Commit b8ee4c2

committed

Merge branch 'PHP-8.4'

* PHP-8.4: Fix GH-17518: offset overflow phar extractTo()

2 parents 675f359 + 7cc8719 commit b8ee4c2Copy full SHA for b8ee4c2

File tree

+24

-1

lines changed

+24

-1

lines changed

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -4327,7 +4327,7 @@ static int extract_helper(phar_archive_data archive, zend_string search, char`
`4327`	`4327`	`if (FAILURE == phar_extract_file(overwrite, entry, pathto, pathto_len, error)) return -1;`
`4328`	`4328`	`extracted++;`
`4329`	`4329`	`} ZEND_HASH_FOREACH_END();`
`4330`		`- } else if ('/' == ZSTR_VAL(search)[ZSTR_LEN(search) - 1]) {`
	`4330`	`+ } else if (ZSTR_LEN(search) >0&&'/' == ZSTR_VAL(search)[ZSTR_LEN(search) - 1]) {`
`4331`	`4331`	`/* ends in "/" -- extract all entries having that prefix */`
`4332`	`4332`	`ZEND_HASH_MAP_FOREACH_PTR(&archive->manifest, entry) {`
`4333`	`4333`	`if (!zend_string_starts_with(entry->filename, search)) continue;`

Lines changed: 23 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,23 @@`
	`1`	`+--TEST--`
	`2`	`+GH-17518 (offset overflow phar extractTo())`
	`3`	`+--EXTENSIONS--`
	`4`	`+phar`
	`5`	`+--INI--`
	`6`	`+phar.readonly=0`
	`7`	`+--FILE--`
	`8`	`+<?php`
	`9`	`+$fname = __DIR__.'/gh17518.phar.php';`
	`10`	`+$phar = new Phar($fname);`
	`11`	`+$phar['a'] = 'b';`
	`12`	`+try {`
	`13`	`+ $phar->extractTo(__DIR__ . '/gh17518', '');`
	`14`	`+} catch (Throwable $e) {`
	`15`	`+ echo $e::class, ": ", $e->getMessage(), "\n";`
	`16`	`+}`
	`17`	`+?>`
	`18`	`+--CLEAN--`
	`19`	`+<?php`
	`20`	`+@unlink(__DIR__.'/gh17518.phar.php');`
	`21`	`+?>`
	`22`	`+--EXPECTF--`
	`23`	`+PharException: phar error: attempted to extract non-existent file or directory "" from phar "%sgh17518.phar.php"`

Comments

(0)