Support getMetadata(array $unserialize_options=[])

Also, add more tests of edge cases that can be encountered when modifying
metadata of phars.
Attempt to serialize immediately when setMetadata is called,
don't modify the original value if that fails.

Author: TysonAndre

ext/phar/phar.c

@@ -21,6 +21,7 @@
 #include "phar_internal.h"
 #include "SAPI.h"
 #include "func_interceptors.h"
+#include "ext/standard/php_var.h"
 
 static void destroy_phar_data(zval *zv);
 
@@ -601,29 +602,47 @@ void phar_metadata_tracker_try_ensure_has_serialized_data(phar_metadata_tracker
 /**
  * Parse out metadata when phar_metadata_tracker_has_data is true
  */
-int phar_metadata_tracker_unserialize_or_copy(const phar_metadata_tracker *tracker, zval *metadata, int persistent) /* {{{ */
+int phar_metadata_tracker_unserialize_or_copy(phar_metadata_tracker *tracker, zval *metadata, int persistent, zval *unserialize_options, const char* method_name) /* {{{ */
 {
-	if (Z_ISUNDEF(tracker->val) || persistent) {
+	const zend_bool has_unserialize_options = unserialize_options != NULL && Z_TYPE_P(unserialize_options) == IS_ARRAY &&
+		zend_array_count(Z_ARRVAL_P(unserialize_options)) > 0;
+	if (EG(exception)) {
+		return FAILURE;
+	}
+
+	if (Z_ISUNDEF(tracker->val) || persistent || has_unserialize_options) {
+		const char *start;
 		/* Assert it should not be possible to create raw data in a persistent phar (i.e. from cache_list) */
-		ZEND_ASSERT(Z_ISUNDEF(tracker->val));
-		const unsigned char *start;
-		php_unserialize_data_t var_hash;
+
+		ZEND_ASSERT(has_unserialize_options || Z_ISUNDEF(tracker->val));
+		if (has_unserialize_options && tracker->str == NULL) {
+			/* If this specifies any unserialization options, assume that this will need to serialize the data to unserialize it later */
+			smart_str main_metadata_str = {0};
+			php_serialize_data_t metadata_hash;
+			ZEND_ASSERT(!persistent);
+			PHP_VAR_SERIALIZE_INIT(metadata_hash);
+			php_var_serialize(&main_metadata_str, &tracker->val, &metadata_hash);
+			PHP_VAR_SERIALIZE_DESTROY(metadata_hash);
+			if (EG(exception)) {
+				return FAILURE;
+			}
+			tracker->str = main_metadata_str.s;
+		}
 		/* precondition: This has data */
 		ZEND_ASSERT(tracker->str != NULL);
 		ZVAL_NULL(metadata);
-		PHP_VAR_UNSERIALIZE_INIT(var_hash);
-		start = (const unsigned char*)ZSTR_VAL(tracker->str);
+		start = ZSTR_VAL(tracker->str);
 
-		if (!php_var_unserialize(metadata, &start, start + ZSTR_LEN(tracker->str), &var_hash)) {
-			PHP_VAR_UNSERIALIZE_DESTROY(var_hash);
+		unserialize_with_options(metadata, start, ZSTR_LEN(tracker->str), unserialize_options, method_name);
+		if (EG(exception)) {
 			zval_ptr_dtor(metadata);
 			ZVAL_UNDEF(metadata);
 			return FAILURE;
 		}
-		PHP_VAR_UNSERIALIZE_DESTROY(var_hash);
 		return SUCCESS;
 	} else {
-		/* TODO: what is the current/expected behavior when fetching an object with getMetadata() and modifying a property? Previously, it was underdefined, and probably unimportant to support  */
+		/* TODO: what is the current/expected behavior when fetching an object set with setMetadata then getting it
+		 * with getMetadata() and modifying a property? Previously, it was underdefined, and probably unimportant to support. */
 		ZVAL_COPY(metadata, &tracker->val);
 	}
 
