2011-11-19 04:59:56 UTC (rev 319538)
@@ -0,0 +1,14 @@
+<?php
+/***stub of length 1041 including the halt compiler*********************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+*********************************************/
+__HALT_COMPILER(); ?>
+Ta.phpN^d\b.phpNmŶhi1hi2,'e:İ7GBMB
\ No newline at end of file

Added: php/php-src/trunk/ext/phar/tests/files/stuboflength1041.phar.inc
===================================================================
--- php/php-src/trunk/ext/phar/tests/files/stuboflength1041.phar.inc	                        (rev 0)
+++ php/php-src/trunk/ext/phar/tests/files/stuboflength1041.phar.inc	2011-11-19 04:59:56 UTC (rev 319538)
@@ -0,0 +1,21 @@
+<?php
+
+@unlink(__DIR__ . '/stuboflength1041.phar');
+
+$phar = new Phar('./stuboflength1041.phar');
+$phar['a.php'] = 'hi1';
+$phar['b.php'] = 'hi2';
+
+$phar->setStub('<?php
+/***stub of length 1041 including the halt compiler*********************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+*********************************************/
+__HALT_COMPILER();');
\ No newline at end of file
-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to