mirrors/php-src
0
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-12-12 03:15:29 +08:00
Code Issues Packages Projects Releases Wiki Activity

Move to unsigned types in phar

Browse Source 
Preventing integer overflows in principle, which allows to avoid additional
range checks. The phar format is based on 32-bit lengths, so the storage
sizes was kept same.
This commit is contained in:
Anatol Belski 2018-04-17 15:09:31 +02:00
parent 8327c4c3bd
commit 2e5ac355b9
12 changed files with 256 additions and 325 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
ext/phar/dirstream.c
View File

@ -183,7 +183,7 @@ static php_stream *phar_make_dirstream(char *dir, HashTable *manifest) /* {{{ */
size_t dirlen = strlen(dir);
char *entry, *found, *save;
zend_string *str_key;
uint32_t keylen;
size_t keylen;
zend_ulong unused;
ALLOC_HASHTABLE(data);
@ -204,8 +204,8 @@ static php_stream *phar_make_dirstream(char *dir, HashTable *manifest) /* {{{ */
}
keylen = ZSTR_LEN(str_key);
if (keylen <= (uint32_t)dirlen) {
if (keylen == 0 || keylen < (uint32_t)dirlen || !strncmp(ZSTR_VAL(str_key), dir, dirlen)) {
if (keylen <= dirlen) {
if (keylen == 0 || keylen < dirlen || !strncmp(ZSTR_VAL(str_key), dir, dirlen)) {
if (SUCCESS != zend_hash_move_forward(manifest)) {
break;
}
@ -378,14 +378,14 @@ php_stream *phar_wrapper_open_dir(php_stream_wrapper *wrapper, const char *path,
php_url_free(resource);
return phar_make_dirstream(internal_file, &phar->manifest);
} else {
int i_len = strlen(internal_file);
size_t i_len = strlen(internal_file);
/* search for directory */
zend_hash_internal_pointer_reset(&phar->manifest);
while (FAILURE != zend_hash_has_more_elements(&phar->manifest)) {
if (HASH_KEY_NON_EXISTENT !=
zend_hash_get_current_key(&phar->manifest, &str_key, &unused)) {
if (ZSTR_LEN(str_key) > (uint32_t)i_len && 0 == memcmp(ZSTR_VAL(str_key), internal_file, i_len)) {
if (ZSTR_LEN(str_key) > i_len && 0 == memcmp(ZSTR_VAL(str_key), internal_file, i_len)) {
/* directory found */
internal_file = estrndup(internal_file,
i_len);
@ -413,7 +413,7 @@ int phar_wrapper_mkdir(php_stream_wrapper *wrapper, const char *url_from, int mo
phar_entry_info entry, *e;
phar_archive_data *phar = NULL;
char *error, *arch, *entry2;
int arch_len, entry_len;
size_t arch_len, entry_len;
php_url *resource = NULL;
uint32_t host_len;
@ -545,7 +545,7 @@ int phar_wrapper_rmdir(php_stream_wrapper *wrapper, const char *url, int options
phar_entry_info *entry;
phar_archive_data *phar = NULL;
char *error, *arch, *entry2;
int arch_len, entry_len;
size_t arch_len, entry_len;
php_url *resource = NULL;
uint32_t host_len;
zend_string *str_key;

20
ext/phar/func_interceptors.c
View File

@ -44,7 +44,7 @@ PHAR_FUNC(phar_opendir) /* {{{ */
if (!IS_ABSOLUTE_PATH(filename, filename_len) && !strstr(filename, "://")) {
char *arch, *entry, *fname;
int arch_len, entry_len, fname_len;
size_t arch_len, entry_len, fname_len;
fname = (char*)zend_get_executed_filename();
/* we are checking for existence of a file within the relative path. Chances are good that this is
@ -119,7 +119,7 @@ PHAR_FUNC(phar_file_get_contents) /* {{{ */
if (use_include_path || (!IS_ABSOLUTE_PATH(filename, filename_len) && !strstr(filename, "://"))) {
char *arch, *entry, *fname;
zend_string *entry_str = NULL;
int arch_len, entry_len, fname_len;
size_t arch_len, entry_len, fname_len;
php_stream_context *context = NULL;
fname = (char*)zend_get_executed_filename();
@ -249,7 +249,7 @@ PHAR_FUNC(phar_readfile) /* {{{ */
if (use_include_path || (!IS_ABSOLUTE_PATH(filename, filename_len) && !strstr(filename, "://"))) {
char *arch, *entry, *fname;
zend_string *entry_str = NULL;
int arch_len, entry_len, fname_len;
size_t arch_len, entry_len, fname_len;
php_stream_context *context = NULL;
char *name;
phar_archive_data *phar;
@ -350,7 +350,7 @@ PHAR_FUNC(phar_fopen) /* {{{ */
if (use_include_path || (!IS_ABSOLUTE_PATH(filename, filename_len) && !strstr(filename, "://"))) {
char *arch, *entry, *fname;
zend_string *entry_str = NULL;
int arch_len, entry_len, fname_len;
size_t arch_len, entry_len, fname_len;
php_stream_context *context = NULL;
char *name;
phar_archive_data *phar;
@ -593,7 +593,7 @@ static void phar_file_stat(const char *filename, size_t filename_length, int typ
if (!IS_ABSOLUTE_PATH(filename, filename_length) && !strstr(filename, "://")) {
char *arch, *entry, *fname;
int arch_len, entry_len, fname_len;
size_t arch_len, entry_len, fname_len;
zend_stat_t sb = {0};
phar_entry_info *data = NULL;
phar_archive_data *phar;
@ -612,7 +612,7 @@ static void phar_file_stat(const char *filename, size_t filename_length, int typ
arch_len = PHAR_G(last_phar_name_len);
entry = estrndup(filename, filename_length);
/* fopen within phar, if :// is not in the url, then prepend phar://<archive>/ */
entry_len = (int) filename_length;
entry_len = filename_length;
phar = PHAR_G(last_phar);
goto splitted;
}
@ -621,7 +621,7 @@ static void phar_file_stat(const char *filename, size_t filename_length, int typ
efree(entry);
entry = estrndup(filename, filename_length);
/* fopen within phar, if :// is not in the url, then prepend phar://<archive>/ */
entry_len = (int) filename_length;
entry_len = filename_length;
if (FAILURE == phar_get_archive(&phar, arch, arch_len, NULL, 0, NULL)) {
efree(arch);
efree(entry);
@ -655,7 +655,7 @@ splitted:
goto statme_baby;
} else {
char *save;
int save_len;
size_t save_len;
notfound:
efree(entry);
@ -863,7 +863,7 @@ PHAR_FUNC(phar_is_file) /* {{{ */
}
if (!IS_ABSOLUTE_PATH(filename, filename_len) && !strstr(filename, "://")) {
char *arch, *entry, *fname;
int arch_len, entry_len, fname_len;
size_t arch_len, entry_len, fname_len;
fname = (char*)zend_get_executed_filename();
/* we are checking for existence of a file within the relative path. Chances are good that this is
@ -930,7 +930,7 @@ PHAR_FUNC(phar_is_link) /* {{{ */
}
if (!IS_ABSOLUTE_PATH(filename, filename_len) && !strstr(filename, "://")) {
char *arch, *entry, *fname;
int arch_len, entry_len, fname_len;
size_t arch_len, entry_len, fname_len;
fname = (char*)zend_get_executed_filename();
/* we are checking for existence of a file within the relative path. Chances are good that this is

