clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-22 02:17:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fixed bug #51690 (Phar::setStub looks for case-sensitive __HALT_COMPILER())

Browse Source
This commit is contained in:
Ilia Alshanetsky 2010-05-03 14:41:40 +00:00
parent cbe5199c42
commit 813e3cf14d
4 changed files with 24 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
NEWS
View File

@ -37,6 +37,8 @@ PHP NEWS
requests (Fixes CVE-2010-0397, bug #51288). (Raphael Geissert)
- Fixed 64-bit integer overflow in mhash_keygen_s2k(). (Clément LECIGNE, Stas)
- Fixed bug #51690 (Phar::setStub looks for case-sensitive
__HALT_COMPILER()). (Ilia)
- Fixed bug #51688 (ini per dir crashes when invalid document root are given).
(Pierre)
- Fixed bug #51671 (imagefill does not work correctly for small images).

11
ext/phar/phar.c
View File

@ -2563,8 +2563,8 @@ char *phar_create_default_stub(const char *index_php, const char *web_index, siz
*/
int phar_flush(phar_archive_data *phar, char *user_stub, long len, int convert, char **error TSRMLS_DC) /* {{{ */
{
/* static const char newstub[] = "<?php __HALT_COMPILER(); ?>\r\n"; */
char *newstub;
char halt_stub[] = "__HALT_COMPILER();";
char *newstub, *tmp;
phar_entry_info *entry, *newentry;
int halt_offset, restore_alias_len, global_flags = 0, closeoldfile;
char *pos, has_dirs = 0;
@ -2665,8 +2665,9 @@ int phar_flush(phar_archive_data *phar, char *user_stub, long len, int convert,
} else {
free_user_stub = 0;
}
if ((pos = strstr(user_stub, "__HALT_COMPILER();")) == NULL)
{
tmp = estrndup(user_stub, len);
if ((pos = php_stristr(tmp, halt_stub, len, sizeof(halt_stub) - 1)) == NULL) {
efree(tmp);
if (closeoldfile) {
php_stream_close(oldfile);
}
@ -2679,6 +2680,8 @@ int phar_flush(phar_archive_data *phar, char *user_stub, long len, int convert,
}
return EOF;
}
pos = user_stub + (pos - tmp);
efree(tmp);
len = pos - user_stub + 18;
if ((size_t)len != php_stream_write(newfile, user_stub, len)
|| 5 != php_stream_write(newfile, " ?>\r\n", 5)) {

9
ext/phar/tar.c
View File

@ -911,7 +911,8 @@ int phar_tar_flush(phar_archive_data *phar, char *user_stub, long len, int defau
php_stream *oldfile, *newfile, *stubfile;
int closeoldfile, free_user_stub, signature_length;
struct _phar_pass_tar_info pass;
char *buf, *signature, sigbuf[8];
char *buf, *signature, *tmp, sigbuf[8];
char halt_stub[] = "__HALT_COMPILER();";
entry.flags = PHAR_ENT_PERM_DEF_FILE;
entry.timestamp = time(NULL);
@ -990,7 +991,9 @@ int phar_tar_flush(phar_archive_data *phar, char *user_stub, long len, int defau
free_user_stub = 0;
}
if ((pos = strstr(user_stub, "__HALT_COMPILER();")) == NULL) {
tmp = estrndup(user_stub, len);
if ((pos = php_stristr(tmp, halt_stub, len, sizeof(halt_stub) - 1)) == NULL) {
efree(tmp);
if (error) {
spprintf(error, 0, "illegal stub for tar-based phar \"%s\"", phar->fname);
}
@ -999,6 +1002,8 @@ int phar_tar_flush(phar_archive_data *phar, char *user_stub, long len, int defau
}
return EOF;
}
pos = user_stub + (pos - tmp);
efree(tmp);
len = pos - user_stub + 18;
entry.fp = php_stream_fopen_tmpfile();

10
ext/phar/zip.c
View File

@ -1167,6 +1167,9 @@ int phar_zip_flush(phar_archive_data *phar, char *user_stub, long len, int defau
char *pos;
smart_str main_metadata_str = {0};
static const char newstub[] = "<?php // zip-based phar archive stub file\n__HALT_COMPILER();";
char halt_stub[] = "__HALT_COMPILER();";
char *tmp;
php_stream *stubfile, *oldfile;
php_serialize_data_t metadata_hash;
int free_user_stub, closeoldfile = 0;
@ -1261,8 +1264,9 @@ int phar_zip_flush(phar_archive_data *phar, char *user_stub, long len, int defau
free_user_stub = 0;
}
if ((pos = strstr(user_stub, "__HALT_COMPILER();")) == NULL)
{
tmp = estrndup(user_stub, len);
if ((pos = php_stristr(tmp, halt_stub, len, sizeof(halt_stub) - 1)) == NULL) {
efree(tmp);
if (error) {
spprintf(error, 0, "illegal stub for zip-based phar \"%s\"", phar->fname);
}
@ -1271,6 +1275,8 @@ int phar_zip_flush(phar_archive_data *phar, char *user_stub, long len, int defau
}
return EOF;
}
pos = user_stub + (pos - tmp);
efree(tmp);
len = pos - user_stub + 18;
entry.fp = php_stream_fopen_tmpfile();