cellog Wed Jun 24 22:19:47 2009 UTC
Added files:
/php-src/ext/phar/tests/tar tar_openssl_hash.phpt
/php-src/ext/phar/tests/tar/files P1-1.0.0.tgz P1-1.0.0.tgz.pubkey
Modified files:
/php-src/ext/phar tar.c
/php-src/ext/phar/phar pharcommand.inc
Log:
fix Bug #48681: openssl signature verification for tar archives broken in
ext/phar, merge small fixes to phar.phar generation from PHP_5_3
http://cvs.php.net/viewvc.cgi/php-src/ext/phar/tar.c?r1=1.69&r2=1.70&diff_format=u
Index: php-src/ext/phar/tar.c
diff -u php-src/ext/phar/tar.c:1.69 php-src/ext/phar/tar.c:1.70
--- php-src/ext/phar/tar.c:1.69 Thu Jun 4 20:00:01 2009
+++ php-src/ext/phar/tar.c Wed Jun 24 22:19:46 2009
@@ -255,6 +255,8 @@
phar_tar_number(hdr->size, sizeof(hdr->size));
if (((!old && hdr->prefix[0] == 0) || old) && strlen(hdr->name)
== sizeof(".phar/signature.bin")-1 && !strncmp(hdr->name,
".phar/signature.bin", sizeof(".phar/signature.bin")-1)) {
+ off_t curloc;
+
if (size > 511) {
if (error) {
spprintf(error, 4096, "phar error:
tar-based phar \"%s\" has signature that is larger than 511 bytes, cannot
process", fname);
@@ -264,6 +266,7 @@
phar_destroy_phar_data(myphar TSRMLS_CC);
return FAILURE;
}
+ curloc = php_stream_tell(fp);
read = php_stream_read(fp, buf, size);
if (read != size) {
if (error) {
@@ -280,7 +283,7 @@
#else
# define PHAR_GET_32(buffer) (php_uint32) *(buffer)
#endif
- if (FAILURE == phar_verify_signature(fp,
php_stream_tell(fp) - size - 512, PHAR_GET_32(buf), buf + 8, PHAR_GET_32(buf +
4), fname, &myphar->signature, &myphar->sig_len, error TSRMLS_CC)) {
+ if (FAILURE == phar_verify_signature(fp,
php_stream_tell(fp) - size - 512, PHAR_GET_32(buf), buf + 8, size - 8, fname,
&myphar->signature, &myphar->sig_len, error TSRMLS_CC)) {
if (error) {
char *save = *error;
spprintf(error, 4096, "phar error:
tar-based phar \"%s\" signature cannot be verified: %s", fname, save);
@@ -288,11 +291,11 @@
}
goto bail;
}
+ php_stream_seek(fp, curloc + 512, SEEK_SET);
/* signature checked out, let's ensure this is the last
file in the phar */
- size = ((size+511)&~511) + 512;
if (((hdr->typeflag == '\0') || (hdr->typeflag ==
TAR_FILE)) && size > 0) {
/* this is not good enough - seek succeeds even
on truncated tars */
- php_stream_seek(fp, size, SEEK_CUR);
+ php_stream_seek(fp, 512, SEEK_CUR);
if ((uint)php_stream_tell(fp) > totalsize) {
if (error) {
spprintf(error, 4096, "phar
error: \"%s\" is a corrupted tar file (truncated)", fname);
http://cvs.php.net/viewvc.cgi/php-src/ext/phar/phar/pharcommand.inc?r1=1.54&r2=1.55&diff_format=u
Index: php-src/ext/phar/phar/pharcommand.inc
diff -u php-src/ext/phar/phar/pharcommand.inc:1.54
php-src/ext/phar/phar/pharcommand.inc:1.55
--- php-src/ext/phar/phar/pharcommand.inc:1.54 Thu Jun 4 12:21:59 2009
+++ php-src/ext/phar/phar/pharcommand.inc Wed Jun 24 22:19:47 2009
@@ -210,16 +210,28 @@
*/
static function cli_arg_typ_loader($arg, $cfg, $key)
{
- if (($arg == '0' || $arg == '1') && !file_exists($arg)) {
+ if (($arg == '0' || $arg == '1') && !file_exists($arg) &&
substr(PHP_OS, 0, 3) != 'WIN') {
$found = NULL;
- $apiver = `pear -q info PHP_Archive 2>/dev/null|grep
'API Version'`;
- $apiver = trim(substr($apiver, strlen('API Version')));
+ $apiver = false;
+ $path = explode(PATH_SEPARATOR, $_ENV['PATH']);
+ $pear = false;
+ foreach ($path as $component) {
+ if (file_exists($component .