60
ext/phar/phar.c
View File

@ -531,7 +531,7 @@ void phar_entry_remove(phar_entry_data *idata, char **error) /* {{{ */
/**
* Open an already loaded phar
*/
int phar_open_parsed_phar(char *fname, int fname_len, char *alias, int alias_len, int is_data, int options, phar_archive_data** pphar, char **error) /* {{{ */
int phar_open_parsed_phar(char *fname, size_t fname_len, char *alias, size_t alias_len, zend_bool is_data, uint32_t options, phar_archive_data** pphar, char **error) /* {{{ */
{
phar_archive_data *phar;
#ifdef PHP_WIN32
@ -651,7 +651,7 @@ int phar_parse_metadata(char **buffer, zval *metadata, uint32_t zip_metadata_len
* This is used by phar_open_from_filename to process the manifest, but can be called
* directly.
*/
static int phar_parse_pharfile(php_stream *fp, char *fname, int fname_len, char *alias, int alias_len, zend_long halt_offset, phar_archive_data** pphar, uint32_t compression, char **error) /* {{{ */
static int phar_parse_pharfile(php_stream *fp, char *fname, size_t fname_len, char *alias, size_t alias_len, zend_long halt_offset, phar_archive_data** pphar, uint32_t compression, char **error) /* {{{ */
{
char b32[4], *buffer, *endbuffer, *savebuf;
phar_archive_data *mydata = NULL;
@ -660,7 +660,8 @@ static int phar_parse_pharfile(php_stream *fp, char *fname, int fname_len, char
uint16_t manifest_ver;
uint32_t len;
zend_long offset;
int sig_len, register_alias = 0, temp_alias = 0;
size_t sig_len;
int register_alias = 0, temp_alias = 0;
char *signature = NULL;
zend_string *str;
@ -984,7 +985,7 @@ static int phar_parse_pharfile(php_stream *fp, char *fname, int fname_len, char
/* tmp_len = 0 says alias length is 0, which means the alias is not stored in the phar */
if (tmp_len) {
/* if the alias is stored we enforce it (implicit overrides explicit) */
if (alias && alias_len && (alias_len != (int)tmp_len || strncmp(alias, buffer, tmp_len)))
if (alias && alias_len && (alias_len != tmp_len || strncmp(alias, buffer, tmp_len)))
{
php_stream_close(fp);
@ -1089,7 +1090,7 @@ static int phar_parse_pharfile(php_stream *fp, char *fname, int fname_len, char
PHAR_GET_32(buffer, entry.uncompressed_filesize);
PHAR_GET_32(buffer, entry.timestamp);
if (offset == halt_offset + (int)manifest_len + 4) {
if (offset == halt_offset + manifest_len + 4) {
mydata->min_timestamp = entry.timestamp;
mydata->max_timestamp = entry.timestamp;
} else {
@ -1259,11 +1260,11 @@ static int phar_parse_pharfile(php_stream *fp, char *fname, int fname_len, char
/**
* Create or open a phar for writing
*/
int phar_open_or_create_filename(char *fname, int fname_len, char *alias, int alias_len, int is_data, int options, phar_archive_data** pphar, char **error) /* {{{ */
int phar_open_or_create_filename(char *fname, size_t fname_len, char *alias, size_t alias_len, zend_bool is_data, uint32_t options, phar_archive_data** pphar, char **error) /* {{{ */
{
const char *ext_str, *z;
char *my_error;
int ext_len;
size_t ext_len;
phar_archive_data **test, *unused = NULL;
test = &unused;
@ -1336,7 +1337,7 @@ check_file:
}
/* }}} */
int phar_create_or_parse_filename(char *fname, int fname_len, char *alias, int alias_len, int is_data, int options, phar_archive_data** pphar, char **error) /* {{{ */
int phar_create_or_parse_filename(char *fname, size_t fname_len, char *alias, size_t alias_len, zend_bool is_data, uint32_t options, phar_archive_data** pphar, char **error) /* {{{ */
{
phar_archive_data *mydata;
php_stream *fp;
@ -1486,7 +1487,7 @@ int phar_create_or_parse_filename(char *fname, int fname_len, char *alias, int a
* that the manifest is proper, then pass it to phar_parse_pharfile(). SUCCESS
* or FAILURE is returned and pphar is set to a pointer to the phar's manifest
*/
int phar_open_from_filename(char *fname, int fname_len, char *alias, int alias_len, int options, phar_archive_data** pphar, char **error) /* {{{ */
int phar_open_from_filename(char *fname, size_t fname_len, char *alias, size_t alias_len, uint32_t options, phar_archive_data** pphar, char **error) /* {{{ */
{
php_stream *fp;
zend_string *actual;
@ -1572,7 +1573,7 @@ static inline char *phar_strnstr(const char *buf, int buf_len, const char *searc
* that the manifest is proper, then pass it to phar_parse_pharfile(). SUCCESS
* or FAILURE is returned and pphar is set to a pointer to the phar's manifest
*/
static int phar_open_from_fp(php_stream* fp, char *fname, int fname_len, char *alias, int alias_len, int options, phar_archive_data** pphar, int is_data, char **error) /* {{{ */
static int phar_open_from_fp(php_stream* fp, char *fname, size_t fname_len, char *alias, size_t alias_len, uint32_t options, phar_archive_data** pphar, int is_data, char **error) /* {{{ */
{
const char token[] = "__HALT_COMPILER();";
const char zip_magic[] = "PK\x03\x04";
@ -1744,7 +1745,7 @@ static int phar_open_from_fp(php_stream* fp, char *fname, int fname_len, char *a
* if not, check to see if its dirname() exists (i.e. "/path/to") and is a directory
* succeed if we are creating the file, otherwise fail.
*/
static int phar_analyze_path(const char *fname, const char *ext, int ext_len, int for_create) /* {{{ */
static int phar_analyze_path(const char *fname, const char *ext, size_t ext_len, int for_create) /* {{{ */
{
php_stream_statbuf ssb;
char *realpath;
@ -1849,7 +1850,7 @@ static int phar_analyze_path(const char *fname, const char *ext, int ext_len, in
/* }}} */
/* check for ".phar" in extension */
static int phar_check_str(const char *fname, const char *ext_str, int ext_len, int executable, int for_create) /* {{{ */
static int phar_check_str(const char *fname, const char *ext_str, size_t ext_len, int executable, int for_create) /* {{{ */
{
char test[51];
const char *pos;
@ -1904,7 +1905,7 @@ static int phar_check_str(const char *fname, const char *ext_str, int ext_len, i
* the last parameter should be set to tell the thing to assume that filename is the full path, and only to check the
* extension rules, not to iterate.
*/
int phar_detect_phar_fname_ext(const char *filename, int filename_len, const char **ext_str, int *ext_len, int executable, int for_create, int is_complete) /* {{{ */
int phar_detect_phar_fname_ext(const char *filename, size_t filename_len, const char **ext_str, size_t *ext_len, int executable, int for_create, int is_complete) /* {{{ */
{
const char *pos, *slash;
@ -1921,7 +1922,7 @@ int phar_detect_phar_fname_ext(const char *filename, int filename_len, const cha
if (pos && pos != filename) {
/* check for url like http:// or phar:// */
if (*(pos - 1) == ':' && (pos - filename) < filename_len - 1 && *(pos + 1) == '/') {
if (*(pos - 1) == ':' && (size_t)(pos - filename) < filename_len - 1 && *(pos + 1) == '/') {
*ext_len = -2;
*ext_str = NULL;
return FAILURE;
@ -2062,9 +2063,9 @@ next_extension:
}
/* }}} */
static int php_check_dots(const char *element, int n) /* {{{ */
static int php_check_dots(const char *element, size_t n) /* {{{ */
{
for(n--; n >= 0; --n) {
for(n-- ; n != SIZE_MAX; --n) {
if (element[n] != '.') {
return 1;
}
@ -2084,13 +2085,13 @@ static int php_check_dots(const char *element, int n) /* {{{ */
/**
* Remove .. and . references within a phar filename
*/
char *phar_fix_filepath(char *path, int *new_len, int use_cwd) /* {{{ */
char *phar_fix_filepath(char *path, size_t *new_len, int use_cwd) /* {{{ */
{
char *newpath;
int newpath_len;
size_t newpath_len;
char *ptr;
char *tok;
int ptr_length, path_length = *new_len;
size_t ptr_length, path_length = *new_len;
if (PHAR_G(cwd_len) && use_cwd && path_length > 2 && path[0] == '.' && path[1] == '/') {
newpath_len = PHAR_G(cwd_len);
@ -2198,13 +2199,13 @@ last_time:
*
* This is used by phar_parse_url()
*/
int phar_split_fname(const char *filename, int filename_len, char **arch, int *arch_len, char **entry, int *entry_len, int executable, int for_create) /* {{{ */
int phar_split_fname(const char *filename, size_t filename_len, char **arch, size_t *arch_len, char **entry, size_t *entry_len, int executable, int for_create) /* {{{ */
{
const char *ext_str;
#ifdef PHP_WIN32
char *save;
#endif
int ext_len;
size_t ext_len;
if (CHECK_NULL_PATH(filename, filename_len)) {
return FAILURE;
@ -2269,11 +2270,11 @@ int phar_split_fname(const char *filename, int filename_len, char **arch, int *a
* Invoked when a user calls Phar::mapPhar() from within an executing .phar
* to set up its manifest directly
*/
int phar_open_executed_filename(char *alias, int alias_len, char **error) /* {{{ */
int phar_open_executed_filename(char *alias, size_t alias_len, char **error) /* {{{ */
{
char *fname;
php_stream *fp;
int fname_len;
size_t fname_len;
zend_string *actual = NULL;
int ret;
@ -2420,7 +2421,7 @@ int phar_postprocess_file(phar_entry_data *idata, uint32_t crc32, char **error,
}
/* }}} */
static inline void phar_set_32(char *buffer, int var) /* {{{ */
static inline void phar_set_32(char *buffer, uint32_t var) /* {{{ */
{
#ifdef WORDS_BIGENDIAN
*((buffer) + 3) = (unsigned char) (((var) >> 24) & 0xFF);
@ -2448,7 +2449,7 @@ static int phar_flush_clean_deleted_apply(zval *zv) /* {{{ */
zend_string *phar_create_default_stub(const char *index_php, const char *web_index, char **error) /* {{{ */
{
int index_len, web_len;
size_t index_len, web_len;
if (error) {
*error = NULL;
@ -2468,7 +2469,7 @@ zend_string *phar_create_default_stub(const char *index_php, const char *web_ind
if (index_len > 400) {
/* ridiculous size not allowed for index.php startup filename */
if (error) {
spprintf(error, 0, "Illegal filename passed in for stub creation, was %d characters long, and only 400 or less is allowed", index_len);
spprintf(error, 0, "Illegal filename passed in for stub creation, was %zd characters long, and only 400 or less is allowed", index_len);
return NULL;
}
}
@ -2476,7 +2477,7 @@ zend_string *phar_create_default_stub(const char *index_php, const char *web_ind
if (web_len > 400) {
/* ridiculous size not allowed for index.php startup filename */
if (error) {
spprintf(error, 0, "Illegal web filename passed in for stub creation, was %d characters long, and only 400 or less is allowed", web_len);
spprintf(error, 0, "Illegal web filename passed in for stub creation, was %zd characters long, and only 400 or less is allowed", web_len);
return NULL;
}
}
@ -2497,7 +2498,8 @@ int phar_flush(phar_archive_data *phar, char *user_stub, zend_long len, int conv
zend_string *newstub;
char *tmp;
phar_entry_info *entry, *newentry;
int halt_offset, restore_alias_len, global_flags = 0, closeoldfile;
size_t halt_offset;
int restore_alias_len, global_flags = 0, closeoldfile;
char *pos, has_dirs = 0;
char manifest[18], entry_buffer[24];
zend_off_t manifest_ftell;
@ -3115,7 +3117,7 @@ int phar_flush(phar_archive_data *phar, char *user_stub, zend_long len, int conv
#endif
default: {
char *digest = NULL;
int digest_len;
size_t digest_len;
if (FAILURE == phar_create_signature(phar, newfile, &digest, &digest_len, error)) {
if (error) {

