Merge branch 'PHP-8.2' into PHP-8.3

nielsdos · nielsdos · commit 58f4b45bcac3 · 2024-11-09T17:08:19.000+01:00
* PHP-8.2: Fix phpGH-16695: phar:// tar parser and zero-length file header blocks
diff --git a/NEWS b/NEWS
@@ -19,6 +19,10 @@ PHP                                                                        NEWS
 - PDO:
   . Fixed memory leak of `setFetchMode()`. (SakiTakamachi)
 
+- Phar:
+  . Fixed bug GH-16695 (phar:// tar parser and zero-length file header blocks).
+    (nielsdos)
+
 - SOAP:
   . Fix make check being invoked in ext/soap. (Ma27)
 
diff --git a/ext/phar/phar.c b/ext/phar/phar.c
@@ -1774,7 +1774,7 @@ static int phar_open_from_fp(php_stream* fp, char *fname, size_t fname_len, char
 				return phar_parse_zipfile(fp, fname, fname_len, alias, alias_len, pphar, error);
 			}
 
-			if (got > 512) {
+			if (got >= 512) {
 				if (phar_is_tar(pos, fname)) {
 					php_stream_rewind(fp);
 					return phar_parse_tarfile(fp, fname, fname_len, alias, alias_len, pphar, is_data, compression, error);
diff --git a/ext/phar/tar.c b/ext/phar/tar.c
@@ -247,9 +247,8 @@ int phar_parse_tarfile(php_stream* fp, char *fname, size_t fname_len, char *alia
 	entry.is_tar = 1;
 	entry.is_crc_checked = 1;
 	entry.phar = myphar;
-	pos += sizeof(buf);
 
-	do {
+	while (true) {
 		phar_entry_info *newentry;
 
 		pos = php_stream_tell(fp);
@@ -590,6 +589,11 @@ int phar_parse_tarfile(php_stream* fp, char *fname, size_t fname_len, char *alia
 			}
 		}
 
+		/* Only read next header if we're not yet at the end */
+		if (php_stream_tell(fp) == totalsize) {
+			break;
+		}
+
 		read = php_stream_read(fp, buf, sizeof(buf));
 
 		if (read != sizeof(buf)) {
@@ -600,7 +604,7 @@ int phar_parse_tarfile(php_stream* fp, char *fname, size_t fname_len, char *alia
 			phar_destroy_phar_data(myphar);
 			return FAILURE;
 		}
-	} while (!php_stream_eof(fp));
+	}
 
 	if (zend_hash_str_exists(&(myphar->manifest), ".phar/stub.php", sizeof(".phar/stub.php")-1)) {
 		myphar->is_data = 0;
diff --git a/ext/phar/tests/tar/gh16695_1.phpt b/ext/phar/tests/tar/gh16695_1.phpt
@@ -0,0 +1,28 @@
+--TEST--
+GH-16695 (phar:// tar parser and zero-length file header blocks)
+--CREDITS--
+hakre
+--EXTENSIONS--
+phar
+--INI--
+phar.require_hash=0
+--FILE--
+<?php
+
+$reportTar = __DIR__.'/gh16695_1.tmp';
+
+$length = file_put_contents($reportTar, base64_decode('dGxzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAwMDA3MDAAMDAwMDAwMAAwMDAwMDAwADAwMDAwMDAwMDAwADAwMDAwMDAwMDAwADAwNzcxNgAgNQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB1c3RhcgAwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMDAwMDAwADAwMDAwMDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA='));
+var_dump($length);
+$buffer = file_get_contents("phar://$reportTar/tls");
+var_dump($buffer);
+
+?>
+--CLEAN--
+<?php
+@unlink(__DIR__.'/gh16695_1.tmp');
+?>
+--EXPECTF--
+int(512)
+
+Warning: file_get_contents(%stls): Failed to open stream: phar error: path "tls" is a directory in %s on line %d
+bool(false)
diff --git a/ext/phar/tests/tar/gh16695_2.phpt b/ext/phar/tests/tar/gh16695_2.phpt
@@ -0,0 +1,26 @@
+--TEST--
+GH-16695 (phar:// tar parser and zero-length file header blocks)
+--CREDITS--
+hakre
+--EXTENSIONS--
+phar
+--INI--
+phar.require_hash=0
+--FILE--
+<?php
+
+$reportTar = __DIR__.'/gh16695_2.tmp';
+
+$length = file_put_contents($reportTar, base64_decode('bWV0YS5qc29uAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAwMDA2NDQAMDAwMDAwMAAwMDAwMDAwADAwMDAwMDAwMTcyADAwMDAwMDAwMDAwADAxMTAyNgAgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB1c3RhcgAwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMDAwMDAwADAwMDAwMDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB7Ik5hbWUiOiJkZWZhdWx0IiwiTWV0YWRhdGEiOnt9LCJFbmRwb2ludHMiOnsiZG9ja2VyIjp7Ikhvc3QiOiJ1bml4Oi8vL3J1bi91c2VyLzEwMDAvZG9ja2VyLnNvY2siLCJTa2lwVExTVmVyaWZ5IjpmYWxzZX19fQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=='));
+var_dump($length);
+$buffer = file_get_contents("phar://$reportTar/meta.json");
+var_dump($buffer);
+
+?>
+--CLEAN--
+<?php
+@unlink(__DIR__.'/gh16695_2.tmp');
+?>
+--EXPECT--
+int(1024)
+string(122) "{"Name":"default","Metadata":{},"Endpoints":{"docker":{"Host":"unix:///run/user/1000/docker.sock","SkipTLSVerify":false}}}"
diff --git a/ext/phar/tests/tar/gh16695_3.phpt b/ext/phar/tests/tar/gh16695_3.phpt
@@ -0,0 +1,26 @@
+--TEST--
+GH-16695 (phar:// tar parser and zero-length file header blocks)
+--CREDITS--
+hakre
+--EXTENSIONS--
+phar
+--INI--
+phar.require_hash=0
+--FILE--
+<?php
+
+$reportTar = __DIR__.'/gh16695_3.tmp';
+
+$length = file_put_contents($reportTar, base64_decode('dGxzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAwMDA3MDAAMDAwMDAwMAAwMDAwMDAwADAwMDAwMDAwMDAwADAwMDAwMDAwMDAwADAwNzcxMQAgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB1c3RhcgAwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMDAwMDAwADAwMDAwMDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA='));
+var_dump($length);
+$buffer = file_get_contents("phar://$reportTar/tls");
+var_dump($buffer);
+
+?>
+--CLEAN--
+<?php
+@unlink(__DIR__.'/gh16695_3.tmp');
+?>
+--EXPECT--
+int(512)
+string(0) ""

Original file line number	Diff line number	Diff line change
`@@ -1774,7 +1774,7 @@ static int phar_open_from_fp(php_stream* fp, char *fname, size_t fname_len, char`
`1774`	`1774`	`return phar_parse_zipfile(fp, fname, fname_len, alias, alias_len, pphar, error);`
`1775`	`1775`	`}`
`1776`	`1776`
`1777`		`- if (got > 512) {`
	`1777`	`+ if (got >= 512) {`
`1778`	`1778`	`if (phar_is_tar(pos, fname)) {`
`1779`	`1779`	`php_stream_rewind(fp);`
`1780`	`1780`	`return phar_parse_tarfile(fp, fname, fname_len, alias, alias_len, pphar, is_data, compression, error);`