DIRECTORY_SEPARATOR . 'pear')
+ && is_executable($component .
DIRECTORY_SEPARATOR . 'pear'))) {
+ $pear = true;
+ break;
+ }
+ }
+ if ($pear) {
+ $apiver = `pear -q info PHP_Archive
2>/dev/null|grep 'API Version'`;
+ $apiver = trim(substr($apiver, strlen('API
Version')));
+ }
if ($apiver) {
- self::notice("Pear package PHP_Archive: API
Version: $apiver.\n");
+ self::notice("PEAR package PHP_Archive: API
Version: $apiver.\n");
$files = explode("\n", `pear list-files
PHP_Archive`);
$phpdir = `pear config-get php_dir 2>/dev/null`;
$phpdir = trim($phpdir);
- self::notice("Pear package PHP_Archive:
$phpdir.\n");
+ self::notice("PEAR package PHP_Archive:
$phpdir.\n");
if (is_dir($phpdir)) {
foreach($files as $ent) {
$matches = NULL;
@@ -234,13 +246,13 @@
}
}
} else {
- self::notice("Pear package PHP_Archive:
corrupt or inaccessible base dir: $php_dir.\n");
+ self::notice("PEAR package PHP_Archive:
corrupt or inaccessible base dir: $php_dir.\n");
}
}
if (isset($found)) {
- self::notice("Pear package PHP_Archive:
$found.\n");
+ self::notice("PEAR package PHP_Archive:
$found.\n");
} else {
- $msg = "Pear package PHP_Archive or Archive.php
class file not found.\n";
+ $msg = "PEAR package PHP_Archive not installed:
generated phar will require PHP's phar extension be enabled.\n";
if ($arg == '0') {
self::notice($msg);
} else {
@@ -1554,7 +1566,7 @@
$use_ext = extension_loaded('phar');
$version = array(
'PHP Version' => phpversion(),
- 'phar.phar version' => '$Revision: 1.54 $',
+ 'phar.phar version' => '$Revision: 1.55 $',
'Phar EXT version' => $use_ext ? phpversion('phar') :
'Not available',
'Phar API version' => Phar::apiVersion(),
'Phar-based phar archives' => true,
http://cvs.php.net/viewvc.cgi/php-src/ext/phar/tests/tar/tar_openssl_hash.phpt?view=markup&rev=1.1
Index: php-src/ext/phar/tests/tar/tar_openssl_hash.phpt
+++ php-src/ext/phar/tests/tar/tar_openssl_hash.phpt
--TEST--
Phar: tar archive, require_hash=1, OpenSSL hash
--SKIPIF--
<?php if (!extension_loaded('phar')) die('skip'); ?>
<?php if (!extension_loaded("spl")) die("skip SPL not available"); ?>
<?php if (!extension_loaded("zlib")) die("skip zlib not available"); ?>
<?php if (!extension_loaded("openssl")) die("skip openssl not available"); ?>
--INI--
phar.readonly=1
phar.require_hash=1
--FILE--
<?php
try {
$phar = new PharData(dirname(__FILE__) . '/files/P1-1.0.0.tgz');
} catch (Exception $e) {
echo $e->getMessage()."\n";
}
?>
===DONE===
--EXPECT--
===DONE===
http://cvs.php.net/viewvc.cgi/php-src/ext/phar/tests/tar/files/P1-1.0.0.tgz.pubkey?view=markup&rev=1.1
Index: php-src/ext/phar/tests/tar/files/P1-1.0.0.tgz.pubkey
+++ php-src/ext/phar/tests/tar/files/P1-1.0.0.tgz.pubkey
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4drcwddPs6LmIbdT1ifT
Ev8HXh1Fk1yNusCDoCX6mYkgqvCmx02F/9k5q7n6CPblTcF5mdDI8kcRrUHmyXtD
9X0d7RN7BakZMPH5KPaNkXiXsI9YGSb39AnZgYw01n6u0W6Ohha+KwOsrxkKCF4u
LjPLQAlM+3uD8y9Tz2fF+pAE901kHrd3ue7a5i5EtW0bzl5QfxnwFZXAO0StQ9dF
slzibRH+1pFjMRxDnlgYmLQF6jMWm9Ty6x9UH9HZ3E3F9QZEQVXWT9y/pe30HcAX
YxAGZjPIx19UNPF5C+Nps6MjxNRht0pGXTL9sptYoiNjRiXAS0y4FM+8K6xvBIOF
ZQIDAQAB
-----END PUBLIC KEY-----
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