128
ext/phar/phar_internal.h
View File

@ -179,15 +179,15 @@ ZEND_BEGIN_MODULE_GLOBALS(phar)
zif_handler orig_stat;
/* used for includes with . in them inside front controller */
char* cwd;
int cwd_len;
uint32_t cwd_len;
int cwd_init;
char *openssl_privatekey;
int openssl_privatekey_len;
uint32_t openssl_privatekey_len;
/* phar_get_archive cache */
char* last_phar_name;
int last_phar_name_len;
uint32_t last_phar_name_len;
char* last_alias;
int last_alias_len;
uint32_t last_alias_len;
phar_archive_data* last_phar;
HashTable mime_types;
ZEND_END_MODULE_GLOBALS(phar)
@ -231,7 +231,7 @@ typedef struct _phar_entry_info {
/* when changing compression, save old flags in case fp is NULL */
uint32_t old_flags;
zval metadata;
int metadata_len; /* only used for cached manifests */
uint32_t metadata_len; /* only used for cached manifests */
uint32_t filename_len;
char *filename;
enum phar_fp_type fp_type;
@ -254,32 +254,32 @@ typedef struct _phar_entry_info {
/* for stat */
unsigned short inode;
unsigned int is_crc_checked:1;
unsigned int is_modified:1;
unsigned int is_deleted:1;
unsigned int is_dir:1;
uint32_t is_crc_checked:1;
uint32_t is_modified:1;
uint32_t is_deleted:1;
uint32_t is_dir:1;
/* this flag is used for mounted entries (external files mapped to location
inside a phar */
unsigned int is_mounted:1;
uint32_t is_mounted:1;
/* used when iterating */
unsigned int is_temp_dir:1;
uint32_t is_temp_dir:1;
/* tar-based phar file stuff */
unsigned int is_tar:1;
uint32_t is_tar:1;
/* zip-based phar file stuff */
unsigned int is_zip:1;
uint32_t is_zip:1;
/* for cached phar entries */
unsigned int is_persistent:1;
uint32_t is_persistent:1;
} phar_entry_info;
/* information about a phar file (the archive itself) */
struct _phar_archive_data {
char *fname;
int fname_len;
uint32_t fname_len;
/* for phar_detect_fname_ext, this stores the location of the file extension within fname */
char *ext;
int ext_len;
uint32_t ext_len;
char *alias;
int alias_len;
uint32_t alias_len;
char version[12];
size_t internal_file_start;
size_t halt_offset;
@ -296,26 +296,26 @@ struct _phar_archive_data {
php_stream *ufp;
int refcount;
uint32_t sig_flags;
int sig_len;
uint32_t sig_len;
char *signature;
zval metadata;
int metadata_len; /* only used for cached manifests */
uint32_t phar_pos;
uint32_t metadata_len; /* only used for cached manifests */
uint32_t phar_pos;
/* if 1, then this alias was manually specified by the user and is not a permanent alias */
unsigned int is_temporary_alias:1;
unsigned int is_modified:1;
unsigned int is_writeable:1;
unsigned int is_brandnew:1;
uint32_t is_temporary_alias:1;
uint32_t is_modified:1;
uint32_t is_writeable:1;
uint32_t is_brandnew:1;
/* defer phar creation */
unsigned int donotflush:1;
uint32_t donotflush:1;
/* zip-based phar variables */
unsigned int is_zip:1;
uint32_t is_zip:1;
/* tar-based phar variables */
unsigned int is_tar:1;
uint32_t is_tar:1;
/* PharData variables */
unsigned int is_data:1;
uint32_t is_data:1;
/* for cached phar manifests */
unsigned int is_persistent:1;
uint32_t is_persistent:1;
};
typedef struct _phar_entry_fp_info {
@ -443,7 +443,7 @@ static inline zend_off_t phar_get_fp_offset(phar_entry_info *entry)
typedef struct _phar_mime_type {
char *mime;
int len;
uint32_t len;
/* one of PHAR_MIME_* */
char type;
} phar_mime_type;
@ -456,9 +456,9 @@ typedef struct _phar_entry_data {
zend_off_t position;
/* for copies of the phar fp, defines where 0 is */
zend_off_t zero;
unsigned int for_write:1;
unsigned int is_zip:1;
unsigned int is_tar:1;
uint32_t for_write:1;
uint32_t is_zip:1;
uint32_t is_tar:1;
phar_entry_info *internal_file;
} phar_entry_data;
@ -475,7 +475,7 @@ union _phar_entry_object {
};
#ifndef PHAR_MAIN
extern zend_string *(*phar_save_resolve_path)(const char *filename, int filename_len);
extern zend_string *(*phar_save_resolve_path)(const char *filename, size_t filename_len);
#endif
BEGIN_EXTERN_C()
@ -483,12 +483,12 @@ BEGIN_EXTERN_C()
#ifdef PHP_WIN32
char *tsrm_strtok_r(char *s, const char *delim, char **last);
static inline void phar_unixify_path_separators(char *path, int path_len)
static inline void phar_unixify_path_separators(char *path, size_t path_len)
{
char *s;
/* unixify win paths */
for (s = path; s - path < path_len; ++s) {
for (s = path; (size_t)(s - path) < path_len; ++s) {
if (*s == '\\') {
*s = '/';
}
@ -498,7 +498,7 @@ static inline void phar_unixify_path_separators(char *path, int path_len)
/**
* validate an alias, returns 1 for success, 0 for failure
*/
static inline int phar_validate_alias(const char *alias, int alias_len) /* {{{ */
static inline int phar_validate_alias(const char *alias, size_t alias_len) /* {{{ */
{
return !(memchr(alias, '/', alias_len) || memchr(alias, '\\', alias_len) || memchr(alias, ':', alias_len) ||
memchr(alias, ';', alias_len) || memchr(alias, '\n', alias_len) || memchr(alias, '\r', alias_len));
@ -508,7 +508,7 @@ static inline int phar_validate_alias(const char *alias, int alias_len) /* {{{ *
static inline void phar_set_inode(phar_entry_info *entry) /* {{{ */
{
char tmp[MAXPATHLEN];
int tmp_len;
size_t tmp_len;
size_t len1, len2;
tmp_len = MIN(MAXPATHLEN, entry->filename_len + entry->phar->fname_len);
@ -530,26 +530,26 @@ void phar_destroy_phar_data(phar_archive_data *phar);
int phar_open_entry_file(phar_archive_data *phar, phar_entry_info *entry, char **error);
int phar_postprocess_file(phar_entry_data *idata, uint32_t crc32, char **error, int process_zip);
int phar_open_from_filename(char *fname, int fname_len, char *alias, int alias_len, int options, phar_archive_data** pphar, char **error);
int phar_open_or_create_filename(char *fname, int fname_len, char *alias, int alias_len, int is_data, int options, phar_archive_data** pphar, char **error);
int phar_create_or_parse_filename(char *fname, int fname_len, char *alias, int alias_len, int is_data, int options, phar_archive_data** pphar, char **error);
int phar_open_executed_filename(char *alias, int alias_len, char **error);
int phar_free_alias(phar_archive_data *phar, char *alias, int alias_len);
int phar_get_archive(phar_archive_data **archive, char *fname, int fname_len, char *alias, int alias_len, char **error);
int phar_open_parsed_phar(char *fname, int fname_len, char *alias, int alias_len, int is_data, int options, phar_archive_data** pphar, char **error);
int phar_verify_signature(php_stream *fp, size_t end_of_phar, uint32_t sig_type, char *sig, int sig_len, char *fname, char **signature, int *signature_len, char **error);
int phar_create_signature(phar_archive_data *phar, php_stream *fp, char **signature, int *signature_length, char **error);
int phar_open_from_filename(char *fname, size_t fname_len, char *alias, size_t alias_len, uint32_t options, phar_archive_data** pphar, char **error);
int phar_open_or_create_filename(char *fname, size_t fname_len, char *alias, size_t alias_len, zend_bool is_data, uint32_t options, phar_archive_data** pphar, char **error);
int phar_create_or_parse_filename(char *fname, size_t fname_len, char *alias, size_t alias_len, zend_bool is_data, uint32_t options, phar_archive_data** pphar, char **error);
int phar_open_executed_filename(char *alias, size_t alias_len, char **error);
int phar_free_alias(phar_archive_data *phar, char *alias, size_t alias_len);
int phar_get_archive(phar_archive_data **archive, char *fname, size_t fname_len, char *alias, size_t alias_len, char **error);
int phar_open_parsed_phar(char *fname, size_t fname_len, char *alias, size_t alias_len, zend_bool is_data, uint32_t options, phar_archive_data** pphar, char **error);
int phar_verify_signature(php_stream *fp, size_t end_of_phar, uint32_t sig_type, char *sig, size_t sig_len, char *fname, char **signature, size_t *signature_len, char **error);
int phar_create_signature(phar_archive_data *phar, php_stream *fp, char **signature, size_t *signature_length, char **error);
/* utility functions */
zend_string *phar_create_default_stub(const char *index_php, const char *web_index, char **error);
char *phar_decompress_filter(phar_entry_info * entry, int return_unknown);
char *phar_compress_filter(phar_entry_info * entry, int return_unknown);
void phar_remove_virtual_dirs(phar_archive_data *phar, char *filename, int filename_len);
void phar_add_virtual_dirs(phar_archive_data *phar, char *filename, int filename_len);
int phar_mount_entry(phar_archive_data *phar, char *filename, int filename_len, char *path, int path_len);
zend_string *phar_find_in_include_path(char *file, int file_len, phar_archive_data **pphar);
char *phar_fix_filepath(char *path, int *new_len, int use_cwd);
/* void phar_remove_virtual_dirs(phar_archive_data *phar, char *filename, size_t filename_len); */
void phar_add_virtual_dirs(phar_archive_data *phar, char *filename, size_t filename_len);
int phar_mount_entry(phar_archive_data *phar, char *filename, size_t filename_len, char *path, size_t path_len);
zend_string *phar_find_in_include_path(char *file, size_t file_len, phar_archive_data **pphar);
char *phar_fix_filepath(char *path, size_t *new_len, int use_cwd);
phar_entry_info * phar_open_jit(phar_archive_data *phar, phar_entry_info *entry, char **error);
int phar_parse_metadata(char **buffer, zval *metadata, uint32_t zip_metadata_len);
void destroy_phar_manifest_entry(zval *zv);
@ -565,17 +565,17 @@ int phar_copy_on_write(phar_archive_data **pphar);
/* tar functions in tar.c */
int phar_is_tar(char *buf, char *fname);
int phar_parse_tarfile(php_stream* fp, char *fname, int fname_len, char *alias, int alias_len, phar_archive_data** pphar, int is_data, uint32_t compression, char **error);
int phar_open_or_create_tar(char *fname, int fname_len, char *alias, int alias_len, int is_data, int options, phar_archive_data** pphar, char **error);
int phar_parse_tarfile(php_stream* fp, char *fname, size_t fname_len, char *alias, size_t alias_len, phar_archive_data** pphar, int is_data, uint32_t compression, char **error);
int phar_open_or_create_tar(char *fname, size_t fname_len, char *alias, size_t alias_len, int is_data, uint32_t options, phar_archive_data** pphar, char **error);
int phar_tar_flush(phar_archive_data *phar, char *user_stub, zend_long len, int defaultstub, char **error);
/* zip functions in zip.c */
int phar_parse_zipfile(php_stream *fp, char *fname, int fname_len, char *alias, int alias_len, phar_archive_data** pphar, char **error);
int phar_open_or_create_zip(char *fname, int fname_len, char *alias, int alias_len, int is_data, int options, phar_archive_data** pphar, char **error);
int phar_parse_zipfile(php_stream *fp, char *fname, size_t fname_len, char *alias, size_t alias_len, phar_archive_data** pphar, char **error);
int phar_open_or_create_zip(char *fname, size_t fname_len, char *alias, size_t alias_len, int is_data, uint32_t options, phar_archive_data** pphar, char **error);
int phar_zip_flush(phar_archive_data *archive, char *user_stub, zend_long len, int defaultstub, char **error);
#ifdef PHAR_MAIN
static int phar_open_from_fp(php_stream* fp, char *fname, int fname_len, char *alias, int alias_len, int options, phar_archive_data** pphar, int is_data, char **error);
static int phar_open_from_fp(php_stream* fp, char *fname, size_t fname_len, char *alias, size_t alias_len, uint32_t options, phar_archive_data** pphar, int is_data, char **error);
extern const php_stream_wrapper php_stream_phar_wrapper;
#else
extern HashTable cached_phars;
@ -585,13 +585,13 @@ extern HashTable cached_alias;
int phar_archive_delref(phar_archive_data *phar);
int phar_entry_delref(phar_entry_data *idata);
phar_entry_info *phar_get_entry_info(phar_archive_data *phar, char *path, int path_len, char **error, int security);
phar_entry_info *phar_get_entry_info_dir(phar_archive_data *phar, char *path, int path_len, char dir, char **error, int security);
phar_entry_data *phar_get_or_create_entry_data(char *fname, int fname_len, char *path, int path_len, const char *mode, char allow_dir, char **error, int security);
int phar_get_entry_data(phar_entry_data **ret, char *fname, int fname_len, char *path, int path_len, const char *mode, char allow_dir, char **error, int security);
phar_entry_info *phar_get_entry_info(phar_archive_data *phar, char *path, size_t path_len, char **error, int security);
phar_entry_info *phar_get_entry_info_dir(phar_archive_data *phar, char *path, size_t path_len, char dir, char **error, int security);
phar_entry_data *phar_get_or_create_entry_data(char *fname, size_t fname_len, char *path, size_t path_len, const char *mode, char allow_dir, char **error, int security);
int phar_get_entry_data(phar_entry_data **ret, char *fname, size_t fname_len, char *path, size_t path_len, const char *mode, char allow_dir, char **error, int security);
int phar_flush(phar_archive_data *archive, char *user_stub, zend_long len, int convert, char **error);
int phar_detect_phar_fname_ext(const char *filename, int filename_len, const char **ext_str, int *ext_len, int executable, int for_create, int is_complete);
int phar_split_fname(const char *filename, int filename_len, char **arch, int *arch_len, char **entry, int *entry_len, int executable, int for_create);
int phar_detect_phar_fname_ext(const char *filename, size_t filename_len, const char **ext_str, size_t *ext_len, int executable, int for_create, int is_complete);
int phar_split_fname(const char *filename, size_t filename_len, char **arch, size_t *arch_len, char **entry, size_t *entry_len, int executable, int for_create);
typedef enum {
pcr_use_query,
@ -605,7 +605,7 @@ typedef enum {
pcr_err_empty_entry
} phar_path_check_result;
phar_path_check_result phar_path_check(char **p, int *len, const char **error);
phar_path_check_result phar_path_check(char **p, size_t *len, const char **error);
END_EXTERN_C()