@@ -1100,7 +1119,6 @@ static int phar_parse_pharfile(php_stream *fp, char *fname, size_t fname_len, ch
 		MAPPHAR_FAIL("internal corruption of phar \"%s\" (trying to read past buffer end)");
 	}
 	/* Don't implicitly call unserialize() on potentially untrusted input unless getMetadata() is called directly. */
-	// XXX where is the raw data to unserialize being set
 	phar_parse_metadata_lazy(buffer, &mydata->metadata_tracker, len, mydata->is_persistent);
 	buffer += len;
 

ext/phar/phar_internal.h

@@ -559,7 +559,7 @@ void phar_metadata_tracker_free(phar_metadata_tracker* val, int persistent);
 void phar_metadata_tracker_copy(phar_metadata_tracker* dest, const phar_metadata_tracker *source, int persistent);
 void phar_metadata_tracker_clone(phar_metadata_tracker* tracker);
 void phar_metadata_tracker_try_ensure_has_serialized_data(phar_metadata_tracker* tracker, int persistent);
-int phar_metadata_tracker_unserialize_or_copy(const phar_metadata_tracker* tracker, zval *value, int persistent);
+int phar_metadata_tracker_unserialize_or_copy(phar_metadata_tracker* tracker, zval *value, int persistent, zval *unserialize_options, const char* method_name);
 void phar_release_entry_metadata(phar_entry_info *entry);
 void phar_release_archive_metadata(phar_archive_data *phar);
 void destroy_phar_manifest_entry(zval *zv);

ext/phar/phar_object.c

@@ -3947,17 +3947,18 @@ PHP_METHOD(Phar, hasMetadata)
 /* {{{ Returns the global metadata of the phar */
 PHP_METHOD(Phar, getMetadata)
 {
+	zval *unserialize_options = NULL;
 	phar_metadata_tracker *tracker;
 	PHAR_ARCHIVE_OBJECT();
 
-	if (zend_parse_parameters_none() == FAILURE) {
-		RETURN_THROWS();
-	}
+	ZEND_PARSE_PARAMETERS_START(0, 1)
+		Z_PARAM_OPTIONAL
+		Z_PARAM_ARRAY(unserialize_options)
+	ZEND_PARSE_PARAMETERS_END();
 
 	tracker = &phar_obj->archive->metadata_tracker;
 	if (phar_metadata_tracker_has_data(tracker, phar_obj->archive->is_persistent)) {
-		/* assume success, we would have failed before */
-		phar_metadata_tracker_unserialize_or_copy(tracker, return_value, phar_obj->archive->is_persistent);
+		phar_metadata_tracker_unserialize_or_copy(tracker, return_value, phar_obj->archive->is_persistent, unserialize_options, "Phar::getMetadata");
 	}
 }
 /* }}} */
@@ -3967,6 +3968,8 @@ PHP_METHOD(Phar, setMetadata)
 {
 	char *error;
 	zval *metadata;
+	php_serialize_data_t metadata_hash;
+	smart_str main_metadata_str = {0};
 
 	PHAR_ARCHIVE_OBJECT();
 
@@ -3983,9 +3986,24 @@ PHP_METHOD(Phar, setMetadata)
 		zend_throw_exception_ex(phar_ce_PharException, 0, "phar \"%s\" is persistent, unable to copy on write", phar_obj->archive->fname);
 		RETURN_THROWS();
 	}
+
+	ZEND_ASSERT(!phar_obj->archive->is_persistent); /* Should no longer be persistent */
+
 	phar_metadata_tracker_free(&phar_obj->archive->metadata_tracker, phar_obj->archive->is_persistent);
+	if (EG(exception)) {
+		/* Destructor can throw. */
+		return;
+	}
 
+	PHP_VAR_SERIALIZE_INIT(metadata_hash);
+	php_var_serialize(&main_metadata_str, metadata, &metadata_hash);
+	PHP_VAR_SERIALIZE_DESTROY(metadata_hash);
+	if (EG(exception)) {
+		/* Serialization can throw. Don't overwrite the original string. */
+		return;
+	}
 	ZVAL_COPY(&phar_obj->archive->metadata_tracker.val, metadata);
+	phar_obj->archive->metadata_tracker.str = main_metadata_str.s;
 	phar_obj->archive->is_modified = 1;
 	phar_flush(phar_obj->archive, 0, 0, 0, &error);
 
@@ -4617,16 +4635,18 @@ PHP_METHOD(PharFileInfo, hasMetadata)
 /* {{{ Returns the metadata of the entry */
 PHP_METHOD(PharFileInfo, getMetadata)
 {
+	zval *unserialize_options = NULL;
 	phar_metadata_tracker *tracker;
 	PHAR_ENTRY_OBJECT();
 
