| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We must not assume that the first end of central dir signature in a ZIP
archive actually designates the end of central directory record, since
the data in the archive may contain arbitrary byte patterns. Thus, we
better search from the end of the data, what is also slightly more
efficient.
There is, however, no way to detect the end of central directory
signature by searching from the end of the ZIP archive with absolute
certainty, since the signature could be part of the trailing comment.
To mitigate, we check that the comment length fits to the found
position, but that might still not be the correct position in rare
cases.
Closes GH-6507.
|
| |
|
|
|
|
|
| |
`phar_path_check()` already strips a leading slash, so we must not
attempt to strip the trailing slash from an now empty directory name.
Closes GH-6508.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Apparently, there are broken tarballs out there which are actually in
ustar format, but did not write the `ustar` marker. Since popular tar
tools like GNU tar and 7zip have no issues dealing with such tarballs,
Phar should also be more resilient.
Thus, when the first checksum check of a tarball in (presumed) in old-
style format fails, we check whether the checksum would be suitable for
ustar format; if so, we treat the tarball as being in ustar format.
Closes GH-6479.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Phar signatures practically are of limited size; for the MD5 and SHA
hashes the size is fixed (at most 64 bytes for SHA512); for OpenSSL
public keys there is no size limit in theory, but "64 KiB ought to be
good enough for anybody". So we check for that limit, to avoid fatal
errors due to out of memory conditions.
Since it is neither possible to have the signature compressed in the
ZIP archive, nor is it possible to manually add a signature via Phar,
we use ZipArchive to create a suitable archive for the test on the fly.
Closes GH-6474.
|
| |\
| |
| |
| |
| | |
* PHP-7.3:
Skip test if A: drive exists
|
| | |
| |
| |
| | |
Otherwise the test case will fail for a very different reason.
|
| | |\
| | |
| | |
| | |
| | |
| | | |
* PHP-7.2:
Fix #79877: getimagesize function silently truncates after a null byte
Fix #79797: Use of freed hash key in the phar_parse_zipfile function
|
| | | |
| | |
| | |
| | | |
We must not use heap memory after we freed it.
|
| | | |
| | |
| | |
| | | |
all-access permissions
|
| | | |
| | |
| | |
| | | |
We must not use heap memory after we freed it.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
"poo" was only used in the opendir_edgecases test, but rmdir'ed
in some other tests as well.
I've also taken the liberty of renaming this directory...
|
| |\ \ \
| |/ /
| | |
| | |
| | | |
* PHP-7.3:
Fix #79503: Memory leak on duplicate metadata
|
| | | |
| | |
| | |
| | |
| | | |
Duplicate metadata can only happen if someone tampers with the phar, so
we can and should treat that as error.
|
| | | |
| | |
| | |
| | | |
all-access permissions
|
| | | |
| | |
| | |
| | | |
all-access permissions
|
| |\ \ \
| |/ /
| | |
| | |
| | | |
* PHP-7.3:
Fix #76584: PharFileInfo::decompress not working
|
| | | |
| | |
| | |
| | | |
We actually have to decompress, when told to do so.
|
| |\ \ \
| |/ / |
|
| | |\ \
| | |/ |
|
| | | | |
|
| |\ \ \
| |/ /
| | |
| | |
| | |
| | |
| | |
| | | |
* PHP-7.3:
Fix #77919: Potential UAF in Phar RSHUTDOWN
Update NEWS
Fix bug #78256 (heap-buffer-overflow on exif_process_user_comment)
Fix bug #78222 (heap-buffer-overflow on exif_scan_thumbnail)
|
| | |\ \
| | |/
| | |
| | |
| | |
| | |
| | |
| | | |
* PHP-7.2:
Fix #77919: Potential UAF in Phar RSHUTDOWN
Update NEWS
Fix bug #78256 (heap-buffer-overflow on exif_process_user_comment)
Fix bug #78222 (heap-buffer-overflow on exif_scan_thumbnail)
|
| | | |\
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* PHP-7.1:
Fix #77919: Potential UAF in Phar RSHUTDOWN
Update NEWS
Fix bug #78256 (heap-buffer-overflow on exif_process_user_comment)
Fix bug #78222 (heap-buffer-overflow on exif_scan_thumbnail)
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
We have to properly clean up in case phar_flush() is failing.