224
ext/phar/phar_object.c
View File

@ -47,7 +47,7 @@ static int phar_file_type(HashTable *mimes, char *file, char **mime_type) /* {{{
}
/* }}} */
static void phar_mung_server_vars(char *fname, char *entry, int entry_len, char *basename, int request_uri_len) /* {{{ */
static void phar_mung_server_vars(char *fname, char *entry, size_t entry_len, char *basename, size_t request_uri_len) /* {{{ */
{
HashTable *_SERVER;
zval *stuff;
@ -133,7 +133,7 @@ static void phar_mung_server_vars(char *fname, char *entry, int entry_len, char
}
/* }}} */
static int phar_file_action(phar_archive_data *phar, phar_entry_info *info, char *mime_type, int code, char *entry, int entry_len, char *arch, char *basename, char *ru, int ru_len) /* {{{ */
static int phar_file_action(phar_archive_data *phar, phar_entry_info *info, char *mime_type, int code, char *entry, size_t entry_len, char *arch, char *basename, char *ru, size_t ru_len) /* {{{ */
{
char *name = NULL, buf[8192];
const char *cwd;
@ -239,10 +239,10 @@ static int phar_file_action(phar_archive_data *phar, phar_entry_info *info, char
PHAR_G(cwd_len) = 0;
PHAR_G(cwd) = NULL;
} else if (entry[0] == '/') {
PHAR_G(cwd_len) = (int)(cwd - (entry + 1));
PHAR_G(cwd_len) = (cwd - (entry + 1));
PHAR_G(cwd) = estrndup(entry + 1, PHAR_G(cwd_len));
} else {
PHAR_G(cwd_len) = (int)(cwd - entry);
PHAR_G(cwd_len) = (cwd - entry);
PHAR_G(cwd) = estrndup(entry, PHAR_G(cwd_len));
}
}
@ -298,7 +298,7 @@ static int phar_file_action(phar_archive_data *phar, phar_entry_info *info, char
}
/* }}} */
static void phar_do_403(char *entry, int entry_len) /* {{{ */
static void phar_do_403(char *entry, size_t entry_len) /* {{{ */
{
sapi_header_line ctr = {0};
@ -313,7 +313,7 @@ static void phar_do_403(char *entry, int entry_len) /* {{{ */
}
/* }}} */
static void phar_do_404(phar_archive_data *phar, char *fname, int fname_len, char *f404, int f404_len, char *entry, size_t entry_len) /* {{{ */
static void phar_do_404(phar_archive_data *phar, char *fname, size_t fname_len, char *f404, size_t f404_len, char *entry, size_t entry_len) /* {{{ */
{
sapi_header_line ctr = {0};
phar_entry_info *info;
@ -341,10 +341,10 @@ static void phar_do_404(phar_archive_data *phar, char *fname, int fname_len, cha
/* post-process REQUEST_URI and retrieve the actual request URI. This is for
cases like http://localhost/blah.phar/path/to/file.php/extra/stuff
which calls "blah.phar" file "path/to/file.php" with PATH_INFO "/extra/stuff" */
static void phar_postprocess_ru_web(char *fname, int fname_len, char **entry, int *entry_len, char **ru, int *ru_len) /* {{{ */
static void phar_postprocess_ru_web(char *fname, size_t fname_len, char **entry, size_t *entry_len, char **ru, size_t *ru_len) /* {{{ */
{
char *e = *entry + 1, *u = NULL, *u1 = NULL, *saveu = NULL;
int e_len = *entry_len - 1, u_len = 0;
size_t e_len = *entry_len - 1, u_len = 0;
phar_archive_data *pphar;
/* we already know we can retrieve the phar if we reach here */
@ -389,7 +389,7 @@ static void phar_postprocess_ru_web(char *fname, int fname_len, char **entry, in
}
u[0] = '\0';
u_len = (int)strlen(u + 1);
u_len = strlen(u + 1);
e_len -= u_len + 1;
if (e_len < 0) {
@ -409,7 +409,7 @@ static void phar_postprocess_ru_web(char *fname, int fname_len, char **entry, in
PHP_METHOD(Phar, running)
{
char *fname, *arch, *entry;
int fname_len, arch_len, entry_len;
size_t fname_len, arch_len, entry_len;
zend_bool retphar = 1;
if (zend_parse_parameters(ZEND_NUM_ARGS(), "|b", &retphar) == FAILURE) {
@ -417,7 +417,7 @@ PHP_METHOD(Phar, running)
}
fname = (char*)zend_get_executed_filename();
fname_len = (int)strlen(fname);
fname_len = strlen(fname);
if (fname_len > 7 && !memcmp(fname, "phar://", 7) && SUCCESS == phar_split_fname(fname, fname_len, &arch, &arch_len, &entry, &entry_len, 2, 0)) {
efree(entry);
@ -446,7 +446,7 @@ PHP_METHOD(Phar, running)
PHP_METHOD(Phar, mount)
{
char *fname, *arch = NULL, *entry = NULL, *path, *actual;
int fname_len, arch_len, entry_len;
size_t fname_len, arch_len, entry_len;
size_t path_len, actual_len;
phar_archive_data *pphar;
@ -454,12 +454,8 @@ PHP_METHOD(Phar, mount)
return;
}
if (ZEND_SIZE_T_INT_OVFL(path_len) || ZEND_SIZE_T_INT_OVFL(actual_len)) {
RETURN_FALSE;
}
fname = (char*)zend_get_executed_filename();
fname_len = (int)strlen(fname);
fname_len = strlen(fname);
#ifdef PHP_WIN32
phar_unixify_path_separators(fname, fname_len);
@ -490,7 +486,7 @@ carry_on2:
return;
}
carry_on:
if (SUCCESS != phar_mount_entry(pphar, actual, (int)actual_len, path, (int)path_len)) {
if (SUCCESS != phar_mount_entry(pphar, actual, actual_len, path, path_len)) {
zend_throw_exception_ex(phar_ce_PharException, 0, "Mounting of %s to %s within phar %s failed", path, actual, arch);
if (path && path == entry) {
efree(entry);
@ -520,7 +516,7 @@ carry_on:
}
goto carry_on;
} else if (SUCCESS == phar_split_fname(path, (int)path_len, &arch, &arch_len, &entry, &entry_len, 2, 0)) {
} else if (SUCCESS == phar_split_fname(path, path_len, &arch, &arch_len, &entry, &entry_len, 2, 0)) {
path = entry;
path_len = entry_len;
goto carry_on2;
@ -542,11 +538,12 @@ PHP_METHOD(Phar, webPhar)
zval *mimeoverride = NULL, *rewrite = NULL;
char *alias = NULL, *error, *index_php = NULL, *f404 = NULL, *ru = NULL;
size_t alias_len = 0, f404_len = 0, free_pathinfo = 0;
int ru_len = 0;
size_t ru_len = 0;
char *fname, *path_info, *mime_type = NULL, *entry, *pt;
const char *basename;
size_t fname_len, index_php_len = 0;
int entry_len, code, not_cgi;
size_t entry_len;
int code, not_cgi;
phar_archive_data *phar = NULL;
phar_entry_info *info = NULL;
size_t sapi_mod_name_len = strlen(sapi_module.name);
@ -559,12 +556,7 @@ PHP_METHOD(Phar, webPhar)
fname = (char*)zend_get_executed_filename();
fname_len = strlen(fname);
if (ZEND_SIZE_T_INT_OVFL(alias_len)
|| ZEND_SIZE_T_INT_OVFL(f404_len) || ZEND_SIZE_T_INT_OVFL(index_php_len)) {
RETURN_FALSE;
}
if (phar_open_executed_filename(alias, (int)alias_len, &error) != SUCCESS) {
if (phar_open_executed_filename(alias, alias_len, &error) != SUCCESS) {
if (error) {
zend_throw_exception_ex(phar_ce_PharException, 0, "%s", error);
efree(error);
@ -616,7 +608,7 @@ PHP_METHOD(Phar, webPhar)
if (NULL != (z_path_info = zend_hash_str_find(_server, "PATH_INFO", sizeof("PATH_INFO")-1)) &&
IS_STRING == Z_TYPE_P(z_path_info)) {
entry_len = (int)Z_STRLEN_P(z_path_info);
entry_len = Z_STRLEN_P(z_path_info);
entry = estrndup(Z_STRVAL_P(z_path_info), entry_len);
path_info = emalloc(Z_STRLEN_P(z_script_name) + entry_len + 1);
memcpy(path_info, Z_STRVAL_P(z_script_name), Z_STRLEN_P(z_script_name));
@ -643,7 +635,7 @@ PHP_METHOD(Phar, webPhar)
if (path_info) {
entry = path_info;
entry_len = (int)strlen(entry);
entry_len = strlen(entry);
spprintf(&path_info, 0, "%s%s", testit, path_info);
free_pathinfo = 1;
} else {
@ -664,7 +656,7 @@ PHP_METHOD(Phar, webPhar)
return;
}
entry_len = (int)strlen(path_info);
entry_len = strlen(path_info);
entry_len -= (pt - path_info) + (fname_len - (basename - fname));
entry = estrndup(pt + (fname_len - (basename - fname)), entry_len);
@ -720,12 +712,8 @@ PHP_METHOD(Phar, webPhar)
switch (Z_TYPE(retval)) {
case IS_STRING:
efree(entry);
if (ZEND_SIZE_T_INT_OVFL(Z_STRLEN_P(fci.retval))) {
zend_throw_exception_ex(phar_ce_PharException, 0, "phar error: rewrite callback returned oversized value");
return;
}
entry = estrndup(Z_STRVAL_P(fci.retval), Z_STRLEN_P(fci.retval));
entry_len = (int)Z_STRLEN_P(fci.retval);
entry_len = Z_STRLEN_P(fci.retval);
break;
case IS_TRUE:
case IS_FALSE:
@ -750,7 +738,7 @@ PHP_METHOD(Phar, webPhar)
}
if (entry_len) {
phar_postprocess_ru_web(fname, (int)fname_len, &entry, &entry_len, &ru, &ru_len);
phar_postprocess_ru_web(fname, fname_len, &entry, &entry_len, &ru, &ru_len);
}
if (!entry_len || (entry_len == 1 && entry[0] == '/')) {
@ -758,7 +746,7 @@ PHP_METHOD(Phar, webPhar)
/* direct request */
if (index_php_len) {
entry = index_php;
entry_len = (int)index_php_len;
entry_len = index_php_len;
if (entry[0] != '/') {
spprintf(&entry, 0, "/%s", index_php);
++entry_len;
@ -769,9 +757,9 @@ PHP_METHOD(Phar, webPhar)
entry_len = sizeof("/index.php")-1;
}
if (FAILURE == phar_get_archive(&phar, fname, (int)fname_len, NULL, 0, NULL) ||
if (FAILURE == phar_get_archive(&phar, fname, fname_len, NULL, 0, NULL) ||
(info = phar_get_entry_info(phar, entry, entry_len, NULL, 0)) == NULL) {
phar_do_404(phar, fname, (int)fname_len, f404, (int)f404_len, entry, entry_len);
phar_do_404(phar, fname, fname_len, f404, f404_len, entry, entry_len);
if (free_pathinfo) {
efree(path_info);
@ -815,9 +803,9 @@ PHP_METHOD(Phar, webPhar)
}
}
if (FAILURE == phar_get_archive(&phar, fname, (int)fname_len, NULL, 0, NULL) ||
if (FAILURE == phar_get_archive(&phar, fname, fname_len, NULL, 0, NULL) ||
(info = phar_get_entry_info(phar, entry, entry_len, NULL, 0)) == NULL) {
phar_do_404(phar, fname, (int)fname_len, f404, (int)f404_len, entry, entry_len);
phar_do_404(phar, fname, fname_len, f404, f404_len, entry, entry_len);
#ifdef PHP_WIN32
efree(fname);
#endif
@ -836,7 +824,7 @@ PHP_METHOD(Phar, webPhar)
case IS_LONG:
if (Z_LVAL_P(val) == PHAR_MIME_PHP || Z_LVAL_P(val) == PHAR_MIME_PHPS) {
mime_type = "";
code = (int)Z_LVAL_P(val);
code = Z_LVAL_P(val);
} else {
zend_throw_exception_ex(phar_ce_PharException, 0, "Unknown mime type specifier used, only Phar::PHP, Phar::PHPS and a mime type string are allowed");
if (free_pathinfo) {
@ -985,12 +973,9 @@ PHP_METHOD(Phar, mapPhar)
return;
}
if (ZEND_SIZE_T_INT_OVFL(alias_len)) {
RETURN_FALSE;
}
phar_request_initialize();
RETVAL_BOOL(phar_open_executed_filename(alias, (int)alias_len, &error) == SUCCESS);
RETVAL_BOOL(phar_open_executed_filename(alias, alias_len, &error) == SUCCESS);
if (error) {
zend_throw_exception_ex(phar_ce_PharException, 0, "%s", error);
@ -1009,12 +994,9 @@ PHP_METHOD(Phar, loadPhar)
return;
}
if (ZEND_SIZE_T_INT_OVFL(alias_len) || ZEND_SIZE_T_INT_OVFL(fname_len)) {
RETURN_FALSE;
}
phar_request_initialize();
RETVAL_BOOL(phar_open_from_filename(fname, (int)fname_len, alias, (int)alias_len, REPORT_ERRORS, NULL, &error) == SUCCESS);
RETVAL_BOOL(phar_open_from_filename(fname, fname_len, alias, alias_len, REPORT_ERRORS, NULL, &error) == SUCCESS);
if (error) {
zend_throw_exception_ex(phar_ce_PharException, 0, "%s", error);
@ -1085,19 +1067,16 @@ PHP_METHOD(Phar, isValidPharFilename)
char *fname;
const char *ext_str;
size_t fname_len;
int ext_len, is_executable;
size_t ext_len;
int is_executable;
zend_bool executable = 1;
if (zend_parse_parameters(ZEND_NUM_ARGS(), "p|b", &fname, &fname_len, &executable) == FAILURE) {
return;
}
if (ZEND_SIZE_T_INT_OVFL(fname_len)) {
RETURN_FALSE;
}
is_executable = executable;
RETVAL_BOOL(phar_detect_phar_fname_ext(fname, (int)fname_len, &ext_str, &ext_len, is_executable, 2, 1) == SUCCESS);
RETVAL_BOOL(phar_detect_phar_fname_ext(fname, fname_len, &ext_str, &ext_len, is_executable, 2, 1) == SUCCESS);
}
/* }}} */
@ -1147,7 +1126,8 @@ PHP_METHOD(Phar, __construct)
{
char *fname, *alias = NULL, *error, *arch = NULL, *entry = NULL, *save_fname;
size_t fname_len, alias_len = 0;
int arch_len, entry_len, is_data;
size_t arch_len, entry_len;
zend_bool is_data;
zend_long flags = SPL_FILE_DIR_SKIPDOTS|SPL_FILE_DIR_UNIXPATHS;
zend_long format = 0;
phar_archive_object *phar_obj;
@ -1168,16 +1148,13 @@ PHP_METHOD(Phar, __construct)
}
}
if (ZEND_SIZE_T_INT_OVFL(alias_len) || ZEND_SIZE_T_INT_OVFL(fname_len)) {
RETURN_FALSE;
}
if (phar_obj->archive) {
zend_throw_exception_ex(spl_ce_BadMethodCallException, 0, "Cannot call constructor twice");
return;
}
save_fname = fname;
if (SUCCESS == phar_split_fname(fname, (int)fname_len, &arch, &arch_len, &entry, &entry_len, !is_data, 2)) {
if (SUCCESS == phar_split_fname(fname, fname_len, &arch, &arch_len, &entry, &entry_len, !is_data, 2)) {
/* use arch (the basename for the archive) for fname instead of fname */
/* this allows support for RecursiveDirectoryIterator of subdirectories */
#ifdef PHP_WIN32
@ -1194,7 +1171,7 @@ PHP_METHOD(Phar, __construct)
#endif
}
if (phar_open_or_create_filename(fname, (int)fname_len, alias, (int)alias_len, is_data, REPORT_ERRORS, &phar_data, &error) == FAILURE) {
if (phar_open_or_create_filename(fname, fname_len, alias, alias_len, is_data, REPORT_ERRORS, &phar_data, &error) == FAILURE) {
if (fname == arch && fname != save_fname) {
efree(arch);
@ -1331,22 +1308,19 @@ PHP_METHOD(Phar, unlinkArchive)
{
char *fname, *error, *zname, *arch, *entry;
size_t fname_len;
int zname_len, arch_len, entry_len;
size_t zname_len, arch_len, entry_len;
phar_archive_data *phar;
if (zend_parse_parameters(ZEND_NUM_ARGS(), "p", &fname, &fname_len) == FAILURE) {
RETURN_FALSE;
}
if (ZEND_SIZE_T_INT_OVFL(fname_len)) {
RETURN_FALSE;
}
if (!fname_len) {
zend_throw_exception_ex(phar_ce_PharException, 0, "Unknown phar archive \"\"");
return;
}
if (FAILURE == phar_open_from_filename(fname, (int)fname_len, NULL, 0, REPORT_ERRORS, &phar, &error)) {
if (FAILURE == phar_open_from_filename(fname, fname_len, NULL, 0, REPORT_ERRORS, &phar, &error)) {
if (error) {
zend_throw_exception_ex(phar_ce_PharException, 0, "Unknown phar archive \"%s\": %s", fname, error);
efree(error);
@ -1357,7 +1331,7 @@ PHP_METHOD(Phar, unlinkArchive)
}
zname = (char*)zend_get_executed_filename();
zname_len = (int)strlen(zname);
zname_len = strlen(zname);
if (zname_len > 7 && !memcmp(zname, "phar://", 7) && SUCCESS == phar_split_fname(zname, zname_len, &arch, &arch_len, &entry, &entry_len, 2, 0)) {
if ((size_t)arch_len == fname_len && !memcmp(arch, fname, arch_len)) {
@ -1431,7 +1405,7 @@ static int phar_build(zend_object_iterator *iter, void *puser) /* {{{ */