-	if (zend_parse_parameters_none() == FAILURE) {
-		RETURN_THROWS();
-	}
+	ZEND_PARSE_PARAMETERS_START(0, 1)
+		Z_PARAM_OPTIONAL
+		Z_PARAM_ARRAY(unserialize_options)
+	ZEND_PARSE_PARAMETERS_END();
 
 	tracker = &entry_obj->entry->metadata_tracker;
 	if (phar_metadata_tracker_has_data(tracker, entry_obj->entry->is_persistent)) {
-		phar_metadata_tracker_unserialize_or_copy(tracker, return_value, entry_obj->entry->is_persistent);
+		phar_metadata_tracker_unserialize_or_copy(tracker, return_value, entry_obj->entry->is_persistent, unserialize_options, "PharFileInfo::getMetadata");
 	}
 }
 /* }}} */
@@ -4701,7 +4721,6 @@ PHP_METHOD(PharFileInfo, delMetadata)
 		RETURN_THROWS();
 	}
 
-	// XXX this should check if there is a string?
 	if (phar_metadata_tracker_has_data(&entry_obj->entry->metadata_tracker, entry_obj->entry->is_persistent)) {
 		if (entry_obj->entry->is_persistent) {
 			phar_archive_data *phar = entry_obj->entry->phar;
@@ -4713,7 +4732,7 @@ PHP_METHOD(PharFileInfo, delMetadata)
 			/* re-populate after copy-on-write */
 			entry_obj->entry = zend_hash_str_find_ptr(&phar->manifest, entry_obj->entry->filename, entry_obj->entry->filename_len);
 		}
-		// multiple values may reference this.
+		/* multiple values may reference the metadata */
 		phar_metadata_tracker_free(&entry_obj->entry->metadata_tracker, entry_obj->entry->is_persistent);
 		entry_obj->entry->is_modified = 1;
 		entry_obj->entry->phar->is_modified = 1;

ext/phar/phar_object.stub.php

@@ -67,7 +67,7 @@ public function getAlias() {}
     public function getPath() {}
 
     /** @return mixed */
-    public function getMetadata() {}
+    public function getMetadata(array $unserialize_options = []) {}
 
     /** @return bool */
     public function getModified() {}
@@ -303,7 +303,7 @@ public function getPath() {}
      * @return mixed
      * @alias Phar::getMetadata
      */
-    public function getMetadata() {}
+    public function getMetadata(array $unserialize_options = []) {}
 
     /**
      * @return bool
@@ -510,7 +510,7 @@ public function getCRC32() {}
     public function getContent() {}
 
     /** @return mixed */
-    public function getMetadata() {}
+    public function getMetadata(array $unserialize_options = []) {}
 
     /** @return int */
     public function getPharFlags() {}

ext/phar/phar_object_arginfo.h

@@ -1,5 +1,5 @@
 /* This is a generated file, edit the .stub.php file instead.
- * Stub hash: fd4f05b74248e4f7efb234cac8e3a90e17037ee0 */
+ * Stub hash: 586c79f097e9153b70f6c6e208daa08acc0ce1d4 */
 
 ZEND_BEGIN_ARG_INFO_EX(arginfo_class_Phar___construct, 0, 0, 1)
 	ZEND_ARG_TYPE_INFO(0, filename, IS_STRING, 0)
@@ -82,7 +82,9 @@ ZEND_END_ARG_INFO()
 
 #define arginfo_class_Phar_getPath arginfo_class_Phar___destruct
 
-#define arginfo_class_Phar_getMetadata arginfo_class_Phar___destruct
+ZEND_BEGIN_ARG_INFO_EX(arginfo_class_Phar_getMetadata, 0, 0, 0)
+	ZEND_ARG_TYPE_INFO_WITH_DEFAULT_VALUE(0, unserialize_options, IS_ARRAY, 0, "[]")
+ZEND_END_ARG_INFO()
 
 #define arginfo_class_Phar_getModified arginfo_class_Phar___destruct
 
@@ -252,7 +254,7 @@ ZEND_END_ARG_INFO()
 
 #define arginfo_class_PharData_getPath arginfo_class_Phar___destruct
 
-#define arginfo_class_PharData_getMetadata arginfo_class_Phar___destruct
+#define arginfo_class_PharData_getMetadata arginfo_class_Phar_getMetadata
 
