diff options
| author | Ilia Alshanetsky <iliaa@php.net> | 2010-05-03 14:41:40 +0000 |
|---|---|---|
| committer | Ilia Alshanetsky <iliaa@php.net> | 2010-05-03 14:41:40 +0000 |
| commit | 813e3cf14d199efa99eedebb5d4b1f792bab6df7 (patch) | |
| tree | 33ded63e0afa3ef66ebeedeb1c32859870639435 | |
| parent | cbe5199c429818ca2b487c24c17a2a8977684a6e (diff) | |
| download | php-git-813e3cf14d199efa99eedebb5d4b1f792bab6df7.tar.gz | |
Fixed bug #51690 (Phar::setStub looks for case-sensitive __HALT_COMPILER())
| -rw-r--r-- | NEWS | 2 | ||||
| -rw-r--r-- | ext/phar/phar.c | 11 | ||||
| -rw-r--r-- | ext/phar/tar.c | 9 | ||||
| -rw-r--r-- | ext/phar/zip.c | 10 |
4 files changed, 24 insertions, 8 deletions
@@ -37,6 +37,8 @@ PHP NEWS requests (Fixes CVE-2010-0397, bug #51288). (Raphael Geissert) - Fixed 64-bit integer overflow in mhash_keygen_s2k(). (Clément LECIGNE, Stas) +- Fixed bug #51690 (Phar::setStub looks for case-sensitive + __HALT_COMPILER()). (Ilia) - Fixed bug #51688 (ini per dir crashes when invalid document root are given). (Pierre) - Fixed bug #51671 (imagefill does not work correctly for small images). diff --git a/ext/phar/phar.c b/ext/phar/phar.c index c0b994cd9e..f255537fa7 100644 --- a/ext/phar/phar.c +++ b/ext/phar/phar.c @@ -2563,8 +2563,8 @@ char *phar_create_default_stub(const char *index_php, const char *web_index, siz */ int phar_flush(phar_archive_data *phar, char *user_stub, long len, int convert, char **error TSRMLS_DC) /* {{{ */ { -/* static const char newstub[] = "<?php __HALT_COMPILER(); ?>\r\n"; */ - char *newstub; + char halt_stub[] = "__HALT_COMPILER();"; + char *newstub, *tmp; phar_entry_info *entry, *newentry; int halt_offset, restore_alias_len, global_flags = 0, closeoldfile; char *pos, has_dirs = 0; @@ -2665,8 +2665,9 @@ int phar_flush(phar_archive_data *phar, char *user_stub, long len, int convert, } else { free_user_stub = 0; } - if ((pos = strstr(user_stub, "__HALT_COMPILER();")) == NULL) - { + tmp = estrndup(user_stub, len); + if ((pos = php_stristr(tmp, halt_stub, len, sizeof(halt_stub) - 1)) == NULL) { + efree(tmp); if (closeoldfile) { php_stream_close(oldfile); } @@ -2679,6 +2680,8 @@ int phar_flush(phar_archive_data *phar, char *user_stub, long len, int convert, } return EOF; } + pos = user_stub + (pos - tmp); + efree(tmp); len = pos - user_stub + 18; if ((size_t)len != php_stream_write(newfile, user_stub, len) || 5 != php_stream_write(newfile, " ?>\r\n", 5)) { diff --git a/ext/phar/tar.c b/ext/phar/tar.c index 53255b1d2d..a0b6f511f4 100644 --- a/ext/phar/tar.c +++ b/ext/phar/tar.c @@ -911,7 +911,8 @@ int phar_tar_flush(phar_archive_data *phar, char *user_stub, long len, int defau php_stream *oldfile, *newfile, *stubfile; int closeoldfile, free_user_stub, signature_length; struct _phar_pass_tar_info pass; - char *buf, *signature, sigbuf[8]; + char *buf, *signature, *tmp, sigbuf[8]; + char halt_stub[] = "__HALT_COMPILER();"; entry.flags = PHAR_ENT_PERM_DEF_FILE; entry.timestamp = time(NULL); @@ -990,7 +991,9 @@ int phar_tar_flush(phar_archive_data *phar, char *user_stub, long len, int defau free_user_stub = 0; } - if ((pos = strstr(user_stub, "__HALT_COMPILER();")) == NULL) { + tmp = estrndup(user_stub, len); + if ((pos = php_stristr(tmp, halt_stub, len, sizeof(halt_stub) - 1)) == NULL) { + efree(tmp); if (error) { spprintf(error, 0, "illegal stub for tar-based phar \"%s\"", phar->fname); } @@ -999,6 +1002,8 @@ int phar_tar_flush(phar_archive_data *phar, char *user_stub, long len, int defau } return EOF; } + pos = user_stub + (pos - tmp); + efree(tmp); len = pos - user_stub + 18; entry.fp = php_stream_fopen_tmpfile(); diff --git a/ext/phar/zip.c b/ext/phar/zip.c index 383561ab87..eb64dea047 100644 --- a/ext/phar/zip.c +++ b/ext/phar/zip.c @@ -1167,6 +1167,9 @@ int phar_zip_flush(phar_archive_data *phar, char *user_stub, long len, int defau char *pos; smart_str main_metadata_str = {0}; static const char newstub[] = "<?php // zip-based phar archive stub file\n__HALT_COMPILER();"; + char halt_stub[] = "__HALT_COMPILER();"; + char *tmp; + php_stream *stubfile, *oldfile; php_serialize_data_t metadata_hash; int free_user_stub, closeoldfile = 0; @@ -1261,8 +1264,9 @@ int phar_zip_flush(phar_archive_data *phar, char *user_stub, long len, int defau free_user_stub = 0; } - if ((pos = strstr(user_stub, "__HALT_COMPILER();")) == NULL) - { + tmp = estrndup(user_stub, len); + if ((pos = php_stristr(tmp, halt_stub, len, sizeof(halt_stub) - 1)) == NULL) { + efree(tmp); if (error) { spprintf(error, 0, "illegal stub for zip-based phar \"%s\"", phar->fname); } @@ -1271,6 +1275,8 @@ int phar_zip_flush(phar_archive_data *phar, char *user_stub, long len, int defau } return EOF; } + pos = user_stub + (pos - tmp); + efree(tmp); len = pos - user_stub + 18; entry.fp = php_stream_fopen_tmpfile(); |