Merge branch 'PHP-7.4'

* PHP-7.4: Fix bug #77586 - phar_tar_writeheaders_int() buffer overflow Update NEWS Fix test error message Fix bug #77563 - Uninitialized read in exif_process_IFD_in_MAKERNOTE Fix bug #77540 - Invalid Read on exif_process_SOFn Fix integer overflows on 32-bits Fix #77431 SplFileInfo::__construct() accepts NUL bytes Fix bug #77396 - Null Pointer Dereference in phar_create_or_parse_filename
2026-03-30 20:22:36 +02:00 · 2019-03-03 23:34:00 -08:00
parent df98747cb3 071e18c697
commit d2a8904146
4 changed files with 31 additions and 3 deletions
--- a/ext/phar/tar.c
+++ b/ext/phar/tar.c
@@ -764,7 +764,12 @@ static int phar_tar_writeheaders_int(phar_entry_info *entry, void *argument) /*
 	header.typeflag = entry->tar_type;

 	if (entry->link) {
-		strncpy(header.linkname, entry->link, strlen(entry->link));
+		if (strlcpy(header.linkname, entry->link, sizeof(header.linkname)) >= sizeof(header.linkname)) {
+			if (fp->error) {
+				spprintf(fp->error, 4096, "tar-based phar \"%s\" cannot be created, link \"%s\" is too long for format", entry->phar->fname, entry->link);
+			}
+			return ZEND_HASH_APPLY_STOP;
+		}
 	}

 	strncpy(header.magic, "ustar", sizeof("ustar")-1);
--- a/ext/phar/tests/bug71488.phpt
+++ b/ext/phar/tests/bug71488.phpt
@@ -13,5 +13,6 @@ DONE
 <?php
@unlink(__DIR__."/bug71488.test");
 ?>
--EXPECT--
-DONE
+--EXPECTF--
+Fatal error: Uncaught BadMethodCallException: tar-based phar "%s/bug71488.test" cannot be created, link "%s" is too long for format in %sbug71488.php:%d
+Stack trace:%A
--- a/ext/phar/tests/bug77586.phpt
+++ b/ext/phar/tests/bug77586.phpt
@@ -0,0 +1,21 @@
+--TEST--
+Bug #77586 Symbolic link names in tar-formatted phar must be less than 100 bytes.
+--SKIPIF--
+<?php if (!extension_loaded("phar") || true /* blocked by bug 65332 */) die("skip"); ?>
+--FILE--
+<?php
+$dir = __DIR__."/bug77586";
+$phar = new PharData($dir . "/bug77586.tar");
+$phar->buildFromDirectory($dir . "/files");
+?>
+--CLEAN--
+<?php
+$dir = __DIR__."/bug77586";
+unlink($dir . "/bug77586.tar");
+?>
+--EXPECTF--
+Fatal error: Uncaught PharException: tar-based phar "%s/bug77586.tar" cannot be created, link "%s" is too long for format %s
+Stack trace:
+#0 %s/bug77586.php(%d): PharData->buildFromDirectory('%s')
+#1 {main}
+  thrown in %s/bug77586.php %s on line %d
--- a/ext/phar/tests/bug77586/files/link-nktarAMLdJBv7BGYnpzg-ZDycSpWN3Ne3kacltOSE-EqfhStJ1EoBpGuoua6VE-dne29hvpNWXiVbepwIf8-NRHWM9LITLo3nXZnKVNC
+++ b/ext/phar/tests/bug77586/files/link-nktarAMLdJBv7BGYnpzg-ZDycSpWN3Ne3kacltOSE-EqfhStJ1EoBpGuoua6VE-dne29hvpNWXiVbepwIf8-NRHWM9LITLo3nXZnKVNC
@@ -0,0 +1 @@
+target