 #define arginfo_class_PharData_getModified arginfo_class_Phar___destruct
 
@@ -346,7 +348,7 @@ ZEND_END_ARG_INFO()
 
 #define arginfo_class_PharFileInfo_getContent arginfo_class_Phar___destruct
 
-#define arginfo_class_PharFileInfo_getMetadata arginfo_class_Phar___destruct
+#define arginfo_class_PharFileInfo_getMetadata arginfo_class_Phar_getMetadata
 
 #define arginfo_class_PharFileInfo_getPharFlags arginfo_class_Phar___destruct
 

ext/phar/tests/phar_metadata_write2.phpt

@@ -7,7 +7,6 @@ if (!extension_loaded("phar")) die("skip");
 --INI--
 phar.require_hash=0
 phar.readonly=0
-phar.sanitize_object_metadata=0
 --FILE--
 <?php
 $fname = __DIR__ . '/' . basename(__FILE__, '.php') . '.phar.php';

ext/phar/tests/phar_metadata_write3.phpt

@@ -7,7 +7,6 @@ if (!extension_loaded("phar")) die("skip");
 --INI--
 phar.require_hash=0
 phar.readonly=0
-phar.sanitize_object_metadata=0
 --FILE--
 <?php
 class EchoesOnWakeup {
@@ -40,14 +39,27 @@ copy($fname, $fname_new);
 $phar = new Phar($fname_new);
 echo "Calling getMetadata\n";
 var_dump($phar->getMetadata());
+echo "Calling getMetadata with no allowed_classes\n";
+var_dump($phar->getMetadata(['allowed_classes' => []]));
+echo "Calling getMetadata with EchoesOnWakeup allowed\n";
+var_dump($phar->getMetadata(['allowed_classes' => [EchoesOnWakeup::class]]));
+// Part of this is a test that there are no unexpected behaviors when both selMetadata and getMetadata are used
+$phar->setMetaData([new EchoesOnWakeup(), new stdClass()]);
+echo "Calling getMetadata with too low max_depth\n";
+var_dump($phar->getMetadata(['max_depth' => 1]));
+echo "Calling getMetadata with some allowed classes\n";
+var_dump($phar->getMetadata(['allowed_classes' => [EchoesOnWakeup::class]]));
+echo "Calling getMetadata with no options returns the original metadata value\n";
+var_dump($phar->getMetadata());
+unset($phar);
 
 ?>
 --CLEAN--
 <?php
 unlink(__DIR__ . '/' . basename(__FILE__, '.clean.php') . '.phar.php');
 unlink(__DIR__ . '/' . basename(__FILE__, '.clean.php') . '.phar.php.copy.php');
 ?>
---EXPECT--
+--EXPECTF--
 Reading file contents through stream wrapper
 string(18) "contents of file a"
 Original metadata
@@ -56,3 +68,39 @@ Calling getMetadata
 In wakeup
 object(EchoesOnWakeup)#2 (0) {
 }
+Calling getMetadata with no allowed_classes
+object(__PHP_Incomplete_Class)#2 (1) {
+  ["__PHP_Incomplete_Class_Name"]=>
+  string(14) "EchoesOnWakeup"
+}
+Calling getMetadata with EchoesOnWakeup allowed
+In wakeup
+object(EchoesOnWakeup)#2 (0) {
+}
+Calling getMetadata with too low max_depth
+
+Warning: Phar::getMetadata(): Maximum depth of 1 exceeded. The depth limit can be changed using the max_depth unserialize() option or the unserialize_max_depth ini setting in %sphar_metadata_write3.php on line 39
+
+Notice: Phar::getMetadata(): Error at offset 34 of 59 bytes in %sphar_metadata_write3.php on line 39
+bool(false)
+Calling getMetadata with some allowed classes
+In wakeup
+array(2) {
+  [0]=>
+  object(EchoesOnWakeup)#4 (0) {
+  }
+  [1]=>
+  object(__PHP_Incomplete_Class)#5 (1) {
+    ["__PHP_Incomplete_Class_Name"]=>
+    string(8) "stdClass"
+  }
+}
+Calling getMetadata with no options returns the original metadata value
+array(2) {
+  [0]=>
+  object(EchoesOnWakeup)#2 (0) {
+  }
+  [1]=>
+  object(stdClass)#3 (0) {
+  }
+}