zval *value;
zend_bool close_fp = 1;
struct _phar_t *p_obj = (struct _phar_t*) puser;
uint32_t str_key_len, base_len = p_obj->l;
size_t str_key_len, base_len = p_obj->l;
phar_entry_data *data;
php_stream *fp;
size_t fname_len;
@ -1479,13 +1453,7 @@ static int phar_build(zend_object_iterator *iter, void *puser) /* {{{ */
return ZEND_HASH_APPLY_STOP;
}
if (ZEND_SIZE_T_INT_OVFL(Z_STRLEN(key))) {
zval_dtor(&key);
zend_throw_exception_ex(spl_ce_UnexpectedValueException, 0, "Iterator %s returned an invalid key (too long)", ZSTR_VAL(ce->name));
return ZEND_HASH_APPLY_STOP;
}
str_key_len = (int)Z_STRLEN(key);
str_key_len = Z_STRLEN(key);
str_key = estrndup(Z_STRVAL(key), str_key_len);
save = str_key;
@ -1568,7 +1536,7 @@ phar_spl_fileinfo:
}
base = temp;
base_len = (int)strlen(base);
base_len = strlen(base);
if (strstr(fname, base)) {
str_key_len = fname_len - base_len;
@ -1613,13 +1581,7 @@ phar_spl_fileinfo:
return ZEND_HASH_APPLY_STOP;
}
if (ZEND_SIZE_T_INT_OVFL(Z_STRLEN(key))) {
zval_dtor(&key);
zend_throw_exception_ex(spl_ce_UnexpectedValueException, 0, "Iterator %s returned an invalid key (too long)", ZSTR_VAL(ce->name));
return ZEND_HASH_APPLY_STOP;
}
str_key_len = (int)Z_STRLEN(key);
str_key_len = Z_STRLEN(key);
str_key = estrndup(Z_STRVAL(key), str_key_len);
save = str_key;
@ -2041,7 +2003,7 @@ static zend_object *phar_rename_archive(phar_archive_data **sphar, char *ext) /*
zend_class_entry *ce;
char *error;
const char *pcr_error;
int ext_len = ext ? strlen(ext) : 0;
size_t ext_len = ext ? strlen(ext) : 0;
size_t new_len, oldname_len, phar_ext_len;
phar_archive_data *pphar = NULL;
php_stream_statbuf ssb;
@ -2167,14 +2129,7 @@ static zend_object *phar_rename_archive(phar_archive_data **sphar, char *ext) /*
basepath = estrndup(oldpath, (strlen(oldpath) - oldname_len));
new_len = spprintf(&newpath, 0, "%s%s", basepath, newname);
if (ZEND_SIZE_T_INT_OVFL(new_len)) {
efree(oldpath);
efree(basepath);
efree(newpath);
zend_throw_exception_ex(spl_ce_BadMethodCallException, 0, "New name is too long");
return NULL;
}
phar->fname_len = (int)new_len;
phar->fname_len = new_len;
phar->fname = newpath;
phar->ext = newpath + phar->fname_len - strlen(ext) - 1;
efree(basepath);
@ -2215,11 +2170,12 @@ its_ok:
return NULL;
}
if (!phar->is_data) {
if (SUCCESS != phar_detect_phar_fname_ext(newpath, phar->fname_len, (const char **) &(phar->ext), &(phar->ext_len), 1, 1, 1)) {
if (SUCCESS != phar_detect_phar_fname_ext(newpath, phar->fname_len, (const char **) &(phar->ext), &ext_len, 1, 1, 1)) {
efree(oldpath);
zend_throw_exception_ex(spl_ce_BadMethodCallException, 0, "phar \"%s\" has invalid extension %s", phar->fname, ext);
return NULL;
}
phar->ext_len = ext_len;
if (phar->alias) {
if (phar->is_temporary_alias) {
@ -2227,7 +2183,7 @@ its_ok:
phar->alias_len = 0;
} else {
phar->alias = estrndup(newpath, strlen(newpath));
phar->alias_len = (int)strlen(newpath);
phar->alias_len = strlen(newpath);
phar->is_temporary_alias = 1;
zend_hash_str_update_ptr(&(PHAR_G(phar_alias_map)), newpath, phar->fname_len, phar);
}
@ -2235,11 +2191,12 @@ its_ok:
} else {
if (SUCCESS != phar_detect_phar_fname_ext(newpath, phar->fname_len, (const char **) &(phar->ext), &(phar->ext_len), 0, 1, 1)) {
if (SUCCESS != phar_detect_phar_fname_ext(newpath, phar->fname_len, (const char **) &(phar->ext), &ext_len, 0, 1, 1)) {
efree(oldpath);
zend_throw_exception_ex(spl_ce_BadMethodCallException, 0, "data phar \"%s\" has invalid extension %s", phar->fname, ext);
return NULL;
}
phar->ext_len = ext_len;
phar->alias = NULL;
phar->alias_len = 0;
@ -2490,7 +2447,7 @@ PHP_METHOD(Phar, convertToExecutable)
is_data = phar_obj->archive->is_data;
phar_obj->archive->is_data = 0;
ret = phar_convert_to_other(phar_obj->archive, (int)format, ext, flags);
ret = phar_convert_to_other(phar_obj->archive, format, ext, flags);
phar_obj->archive->is_data = is_data;
if (ret) {
@ -2774,15 +2731,12 @@ PHP_METHOD(Phar, setAlias)
}
if (zend_parse_parameters(ZEND_NUM_ARGS(), "s", &alias, &alias_len) == SUCCESS) {
if (ZEND_SIZE_T_INT_OVFL(alias_len)) {
RETURN_FALSE;
}
if (alias_len == (size_t)phar_obj->archive->alias_len && memcmp(phar_obj->archive->alias, alias, alias_len) == 0) {
if (alias_len == phar_obj->archive->alias_len && memcmp(phar_obj->archive->alias, alias, alias_len) == 0) {
RETURN_TRUE;
}
if (alias_len && NULL != (fd_ptr = zend_hash_str_find_ptr(&(PHAR_G(phar_alias_map)), alias, alias_len))) {
spprintf(&error, 0, "alias \"%s\" is already used for archive \"%s\" and cannot be used for other archives", alias, fd_ptr->fname);
if (SUCCESS == phar_free_alias(fd_ptr, alias, (int)alias_len)) {
if (SUCCESS == phar_free_alias(fd_ptr, alias, alias_len)) {
efree(error);
goto valid_alias;
}
@ -2790,7 +2744,7 @@ PHP_METHOD(Phar, setAlias)
efree(error);
RETURN_FALSE;
}
if (!phar_validate_alias(alias, (int)alias_len)) {
if (!phar_validate_alias(alias, alias_len)) {
zend_throw_exception_ex(spl_ce_UnexpectedValueException, 0,
"Invalid alias \"%s\" specified for phar \"%s\"", alias, phar_obj->archive->fname);
RETURN_FALSE;
@ -2815,13 +2769,13 @@ valid_alias:
phar_obj->archive->alias = NULL;
}
phar_obj->archive->alias_len = (int)alias_len;
phar_obj->archive->alias_len = alias_len;
phar_obj->archive->is_temporary_alias = 0;
phar_flush(phar_obj->archive, NULL, 0, 0, &error);
if (error) {
phar_obj->archive->alias = oldalias;
phar_obj->archive->alias_len = (int)oldalias_len;
phar_obj->archive->alias_len = oldalias_len;
phar_obj->archive->is_temporary_alias = old_temp;
zend_throw_exception_ex(phar_ce_PharException, 0, "%s", error);
if (readd) {
@ -3093,11 +3047,6 @@ PHP_METHOD(Phar, setSignatureAlgorithm)
if (zend_parse_parameters_ex(ZEND_PARSE_PARAMS_QUIET, ZEND_NUM_ARGS(), "l|s", &algo, &key, &key_len) != SUCCESS) {
return;
}
if (ZEND_SIZE_T_INT_OVFL(key_len)) {
zend_throw_exception_ex(spl_ce_UnexpectedValueException, 0,
"Cannot set signature algorithm, key too long");
return;
}
switch (algo) {
case PHAR_SIG_SHA256:
@ -3117,7 +3066,7 @@ PHP_METHOD(Phar, setSignatureAlgorithm)
phar_obj->archive->sig_flags = (php_uint32)algo;
phar_obj->archive->is_modified = 1;
PHAR_G(openssl_privatekey) = key;
PHAR_G(openssl_privatekey_len) = (int)key_len;
PHAR_G(openssl_privatekey_len) = key_len;
phar_flush(phar_obj->archive, 0, 0, 0, &error);
if (error) {
@ -3491,16 +3440,13 @@ PHP_METHOD(Phar, copy)
const char *pcr_error;
size_t oldfile_len, newfile_len;
phar_entry_info *oldentry, newentry = {0}, *temp;
int tmp_len = 0;
size_t tmp_len = 0;
PHAR_ARCHIVE_OBJECT();
if (zend_parse_parameters(ZEND_NUM_ARGS(), "pp", &oldfile, &oldfile_len, &newfile, &newfile_len) == FAILURE) {
return;
}
if (ZEND_SIZE_T_INT_OVFL(newfile_len)) {
RETURN_FALSE;
}
if (PHAR_G(readonly) && !phar_obj->archive->is_data) {
zend_throw_exception_ex(spl_ce_UnexpectedValueException, 0,
"Cannot copy \"%s\" to \"%s\", phar is read-only", oldfile, newfile);
@ -3535,7 +3481,7 @@ PHP_METHOD(Phar, copy)
}
}
tmp_len = (int)newfile_len;
tmp_len = newfile_len;
if (phar_path_check(&newfile, &tmp_len, &pcr_error) > pcr_is_ok) {
zend_throw_exception_ex(spl_ce_UnexpectedValueException, 0,
"file \"%s\" contains invalid characters %s, cannot be copied from \"%s\" in phar %s", newfile, pcr_error, oldfile, phar_obj->archive->fname);
@ -3560,7 +3506,7 @@ PHP_METHOD(Phar, copy)
}
newentry.filename = estrndup(newfile, newfile_len);
newentry.filename_len = (int)newfile_len;
newentry.filename_len = newfile_len;
newentry.fp_refcount = 0;
if (oldentry->fp_type != PHAR_FP) {
@ -3600,9 +3546,6 @@ PHP_METHOD(Phar, offsetExists)
if (zend_parse_parameters(ZEND_NUM_ARGS(), "p", &fname, &fname_len) == FAILURE) {
return;
}
if (ZEND_SIZE_T_INT_OVFL(fname_len)) {
RETURN_FALSE;
}
if (zend_hash_str_exists(&phar_obj->archive->manifest, fname, (uint32_t) fname_len)) {
if (NULL != (entry = zend_hash_str_find_ptr(&phar_obj->archive->manifest, fname, (uint32_t) fname_len))) {
@ -3642,12 +3585,8 @@ PHP_METHOD(Phar, offsetGet)
return;
}
if (ZEND_SIZE_T_INT_OVFL(fname_len)) {
RETURN_FALSE;
}
/* security is 0 here so that we can get a better error message than "entry doesn't exist" */
if (!(entry = phar_get_entry_info_dir(phar_obj->archive, fname, (int)fname_len, 1, &error, 0))) {
if (!(entry = phar_get_entry_info_dir(phar_obj->archive, fname, fname_len, 1, &error, 0))) {
zend_throw_exception_ex(spl_ce_BadMethodCallException, 0, "Entry %s does not exist%s%s", fname, error?", ":"", error?error:"");
} else {
if (fname_len == sizeof(".phar/stub.php")-1 && !memcmp(fname, ".phar/stub.php", sizeof(".phar/stub.php")-1)) {
@ -3680,15 +3619,15 @@ PHP_METHOD(Phar, offsetGet)
/* {{{ add a file within the phar archive from a string or resource
*/
static void phar_add_file(phar_archive_data **pphar, char *filename, int filename_len, char *cont_str, size_t cont_len, zval *zresource)
static void phar_add_file(phar_archive_data **pphar, char *filename, size_t filename_len, char *cont_str, size_t cont_len, zval *zresource)
{
int start_pos=0;
size_t start_pos=0;
char *error;
size_t contents_len;
phar_entry_data *data;
php_stream *contents_file;
if (filename_len >= (int)sizeof(".phar")-1) {
if (filename_len >= sizeof(".phar")-1) {
start_pos = ('/' == filename[0] ? 1 : 0); /* account for any leading slash: multiple-leads handled elsewhere */
if (!memcmp(&filename[start_pos], ".phar", sizeof(".phar")-1) && (filename[start_pos+5] == '/' || filename[start_pos+5] == '\\' || filename[start_pos+5] == '\0')) {
zend_throw_exception_ex(spl_ce_BadMethodCallException, 0, "Cannot create any files in magic \".phar\" directory");
@ -3744,7 +3683,7 @@ static void phar_add_file(phar_archive_data **pphar, char *filename, int filenam
/* {{{ create a directory within the phar archive
*/
static void phar_mkdir(phar_archive_data **pphar, char *dirname, int dirname_len)
static void phar_mkdir(phar_archive_data **pphar, char *dirname, size_t dirname_len)
{
char *error;
phar_entry_data *data;
@ -3797,9 +3736,6 @@ PHP_METHOD(Phar, offsetSet)
&& zend_parse_parameters(ZEND_NUM_ARGS(), "ps", &fname, &fname_len, &cont_str, &cont_len) == FAILURE) {
return;
}
if (ZEND_SIZE_T_INT_OVFL(fname_len)) {
RETURN_FALSE;
}
if (fname_len == sizeof(".phar/stub.php")-1 && !memcmp(fname, ".phar/stub.php", sizeof(".phar/stub.php")-1)) {
zend_throw_exception_ex(spl_ce_BadMethodCallException, 0, "Cannot set stub \".phar/stub.php\" directly in phar \"%s\", use setStub", phar_obj->archive->fname);
return;
@ -3815,7 +3751,7 @@ PHP_METHOD(Phar, offsetSet)
return;
}
phar_add_file(&(phar_obj->archive), fname, (int)fname_len, cont_str, cont_len, zresource);
phar_add_file(&(phar_obj->archive), fname, fname_len, cont_str, cont_len, zresource);
}
/* }}} */
@ -3837,9 +3773,6 @@ PHP_METHOD(Phar, offsetUnset)
if (zend_parse_parameters(ZEND_NUM_ARGS(), "p", &fname, &fname_len) == FAILURE) {
return;
}
if (ZEND_SIZE_T_INT_OVFL(fname_len)) {
RETURN_FALSE;
}
if (zend_hash_str_exists(&phar_obj->archive->manifest, fname, (uint32_t) fname_len)) {
if (NULL != (entry = zend_hash_str_find_ptr(&phar_obj->archive->manifest, fname, (uint32_t) fname_len))) {
@ -3887,16 +3820,13 @@ PHP_METHOD(Phar, addEmptyDir)
if (zend_parse_parameters(ZEND_NUM_ARGS(), "p", &dirname, &dirname_len) == FAILURE) {
return;
}
if (ZEND_SIZE_T_INT_OVFL(dirname_len)) {
RETURN_FALSE;
}
if (dirname_len >= sizeof(".phar")-1 && !memcmp(dirname, ".phar", sizeof(".phar")-1)) {
zend_throw_exception_ex(spl_ce_BadMethodCallException, 0, "Cannot create a directory in magic \".phar\" directory");
return;
}
phar_mkdir(&phar_obj->archive, dirname, (int)dirname_len);
phar_mkdir(&phar_obj->archive, dirname, dirname_len);
}
/* }}} */
@ -3915,9 +3845,6 @@ PHP_METHOD(Phar, addFile)
if (zend_parse_parameters(ZEND_NUM_ARGS(), "p|s", &fname, &fname_len, &localname, &localname_len) == FAILURE) {
return;
}
if (ZEND_SIZE_T_INT_OVFL(fname_len)) {
RETURN_FALSE;
}
if (!strstr(fname, "://") && php_check_open_basedir(fname)) {
zend_throw_exception_ex(spl_ce_RuntimeException, 0, "phar error: unable to open file \"%s\" to add to phar archive, open_basedir restrictions prevent this", fname);
@ -3935,7 +3862,7 @@ PHP_METHOD(Phar, addFile)
}
php_stream_to_zval(resource, &zresource);
phar_add_file(&(phar_obj->archive), fname, (int)fname_len, NULL, 0, &zresource);
phar_add_file(&(phar_obj->archive), fname, fname_len, NULL, 0, &zresource);
zval_ptr_dtor(&zresource);
}
/* }}} */
@ -3953,11 +3880,8 @@ PHP_METHOD(Phar, addFromString)
if (zend_parse_parameters(ZEND_NUM_ARGS(), "ps", &localname, &localname_len, &cont_str, &cont_len) == FAILURE) {
return;
}
if (ZEND_SIZE_T_INT_OVFL(localname_len)) {
RETURN_FALSE;
}
phar_add_file(&(phar_obj->archive), localname, (int)localname_len, cont_str, cont_len, NULL);
phar_add_file(&(phar_obj->archive), localname, localname_len, cont_str, cont_len, NULL);
}
/* }}} */
@ -4504,7 +4428,7 @@ PHP_METHOD(PharFileInfo, __construct)
{
char *fname, *arch, *entry, *error;
size_t fname_len;
int arch_len, entry_len;
size_t arch_len, entry_len;
phar_entry_object *entry_obj;
phar_entry_info *entry_info;
phar_archive_data *phar_data;
@ -4521,7 +4445,7 @@ PHP_METHOD(PharFileInfo, __construct)
return;
}
if (fname_len < 7 || memcmp(fname, "phar://", 7) || phar_split_fname(fname, (int)fname_len, &arch, &arch_len, &entry, &entry_len, 2, 0) == FAILURE) {
if (fname_len < 7 || memcmp(fname, "phar://", 7) || phar_split_fname(fname, fname_len, &arch, &arch_len, &entry, &entry_len, 2, 0) == FAILURE) {
zend_throw_exception_ex(spl_ce_RuntimeException, 0,
"'%s' is not a valid phar archive URL (must have at least phar://filename.phar)", fname);
return;