We also make the expectation of the respective test case less liberal
to avoid missing such bugs in the future.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The php_stream_read() and php_stream_write() functions now return
an ssize_t value, with negative results indicating failure. Functions
like fread() and fwrite() will return false in that case.
As a special case, EWOULDBLOCK and EAGAIN on non-blocking streams
should not be regarded as error conditions, and be reported as
successful zero-length reads/writes instead. The handling of EINTR
remains unclear and is internally inconsistent (e.g. some code-paths
will automatically retry on EINTR, while some won't).
I'm landing this now to make sure the stream wrapper ops API changes
make it into 7.4 -- however, if the user-facing changes turn out to
be problematic we have the option of clamping negative returns to
zero in php_stream_read() and php_stream_write() to restore the
old behavior in a relatively non-intrusive manner.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- when $status is boolean, E_NOTICE appears and tests fail
- opcache is never enabled on these tests anyway.
- Add opcache.revalidate_freq=0 to testing script
Instead of checking this in the tests files it can be used directly in
the main testing script. Also this fixes failed tests.
- Use opcache_invalidate() instead of sleep() delay in some tests. Some
delays are still used since the opcache_invalidate seems to be buggy
and not working as expected.
Closes GH-4392
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- The hash extension is now always available.
- Remove unfinished test
The Phar::PGP currently doesn't exist yet.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The hash extension is always available since PHP-7.4. The symbol
HAVE_HASH_EXT is kept for BC reasons and removed in PHP-8.0.
This patch also removes the PHAR_HASH_OK since it is no longer
relevant.
|
| | | | | |
|
| | | | | |
|
| |\ \ \ \
| |/ / /
| | | |
| | | |
| | | | |
* PHP-7.3:
Fix tests for non English environments
|
| | |\ \ \
| | |/ /
| | | |
| | | |
| | | | |
* PHP-7.2:
Fix tests for non English environments
|
| | | | | |
|
| |\ \ \ \
| |/ / /
| | | |
| | | |
| | | | |
* PHP-7.3:
Fix phar:// include handling with file cache
|
| | |\ \ \
| | |/ /
| | | |
| | | |
| | | | |
* PHP-7.2:
Fix phar:// include handling with file cache
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| |\ \ \ \
| |/ / /
| | | |
| | | |
| | | | |
* PHP-7.3:
Fix test portability
|
| | |\ \ \
| | |/ /
| | | |
| | | |
| | | | |
* PHP-7.2:
Fix test portability
|
| | | | | |
|
| |\ \ \ \
| |/ / /
| | | |
| | | |
| | | | |
* PHP-7.3:
Fix bug #77586 - phar_tar_writeheaders_int() buffer overflow
|
| | |\ \ \
| | |/ /
| | | |
| | | |
| | | | |
* PHP-7.2:
Fix bug #77586 - phar_tar_writeheaders_int() buffer overflow
|
| | | |\ \
| | | |/
| | | |
| | | |
| | | | |
* PHP-7.1:
Fix bug #77586 - phar_tar_writeheaders_int() buffer overflow
|
| | | | | |
|
| |\ \ \ \
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* PHP-7.3:
Update NEWS
Fix test error message
Fix bug #77563 - Uninitialized read in exif_process_IFD_in_MAKERNOTE
Fix bug #77540 - Invalid Read on exif_process_SOFn
Fix integer overflows on 32-bits
Fix #77431 SplFileInfo::__construct() accepts NUL bytes
Fix bug #77396 - Null Pointer Dereference in phar_create_or_parse_filename
|
| | |\ \ \
| | |/ /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* PHP-7.2:
Update NEWS
Fix test error message
Fix bug #77563 - Uninitialized read in exif_process_IFD_in_MAKERNOTE
Fix bug #77540 - Invalid Read on exif_process_SOFn
Fix integer overflows on 32-bits
Fix #77431 SplFileInfo::__construct() accepts NUL bytes
Fix bug #77396 - Null Pointer Dereference in phar_create_or_parse_filename
|
| | | |\ \
| | | |/
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* PHP-7.1:
Update NEWS
Fix test error message
Fix bug #77563 - Uninitialized read in exif_process_IFD_in_MAKERNOTE
Fix bug #77540 - Invalid Read on exif_process_SOFn
Fix integer overflows on 32-bits
Fix #77431 SplFileInfo::__construct() accepts NUL bytes
Fix bug #77396 - Null Pointer Dereference in phar_create_or_parse_filename
|
| | | | | |
|
