diff options
| author | Greg Beaver <cellog@php.net> | 2008-05-08 00:49:37 +0000 |
|---|---|---|
| committer | Greg Beaver <cellog@php.net> | 2008-05-08 00:49:37 +0000 |
| commit | a919e2f858e0d9f1247dca8e87bab5f8ad6ec09a (patch) | |
| tree | 988c4e5b01b31eb80562ba5b46e2d72f7aeff635 /ext/phar/util.c | |
| parent | 5576983a3e96d4b409a1192aeec69c7d503718f5 (diff) | |
| download | php-git-a919e2f858e0d9f1247dca8e87bab5f8ad6ec09a.tar.gz | |
fix serious logic error and potential security issue with phar_compiled_file and
phar_find_in_include_path. We were allowing data-based phars to be executed, and actually marking phar-based phar archives
without '.phar' in the name as data-based phars, which would allow modifying them even if phar.readonly=0. Add test for this sinister case
Diffstat (limited to 'ext/phar/util.c')
| -rw-r--r-- | ext/phar/util.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/ext/phar/util.c b/ext/phar/util.c index 9b0dc279a5..f36d9a031c 100644 --- a/ext/phar/util.c +++ b/ext/phar/util.c @@ -225,7 +225,7 @@ char *phar_find_in_include_path(char *filename, int filename_len, phar_archive_d return phar_save_resolve_path(filename, filename_len TSRMLS_CC); } fname = zend_get_executed_filename(TSRMLS_C); - if (SUCCESS != phar_split_fname(fname, strlen(fname), &arch, &arch_len, &entry, &entry_len, 0, 0 TSRMLS_CC)) { + if (SUCCESS != phar_split_fname(fname, strlen(fname), &arch, &arch_len, &entry, &entry_len, 1, 0 TSRMLS_CC)) { return phar_save_resolve_path(filename, filename_len TSRMLS_CC); } if (*filename == '.') { @@ -267,7 +267,7 @@ char *phar_find_in_include_path(char *filename, int filename_len, phar_archive_d ret_len = strlen(ret); /* found phar:// */ - if (SUCCESS != phar_split_fname(ret, ret_len, &arch, &arch_len, &entry, &entry_len, 0, 0 TSRMLS_CC)) { + if (SUCCESS != phar_split_fname(ret, ret_len, &arch, &arch_len, &entry, &entry_len, 1, 0 TSRMLS_CC)) { return ret; } zend_hash_find(&(PHAR_GLOBALS->phar_fname_map), arch, arch_len, (void **) &pphar); @@ -293,7 +293,7 @@ char *phar_find_in_include_path(char *filename, int filename_len, phar_archive_d goto doit; } fname = zend_get_executed_filename(TSRMLS_C); - if (SUCCESS != phar_split_fname(fname, strlen(fname), &arch, &arch_len, &entry, &entry_len, 0, 0 TSRMLS_CC)) { + if (SUCCESS != phar_split_fname(fname, strlen(fname), &arch, &arch_len, &entry, &entry_len, 1, 0 TSRMLS_CC)) { goto doit; } @@ -416,7 +416,7 @@ not_stream: ret_len = strlen(trypath); /* found phar:// */ - if (SUCCESS != phar_split_fname(trypath, ret_len, &arch, &arch_len, &entry, &entry_len, 0, 0 TSRMLS_CC)) { + if (SUCCESS != phar_split_fname(trypath, ret_len, &arch, &arch_len, &entry, &entry_len, 1, 0 TSRMLS_CC)) { return estrndup(trypath, ret_len); } zend_hash_find(&(PHAR_GLOBALS->phar_fname_map), arch, arch_len, (void **) &pphar); |