4
ext/phar/phar_path_check.c
View File

@ -1,4 +1,4 @@
/* Generated by re2c 0.16 */
/* Generated by re2c 1.0.3 */
#line 1 "ext/phar/phar_path_check.re"
/*
+----------------------------------------------------------------------+
@ -22,7 +22,7 @@
#include "phar_internal.h"
phar_path_check_result phar_path_check(char **s, int *len, const char **error)
phar_path_check_result phar_path_check(char **s, size_t *len, const char **error)
{
const unsigned char *p = (const unsigned char*)*s;
const unsigned char *m;

2
ext/phar/phar_path_check.re
View File

@ -20,7 +20,7 @@
#include "phar_internal.h"
phar_path_check_result phar_path_check(char **s, int *len, const char **error)
phar_path_check_result phar_path_check(char **s, size_t *len, const char **error)
{
const unsigned char *p = (const unsigned char*)*s;
const unsigned char *m;

2
ext/phar/php_phar.h
View File

@ -34,7 +34,7 @@ extern zend_module_entry phar_module_entry;
#define PHP_PHAR_API PHPAPI
#endif
PHP_PHAR_API int phar_resolve_alias(char *alias, int alias_len, char **filename, int *filename_len);
PHP_PHAR_API int phar_resolve_alias(char *alias, size_t alias_len, char **filename, size_t *filename_len);
#endif /* PHP_PHAR_H */

10
ext/phar/stream.c
View File

@ -61,7 +61,7 @@ php_url* phar_parse_url(php_stream_wrapper *wrapper, const char *filename, const
{
php_url *resource;
char *arch = NULL, *entry = NULL, *error;
int arch_len, entry_len;
size_t arch_len, entry_len;
if (strlen(filename) < 7 || strncasecmp(filename, "phar://", 7)) {
return NULL;
@ -382,7 +382,7 @@ static size_t phar_stream_read(php_stream *stream, char *buf, size_t count) /* {
/* use our proxy position */
php_stream_seek(data->fp, data->position + data->zero, SEEK_SET);
got = php_stream_read(data->fp, buf, MIN(count, entry->uncompressed_filesize - data->position));
got = php_stream_read(data->fp, buf, MIN(count, (size_t)(entry->uncompressed_filesize - data->position)));
data->position = php_stream_tell(data->fp) - data->zero;
stream->eof = (data->position == (zend_off_t) entry->uncompressed_filesize);
@ -559,7 +559,7 @@ static int phar_wrapper_stat(php_stream_wrapper *wrapper, const char *url, int f
phar_archive_data *phar;
phar_entry_info *entry;
uint32_t host_len;
int internal_file_len;
size_t internal_file_len;
if ((resource = phar_parse_url(wrapper, url, "r", flags|PHP_STREAM_URL_STAT_QUIET)) == NULL) {
return FAILURE;
@ -618,11 +618,11 @@ static int phar_wrapper_stat(php_stream_wrapper *wrapper, const char *url, int f
zend_string *str_key;
ZEND_HASH_FOREACH_STR_KEY(&phar->mounted_dirs, str_key) {
if ((int)ZSTR_LEN(str_key) >= internal_file_len || strncmp(ZSTR_VAL(str_key), internal_file, ZSTR_LEN(str_key))) {
if (ZSTR_LEN(str_key) >= internal_file_len || strncmp(ZSTR_VAL(str_key), internal_file, ZSTR_LEN(str_key))) {
continue;
} else {
char *test;
int test_len;
size_t test_len;
php_stream_statbuf ssbi;
if (NULL == (entry = zend_hash_find_ptr(&phar->manifest, str_key))) {

