When a tar phar is created, `phar_open_from_fp()` is also called, but
since the file has just been created, none of the format checks can
succeed, so we continue to loop, but must not check again for the
format. Therefore, we bring back the old `test` variable.
Closes GH-9620.
The phar wrapper needs to uncompress the file; the uncompressed file
might be compressed, so the wrapper implementation loops. This raises
potential DOS issues regarding too deep or even infinite recursion (the
latter are called compressed file quines[1]). We avoid that by
introducing a recursion limit; we choose the somewhat arbitrary limit
`3`.
This issue has been reported by real_as3617 and gPayl0ad.
[1] <https://honno.dev/gzip-quine/>
ext/opcache/zend_accelerator_blacklist.c:295:4: error: ‘blacklist_path_length’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
While the reason-phrase in a HTTP response status line is usually
short, there is no actual limit specified by the RFCs. As such, we
must not assume that the line fits into the buffer (which is currently
128 bytes large).
Since there is no real need to present the complete status line, we
simply read and discard the rest of a long line.
Co-authored-by: Tim Düsterhus <timwolla@googlemail.com>
Closes GH-9319.
This fix is another solution to replace d0527427be, use zend_try and zend_catch to make sure persistent stream will be released when error occurred.
Closes GH-9332.
The comparator function used at ksort in SORT_REGULAR mode
need to be consistent with basic comparison rules. These rules
were changed in PHP-8.0 for numeric strings, but comparator
used at ksort kept the old behaviour. It leads to inconsistent
situations, when after ksort the first key is GREATER than some
of the next ones by according to the basic comparison operators.
Closes GH-9293.
The arguments 3 to 6 of the authorizer callback may be `NULL`[1], and
we have to properly deal with that. Instead of causing a segfault, we
deny authorization, which is still better than a crash, and apparently,
we cannot do better anyway.
[1] <https://www.sqlite.org/c3ref/set_authorizer.html>
Closes GH-9040.
If the blacklist file contains a line with a single double-quote, we
called `zend_strndup(pbuf, -1)` what causes an unnecessary bail out;
instead we just ignore that line.
If the blacklist file contains an empty line, we may have caused an OOB
read; instead we just ignore that line.
Closes GH-9036.
Not such as fix but taking more precautions.
Indeed, the arc4random has two little flaws in this platform,
one already caught upfront by the extension (ie size 0), also
internal use of ccrng_generate which can silently fail in few rare
cases.
Closes#7824.
