Skip to content

Commit a53d67c

Browse files
committed
Fix #77322: PharData::addEmptyDir('/') Possible integer overflow
`phar_path_check()` already strips a leading slash, so we must not attempt to strip the trailing slash from an now empty directory name. Closes GH-6508.
1 parent c0a1c2c commit a53d67c

File tree

3 files changed

+28
-2
lines changed

3 files changed

+28
-2
lines changed

NEWS

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,9 @@ PHP NEWS
3131

3232
- Phar:
3333
. Fixed bug #73809 (Phar Zip parse crash - mmap fail). (cmb)
34-
. Fixed #75102 (`PharData` says invalid checksum for valid tar). (cmb)
34+
. Fixed bug #75102 (`PharData` says invalid checksum for valid tar). (cmb)
35+
. Fixed bug #77322 (PharData::addEmptyDir('/') Possible integer overflow).
36+
(cmb)
3537

3638
- PDO MySQL:
3739
. Fixed bug #80458 (PDOStatement::fetchAll() throws for upsert queries).

ext/phar/tests/bug77322.phpt

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,24 @@
1+
--TEST--
2+
Bug #77322 (PharData::addEmptyDir('/') Possible integer overflow)
3+
--SKIPIF--
4+
<?php
5+
if (!extension_loaded('phar')) die('skip phar extension not available');
6+
?>
7+
--FILE--
8+
<?php
9+
$zip = new PharData(__DIR__ . '/bug77322.zip');
10+
$zip->addEmptyDir('/');
11+
var_dump($zip->count());
12+
13+
$tar = new PharData(__DIR__ . '/bug77322.tar');
14+
$tar->addEmptyDir('/');
15+
var_dump($tar->count());
16+
?>
17+
--EXPECT--
18+
int(1)
19+
int(1)
20+
--CLEAN--
21+
<?php
22+
unlink(__DIR__ . '/bug77322.zip');
23+
unlink(__DIR__ . '/bug77322.tar');
24+
?>

ext/phar/util.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -567,7 +567,7 @@ phar_entry_data *phar_get_or_create_entry_data(char *fname, size_t fname_len, ch
567567
} else {
568568
etemp.flags = etemp.old_flags = PHAR_ENT_PERM_DEF_FILE;
569569
}
570-
if (is_dir) {
570+
if (is_dir && path_len) {
571571
etemp.filename_len--; /* strip trailing / */
572572
path_len--;
573573
}

0 commit comments

Comments
 (0)