23
ext/phar/tar.c
View File

@ -19,7 +19,7 @@
#include "phar_internal.h"
static uint32_t phar_tar_number(char *buf, int len) /* {{{ */
static uint32_t phar_tar_number(char *buf, size_t len) /* {{{ */
{
uint32_t num = 0;
int i = 0;
@ -84,7 +84,7 @@ static int phar_tar_octal(char *buf, uint32_t val, int len) /* {{{ */
}
/* }}} */
static uint32_t phar_tar_checksum(char *buf, int len) /* {{{ */
static uint32_t phar_tar_checksum(char *buf, size_t len) /* {{{ */
{
uint32_t sum = 0;
char *end = buf + len;
@ -124,7 +124,7 @@ int phar_is_tar(char *buf, char *fname) /* {{{ */
}
/* }}} */
int phar_open_or_create_tar(char *fname, int fname_len, char *alias, int alias_len, int is_data, int options, phar_archive_data** pphar, char **error) /* {{{ */
int phar_open_or_create_tar(char *fname, size_t fname_len, char *alias, size_t alias_len, int is_data, uint32_t options, phar_archive_data** pphar, char **error) /* {{{ */
{
phar_archive_data *phar;
int ret = phar_create_or_parse_filename(fname, fname_len, alias, alias_len, is_data, options, &phar, error);
@ -202,7 +202,7 @@ static size_t strnlen(const char *s, size_t maxlen) {
}
#endif
int phar_parse_tarfile(php_stream* fp, char *fname, int fname_len, char *alias, int alias_len, phar_archive_data** pphar, int is_data, uint32_t compression, char **error) /* {{{ */
int phar_parse_tarfile(php_stream* fp, char *fname, size_t fname_len, char *alias, size_t alias_len, phar_archive_data** pphar, int is_data, uint32_t compression, char **error) /* {{{ */
{
char buf[512], *actual_alias = NULL, *p;
phar_entry_info entry = {0};
@ -211,7 +211,7 @@ int phar_parse_tarfile(php_stream* fp, char *fname, int fname_len, char *alias,
uint32_t sum1, sum2, size, old;
phar_archive_data *myphar, *actual;
int last_was_longlink = 0;
int linkname_len;
size_t linkname_len;
if (error) {
*error = NULL;
@ -274,6 +274,7 @@ int phar_parse_tarfile(php_stream* fp, char *fname, int fname_len, char *alias,
if (((!old && hdr->prefix[0] == 0) || old) && strnlen(hdr->name, 100) == sizeof(".phar/signature.bin")-1 && !strncmp(hdr->name, ".phar/signature.bin", sizeof(".phar/signature.bin")-1)) {
zend_off_t curloc;
size_t sig_len;
if (size > 511) {
if (error) {
@ -302,7 +303,7 @@ bail:
# define PHAR_GET_32(buffer) (uint32_t) *(buffer)
#endif
myphar->sig_flags = PHAR_GET_32(buf);
if (FAILURE == phar_verify_signature(fp, php_stream_tell(fp) - size - 512, myphar->sig_flags, buf + 8, size - 8, fname, &myphar->signature, &myphar->sig_len, error)) {
if (FAILURE == phar_verify_signature(fp, php_stream_tell(fp) - size - 512, myphar->sig_flags, buf + 8, size - 8, fname, &myphar->signature, &sig_len, error)) {
if (error) {
char *save = *error;
spprintf(error, 4096, "phar error: tar-based phar \"%s\" signature cannot be verified: %s", fname, save);
@ -310,6 +311,7 @@ bail:
}
goto bail;
}
myphar->sig_len = sig_len;
php_stream_seek(fp, curloc + 512, SEEK_SET);
/* signature checked out, let's ensure this is the last file in the phar */
if (((hdr->typeflag == '\0') || (hdr->typeflag == TAR_FILE)) && size > 0) {
@ -486,7 +488,7 @@ bail:
if (entry.tar_type == TAR_LINK) {
if (!zend_hash_str_exists(&myphar->manifest, hdr->linkname, linkname_len)) {
if (error) {
spprintf(error, 4096, "phar error: \"%s\" is a corrupted tar file - hard link to non-existent file \"%.*s\"", fname, linkname_len, hdr->linkname);
spprintf(error, 4096, "phar error: \"%s\" is a corrupted tar file - hard link to non-existent file \"%.*s\"", fname, (int)linkname_len, hdr->linkname);
}
pefree(entry.filename, entry.is_persistent);
php_stream_close(fp);
@ -946,7 +948,8 @@ int phar_tar_flush(phar_archive_data *phar, char *user_stub, zend_long len, int
phar_entry_info entry = {0};
static const char newstub[] = "<?php // tar-based phar archive stub file\n__HALT_COMPILER();";
php_stream *oldfile, *newfile, *stubfile;
int closeoldfile, free_user_stub, signature_length;
int closeoldfile, free_user_stub;
size_t signature_length;
struct _phar_pass_tar_info pass;
char *buf, *signature, *tmp, sigbuf[8];
char halt_stub[] = "__HALT_COMPILER();";
@ -983,7 +986,7 @@ int phar_tar_flush(phar_archive_data *phar, char *user_stub, zend_long len, int
spprintf(error, 0, "phar error: unable to create temporary file");
return -1;
}
if (phar->alias_len != (int)php_stream_write(entry.fp, phar->alias, phar->alias_len)) {
if (phar->alias_len != php_stream_write(entry.fp, phar->alias, phar->alias_len)) {
if (error) {
spprintf(error, 0, "unable to set alias in tar-based phar \"%s\"", phar->fname);
}
@ -1249,7 +1252,7 @@ nostub:
PHAR_SET_32(sigbuf, phar->sig_flags);
PHAR_SET_32(sigbuf + 4, signature_length);
if (8 != (int)php_stream_write(entry.fp, sigbuf, 8) || signature_length != (int)php_stream_write(entry.fp, signature, signature_length)) {
if (8 != php_stream_write(entry.fp, sigbuf, 8) || signature_length != php_stream_write(entry.fp, signature, signature_length)) {
efree(signature);
if (error) {
spprintf(error, 0, "phar error: unable to write signature to tar-based phar %s", phar->fname);

