files bz2_alias.phar.zip

Greg Beaver Sat, 13 Sep 2008 23:31:44 -0700

cellog          Sun Sep 14 06:31:20 2008 UTC

  Added files:                 (Branch: PHP_5_3)
    /php-src/ext/phar/tests/zip/files   bz2_alias.phar.zip


  Modified files:              
    /php-src/ext/phar   phar_internal.h zip.c 
    /php-src/ext/phar/tests/zip bzip2.phpt 
  Log:
  increase code coverage, fix bzip2-compressed alias in zip
  
http://cvs.php.net/viewvc.cgi/php-src/ext/phar/phar_internal.h?r1=1.109.2.25&r2=1.109.2.26&diff_format=u
Index: php-src/ext/phar/phar_internal.h
diff -u php-src/ext/phar/phar_internal.h:1.109.2.25 
php-src/ext/phar/phar_internal.h:1.109.2.26
--- php-src/ext/phar/phar_internal.h:1.109.2.25 Sat Sep 13 22:30:55 2008
+++ php-src/ext/phar/phar_internal.h    Sun Sep 14 06:31:19 2008
@@ -17,7 +17,7 @@
   +----------------------------------------------------------------------+
 */
 
-/* $Id: phar_internal.h,v 1.109.2.25 2008/09/13 22:30:55 cellog Exp $ */
+/* $Id: phar_internal.h,v 1.109.2.26 2008/09/14 06:31:19 cellog Exp $ */
 
 #ifdef HAVE_CONFIG_H
 #include "config.h"
@@ -555,7 +555,7 @@
 static inline int phar_validate_alias(const char *alias, int alias_len) /* {{{ 
*/
 {
        return !(memchr(alias, '/', alias_len) || memchr(alias, '\\', 
alias_len) || memchr(alias, ':', alias_len) ||
-               memchr(alias, ';', alias_len));
+               memchr(alias, ';', alias_len) || memchr(alias, '\n', alias_len) 
|| memchr(alias, '\r', alias_len));
 }
 /* }}} */
 
http://cvs.php.net/viewvc.cgi/php-src/ext/phar/zip.c?r1=1.47.2.18&r2=1.47.2.19&diff_format=u
Index: php-src/ext/phar/zip.c
diff -u php-src/ext/phar/zip.c:1.47.2.18 php-src/ext/phar/zip.c:1.47.2.19
--- php-src/ext/phar/zip.c:1.47.2.18    Sun Aug 31 02:14:03 2008
+++ php-src/ext/phar/zip.c      Sun Sep 14 06:31:20 2008
@@ -465,10 +465,27 @@
                if (!actual_alias && entry.filename_len == 
sizeof(".phar/alias.txt")-1 && !strncmp(entry.filename, ".phar/alias.txt", 
sizeof(".phar/alias.txt")-1)) {
                        php_stream_filter *filter;
                        off_t saveloc;
+                       /* verify local file header */
+                       phar_zip_file_header local;
 
-                       /* archive alias found, seek to file contents, do not 
validate local header. Potentially risky, but not very. */
+                       /* archive alias found */
                        saveloc = php_stream_tell(fp);
-                       php_stream_seek(fp, PHAR_GET_32(zipentry.offset) + 
sizeof(phar_zip_file_header) + entry.filename_len + 
PHAR_GET_16(zipentry.extra_len), SEEK_SET);
+                       php_stream_seek(fp, PHAR_GET_32(zipentry.offset), 
SEEK_SET);
+
+                       if (sizeof(local) != php_stream_read(fp, (char *) 
&local, sizeof(local))) {
+                               PHAR_ZIP_FAIL("phar error: internal corruption 
of zip-based phar (cannot read local file header for alias)");
+                       }
+
+                       /* verify local header */
+                       if (entry.filename_len != 
PHAR_GET_16(local.filename_len) || entry.crc32 != PHAR_GET_32(local.crc32) || 
entry.uncompressed_filesize != PHAR_GET_32(local.uncompsize) || 
entry.compressed_filesize != PHAR_GET_32(local.compsize)) {
+                               PHAR_ZIP_FAIL("phar error: internal corruption 
of zip-based phar (local head of alias does not match central directory)");
+                       }
+
+                       /* construct actual offset to file start - local 
extra_len can be different from central extra_len */
+                       entry.offset = entry.offset_abs =
+                               sizeof(local) + entry.header_offset + 
PHAR_GET_16(local.filename_len) + PHAR_GET_16(local.extra_len);
+                       php_stream_seek(fp, entry.offset, SEEK_SET);
+
                        mydata->alias_len = entry.uncompressed_filesize;
 
                        if (entry.flags & PHAR_ENT_COMPRESSED_GZ) {
@@ -498,7 +515,6 @@
                                }
 
                                php_stream_filter_append(&fp->readfilters, 
filter);
-                               php_stream_filter_append(&fp->readfilters, 
filter);
 
                                if (!(entry.uncompressed_filesize = 
php_stream_copy_to_mem(fp, &actual_alias, entry.uncompressed_filesize, 0)) || 
!actual_alias) {
                                        pefree(entry.filename, 
entry.is_persistent);
http://cvs.php.net/viewvc.cgi/php-src/ext/phar/tests/zip/bzip2.phpt?r1=1.1.2.1&r2=1.1.2.2&diff_format=u
Index: php-src/ext/phar/tests/zip/bzip2.phpt
diff -u php-src/ext/phar/tests/zip/bzip2.phpt:1.1.2.1 
php-src/ext/phar/tests/zip/bzip2.phpt:1.1.2.2
--- php-src/ext/phar/tests/zip/bzip2.phpt:1.1.2.1       Thu Aug 21 05:17:28 2008
+++ php-src/ext/phar/tests/zip/bzip2.phpt       Sun Sep 14 06:31:20 2008
@@ -11,6 +11,8 @@
        foreach ($a as $entry => $file) {
                echo $file->getContent();
        }
+       $a = new Phar(dirname(__FILE__) . '/files/bz2_alias.phar.zip');
+       var_dump($a->getAlias());
 } catch (Exception $e) {
        echo $e->getMessage() . "\n";
 }
@@ -77,4 +79,5 @@
 $a->addFile('hi', null, 'hii', null, null, 'compress', 'compress', 11);
 $a->writeZip(dirname(__FILE__) . '/compress_unsupunknown.zip');
 ?>
+string(7) "hithere"
 ===DONE===

http://cvs.php.net/viewvc.cgi/php-src/ext/phar/tests/zip/files/bz2_alias.phar.zip?view=markup&rev=1.1
Index: php-src/ext/phar/tests/zip/files/bz2_alias.phar.zip
+++ php-src/ext/phar/tests/zip/files/bz2_alias.phar.zip



-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-CVS] cvs: php-src(PHP_5_3) /ext/phar phar_internal.h zip.c /ext/phar/tests/zip bzip2.phpt /ext/phar/tests/zip/files bz2_alias.phar.zip

Reply via email to