78
ext/phar/util.c
View File

@ -38,7 +38,7 @@
#include <openssl/ssl.h>
#include <openssl/pkcs12.h>
#else
static int phar_call_openssl_signverify(int is_sign, php_stream *fp, zend_off_t end, char *key, int key_len, char **signature, int *signature_len);
static int phar_call_openssl_signverify(int is_sign, php_stream *fp, zend_off_t end, char *key, size_t key_len, char **signature, size_t *signature_len);
#endif
/* for links to relative location, prepend cwd of the entry */
@ -167,7 +167,7 @@ int phar_seek_efp(phar_entry_info *entry, zend_off_t offset, int whence, zend_of
/* }}} */
/* mount an absolute path or uri to a path internal to the phar archive */
int phar_mount_entry(phar_archive_data *phar, char *filename, int filename_len, char *path, int path_len) /* {{{ */
int phar_mount_entry(phar_archive_data *phar, char *filename, size_t filename_len, char *path, size_t path_len) /* {{{ */
{
phar_entry_info entry = {0};
php_stream_statbuf ssb;
@ -178,7 +178,7 @@ int phar_mount_entry(phar_archive_data *phar, char *filename, int filename_len,
return FAILURE;
}
if (path_len >= (int)sizeof(".phar")-1 && !memcmp(path, ".phar", sizeof(".phar")-1)) {
if (path_len >= sizeof(".phar")-1 && !memcmp(path, ".phar", sizeof(".phar")-1)) {
/* no creating magic phar files by mounting them */
return FAILURE;
}
@ -243,11 +243,11 @@ int phar_mount_entry(phar_archive_data *phar, char *filename, int filename_len,
}
/* }}} */
zend_string *phar_find_in_include_path(char *filename, int filename_len, phar_archive_data **pphar) /* {{{ */
zend_string *phar_find_in_include_path(char *filename, size_t filename_len, phar_archive_data **pphar) /* {{{ */
{
zend_string *ret;
char *path, *fname, *arch, *entry, *test;
int arch_len, entry_len, fname_len;
size_t arch_len, entry_len, fname_len;
phar_archive_data *phar;
if (pphar) {
@ -277,7 +277,7 @@ zend_string *phar_find_in_include_path(char *filename, int filename_len, phar_ar
efree(entry);
if (*filename == '.') {
int try_len;
size_t try_len;
if (FAILURE == phar_get_archive(&phar, arch, arch_len, NULL, 0, NULL)) {
efree(arch);
@ -342,7 +342,7 @@ splitted:
* appended, truncated, or read. For read, if the entry is marked unmodified, it is
* assumed that the file pointer, if present, is opened for reading
*/
int phar_get_entry_data(phar_entry_data **ret, char *fname, int fname_len, char *path, int path_len, const char *mode, char allow_dir, char **error, int security) /* {{{ */
int phar_get_entry_data(phar_entry_data **ret, char *fname, size_t fname_len, char *path, size_t path_len, const char *mode, char allow_dir, char **error, int security) /* {{{ */
{
phar_archive_data *phar;
phar_entry_info *entry;
@ -508,7 +508,7 @@ really_get_entry:
/**
* Create a new dummy file slot within a writeable phar for a newly created file
*/
phar_entry_data *phar_get_or_create_entry_data(char *fname, int fname_len, char *path, int path_len, const char *mode, char allow_dir, char **error, int security) /* {{{ */
phar_entry_data *phar_get_or_create_entry_data(char *fname, size_t fname_len, char *path, size_t path_len, const char *mode, char allow_dir, char **error, int security) /* {{{ */
{
phar_archive_data *phar;
phar_entry_info *entry, etemp;
@ -920,7 +920,7 @@ phar_entry_info * phar_open_jit(phar_archive_data *phar, phar_entry_info *entry,
}
/* }}} */
PHP_PHAR_API int phar_resolve_alias(char *alias, int alias_len, char **filename, int *filename_len) /* {{{ */ {
PHP_PHAR_API int phar_resolve_alias(char *alias, size_t alias_len, char **filename, size_t *filename_len) /* {{{ */ {
phar_archive_data *fd_ptr;
if (HT_FLAGS(&PHAR_G(phar_alias_map))
&& NULL != (fd_ptr = zend_hash_str_find_ptr(&(PHAR_G(phar_alias_map)), alias, alias_len))) {
@ -932,7 +932,7 @@ PHP_PHAR_API int phar_resolve_alias(char *alias, int alias_len, char **filename,
}
/* }}} */
int phar_free_alias(phar_archive_data *phar, char *alias, int alias_len) /* {{{ */
int phar_free_alias(phar_archive_data *phar, char *alias, size_t alias_len) /* {{{ */
{
if (phar->refcount || phar->is_persistent) {
return FAILURE;
@ -955,11 +955,11 @@ int phar_free_alias(phar_archive_data *phar, char *alias, int alias_len) /* {{{
* Looks up a phar archive in the filename map, connecting it to the alias
* (if any) or returns null
*/
int phar_get_archive(phar_archive_data **archive, char *fname, int fname_len, char *alias, int alias_len, char **error) /* {{{ */
int phar_get_archive(phar_archive_data **archive, char *fname, size_t fname_len, char *alias, size_t alias_len, char **error) /* {{{ */
{
phar_archive_data *fd, *fd_ptr;
char *my_realpath, *save;
int save_len;
size_t save_len;
phar_request_initialize();
@ -1199,7 +1199,7 @@ char * phar_decompress_filter(phar_entry_info * entry, int return_unknown) /* {{
/**
* retrieve information on a file contained within a phar, or null if it ain't there
*/
phar_entry_info *phar_get_entry_info(phar_archive_data *phar, char *path, int path_len, char **error, int security) /* {{{ */
phar_entry_info *phar_get_entry_info(phar_archive_data *phar, char *path, size_t path_len, char **error, int security) /* {{{ */
{
return phar_get_entry_info_dir(phar, path, path_len, 0, error, security);
}
@ -1209,7 +1209,7 @@ phar_entry_info *phar_get_entry_info(phar_archive_data *phar, char *path, int pa
* allow_dir is 0 for none, 1 for both empty directories in the phar and temp directories, and 2 for only
* valid pre-existing empty directory entries
*/
phar_entry_info *phar_get_entry_info_dir(phar_archive_data *phar, char *path, int path_len, char dir, char **error, int security) /* {{{ */
phar_entry_info *phar_get_entry_info_dir(phar_archive_data *phar, char *path, size_t path_len, char dir, char **error, int security) /* {{{ */
{
const char *pcr_error;
phar_entry_info *entry;
@ -1225,7 +1225,7 @@ phar_entry_info *phar_get_entry_info_dir(phar_archive_data *phar, char *path, in
*error = NULL;
}
if (security && path_len >= (int)sizeof(".phar")-1 && !memcmp(path, ".phar", sizeof(".phar")-1)) {
if (security && path_len >= sizeof(".phar")-1 && !memcmp(path, ".phar", sizeof(".phar")-1)) {
if (error) {
spprintf(error, 4096, "phar error: cannot directly access magic \".phar\" directory or files within it");
}
@ -1295,11 +1295,11 @@ phar_entry_info *phar_get_entry_info_dir(phar_archive_data *phar, char *path, in
zend_string *str_key;
ZEND_HASH_FOREACH_STR_KEY(&phar->mounted_dirs, str_key) {
if ((int)ZSTR_LEN(str_key) >= path_len || strncmp(ZSTR_VAL(str_key), path, ZSTR_LEN(str_key))) {
if (ZSTR_LEN(str_key) >= path_len || strncmp(ZSTR_VAL(str_key), path, ZSTR_LEN(str_key))) {
continue;
} else {
char *test;
int test_len;
size_t test_len;
php_stream_statbuf ssb;
if (NULL == (entry = zend_hash_find_ptr(&phar->manifest, str_key))) {
@ -1385,7 +1385,7 @@ static int phar_hex_str(const char *digest, size_t digest_len, char **signature)
/* }}} */
#ifndef PHAR_HAVE_OPENSSL
static int phar_call_openssl_signverify(int is_sign, php_stream *fp, zend_off_t end, char *key, int key_len, char **signature, int *signature_len) /* {{{ */
static int phar_call_openssl_signverify(int is_sign, php_stream *fp, zend_off_t end, char *key, size_t key_len, char **signature, size_t *signature_len) /* {{{ */
{
zend_fcall_info fci;
zend_fcall_info_cache fcc;
@ -1473,9 +1473,9 @@ static int phar_call_openssl_signverify(int is_sign, php_stream *fp, zend_off_t
/* }}} */
#endif /* #ifndef PHAR_HAVE_OPENSSL */
int phar_verify_signature(php_stream *fp, size_t end_of_phar, uint32_t sig_type, char *sig, int sig_len, char *fname, char **signature, int *signature_len, char **error) /* {{{ */
int phar_verify_signature(php_stream *fp, size_t end_of_phar, uint32_t sig_type, char *sig, size_t sig_len, char *fname, char **signature, size_t *signature_len, char **error) /* {{{ */
{
int read_size, len;
size_t read_size, len;
zend_off_t read_len;
unsigned char buf[1024];
@ -1489,7 +1489,7 @@ int phar_verify_signature(php_stream *fp, size_t end_of_phar, uint32_t sig_type,
EVP_MD *mdtype = (EVP_MD *) EVP_sha1();
EVP_MD_CTX *md_ctx;
#else
int tempsig;
size_t tempsig;
#endif
zend_string *pubkey = NULL;
char *pfile;
@ -1567,7 +1567,7 @@ int phar_verify_signature(php_stream *fp, size_t end_of_phar, uint32_t sig_type,
if ((size_t)read_len > sizeof(buf)) {
read_size = sizeof(buf);
} else {
read_size = (int)read_len;
read_size = (size_t)read_len;
}
php_stream_seek(fp, 0, SEEK_SET);
@ -1577,7 +1577,7 @@ int phar_verify_signature(php_stream *fp, size_t end_of_phar, uint32_t sig_type,
read_len -= (zend_off_t)len;
if (read_len < read_size) {
read_size = (int)read_len;
read_size = (size_t)read_len;
}
}
@ -1616,14 +1616,14 @@ int phar_verify_signature(php_stream *fp, size_t end_of_phar, uint32_t sig_type,
if ((size_t)read_len > sizeof(buf)) {
read_size = sizeof(buf);
} else {
read_size = (int)read_len;
read_size = (size_t)read_len;
}
while ((len = php_stream_read(fp, (char*)buf, read_size)) > 0) {
PHP_SHA512Update(&context, buf, len);
read_len -= (zend_off_t)len;
if (read_len < read_size) {
read_size = (int)read_len;
if ((size_t)read_len < read_size) {
read_size = (size_t)read_len;
}
}
@ -1656,14 +1656,14 @@ int phar_verify_signature(php_stream *fp, size_t end_of_phar, uint32_t sig_type,
if ((size_t)read_len > sizeof(buf)) {
read_size = sizeof(buf);
} else {
read_size = (int)read_len;
read_size = (size_t)read_len;
}
while ((len = php_stream_read(fp, (char*)buf, read_size)) > 0) {
PHP_SHA256Update(&context, buf, len);
read_len -= (zend_off_t)len;
if (read_len < read_size) {
read_size = (int)read_len;
if ((size_t)read_len < read_size) {
read_size = (size_t)read_len;
}
}
@ -1704,14 +1704,14 @@ int phar_verify_signature(php_stream *fp, size_t end_of_phar, uint32_t sig_type,
if ((size_t)read_len > sizeof(buf)) {
read_size = sizeof(buf);
} else {
read_size = (int)read_len;
read_size = (size_t)read_len;
}
while ((len = php_stream_read(fp, (char*)buf, read_size)) > 0) {
PHP_SHA1Update(&context, buf, len);
read_len -= (zend_off_t)len;
if (read_len < read_size) {
read_size = (int)read_len;
if ((size_t)read_len < read_size) {
read_size = (size_t)read_len;
}
}
@ -1744,14 +1744,14 @@ int phar_verify_signature(php_stream *fp, size_t end_of_phar, uint32_t sig_type,
if ((size_t)read_len > sizeof(buf)) {
read_size = sizeof(buf);
} else {
read_size = (int)read_len;
read_size = (size_t)read_len;
}
while ((len = php_stream_read(fp, (char*)buf, read_size)) > 0) {
PHP_MD5Update(&context, buf, len);
read_len -= (zend_off_t)len;
if (read_len < read_size) {
read_size = (int)read_len;
if ((size_t)read_len < read_size) {
read_size = (size_t)read_len;
}
}
@ -1777,10 +1777,10 @@ int phar_verify_signature(php_stream *fp, size_t end_of_phar, uint32_t sig_type,
}
/* }}} */
int phar_create_signature(phar_archive_data *phar, php_stream *fp, char **signature, int *signature_length, char **error) /* {{{ */
int phar_create_signature(phar_archive_data *phar, php_stream *fp, char **signature, size_t *signature_length, char **error) /* {{{ */
{
unsigned char buf[1024];
int sig_len;
size_t sig_len;
php_stream_rewind(fp);
@ -1831,7 +1831,7 @@ int phar_create_signature(phar_archive_data *phar, php_stream *fp, char **signat
return FAILURE;
#endif
case PHAR_SIG_OPENSSL: {
int siglen;
size_t siglen;
unsigned char *sigbuf;
#ifdef PHAR_HAVE_OPENSSL
BIO *in;
@ -1945,7 +1945,7 @@ int phar_create_signature(phar_archive_data *phar, php_stream *fp, char **signat
}
/* }}} */
void phar_add_virtual_dirs(phar_archive_data *phar, char *filename, int filename_len) /* {{{ */
void phar_add_virtual_dirs(phar_archive_data *phar, char *filename, size_t filename_len) /* {{{ */
{
const char *s;
zend_string *str;

16
ext/phar/zip.c
View File

@ -45,7 +45,7 @@ static int phar_zip_process_extra(php_stream *fp, phar_entry_info *entry, uint16
phar_zip_extra_field_header header;
phar_zip_unix3 unix3;
} h;
int read;
size_t read;
do {
if (sizeof(h.header) != php_stream_read(fp, (char *) &h.header, sizeof(h.header))) {
@ -163,7 +163,7 @@ static void phar_zip_u2d_time(time_t time, char *dtime, char *ddate) /* {{{ */
* This is used by phar_open_from_fp to process a zip-based phar, but can be called
* directly.
*/
int phar_parse_zipfile(php_stream *fp, char *fname, int fname_len, char *alias, int alias_len, phar_archive_data** pphar, char **error) /* {{{ */
int phar_parse_zipfile(php_stream *fp, char *fname, size_t fname_len, char *alias, size_t alias_len, phar_archive_data** pphar, char **error) /* {{{ */
{
phar_zip_dir_end locator;
char buf[sizeof(locator) + 65536];
@ -396,6 +396,7 @@ foundit:
size_t read;
php_stream *sigfile;
char *sig;
size_t sig_len;
php_stream_tell(fp);
pefree(entry.filename, entry.is_persistent);
@ -423,7 +424,7 @@ foundit:
PHAR_ZIP_FAIL("signature cannot be read");
}
mydata->sig_flags = PHAR_GET_32(sig);
if (FAILURE == phar_verify_signature(sigfile, php_stream_tell(sigfile), mydata->sig_flags, sig + 8, entry.uncompressed_filesize - 8, fname, &mydata->signature, &mydata->sig_len, error)) {
if (FAILURE == phar_verify_signature(sigfile, php_stream_tell(sigfile), mydata->sig_flags, sig + 8, entry.uncompressed_filesize - 8, fname, &mydata->signature, &sig_len, error)) {
efree(sig);
if (error) {
char *save;
@ -436,6 +437,7 @@ foundit:
PHAR_ZIP_FAIL("signature cannot be verified");
}
}
mydata->sig_len = sig_len;
php_stream_close(sigfile);
efree(sig);
/* signature checked out, let's ensure this is the last file in the phar */
@ -740,7 +742,7 @@ foundit:
/**
* Create or open a zip-based phar for writing
*/
int phar_open_or_create_zip(char *fname, int fname_len, char *alias, int alias_len, int is_data, int options, phar_archive_data** pphar, char **error) /* {{{ */
int phar_open_or_create_zip(char *fname, size_t fname_len, char *alias, size_t alias_len, int is_data, uint32_t options, phar_archive_data** pphar, char **error) /* {{{ */
{
phar_archive_data *phar;
int ret = phar_create_or_parse_filename(fname, fname_len, alias, alias_len, is_data, options, &phar, error);
@ -1105,7 +1107,7 @@ static int phar_zip_applysignature(phar_archive_data *phar, struct _phar_zip_pas
{
/* add signature for executable tars or tars explicitly set with setSignatureAlgorithm */
if (!phar->is_data || phar->sig_flags) {
int signature_length;
size_t signature_length;
char *signature, sigbuf[8];
phar_entry_info entry = {0};
php_stream *newfile;
@ -1151,7 +1153,7 @@ static int phar_zip_applysignature(phar_archive_data *phar, struct _phar_zip_pas
PHAR_SET_32(sigbuf, phar->sig_flags);
PHAR_SET_32(sigbuf + 4, signature_length);
if (8 != (int)php_stream_write(entry.fp, sigbuf, 8) || signature_length != (int)php_stream_write(entry.fp, signature, signature_length)) {
if (Z_UL(8) != php_stream_write(entry.fp, sigbuf, 8) || signature_length != php_stream_write(entry.fp, signature, signature_length)) {
efree(signature);
if (pass->error) {
spprintf(pass->error, 0, "phar error: unable to write signature to zip-based phar %s", phar->fname);
@ -1220,7 +1222,7 @@ int phar_zip_flush(phar_archive_data *phar, char *user_stub, zend_long len, int
spprintf(error, 0, "phar error: unable to create temporary file");
return EOF;
}
if (phar->alias_len != (int)php_stream_write(entry.fp, phar->alias, phar->alias_len)) {
if (phar->alias_len != php_stream_write(entry.fp, phar->alias, phar->alias_len)) {
if (error) {
spprintf(error, 0, "unable to set alias in zip-based phar \"%s\"", phar->fname);
}