Fix bug #73035 (Out of bound when verify signature of tar phar in phar_parse_tarfile)

2025-08-15 21:48:51 +02:00 · 2016-09-11 21:37:44 -07:00 · 2016-09-11 21:37:44 -07:00 · f5a9592ad8
commit f5a9592ad8
parent 6a7cc8ff85
3 changed files with 19 additions and 1 deletions
--- a/ext/phar/tar.c
+++ b/ext/phar/tar.c
@ -286,7 +286,7 @@ bail:
 			}
 			curloc = php_stream_tell(fp);
 			read = php_stream_read(fp, buf, size);
-			if (read != size) {
+			if (read != size || read <= 8) {
 				if (error) {
 					spprintf(error, 4096, "phar error: tar-based phar \"%s\" signature cannot be read", fname);
 				}
--- a/ext/phar/tests/bug73035.phpt
+++ b/ext/phar/tests/bug73035.phpt
@ -0,0 +1,18 @@
+--TEST--
+Phar: #73035 (Out of bound when verify signature of tar phar in phar_parse_tarfile)
+--SKIPIF--
+<?php if (!extension_loaded("phar")) die("skip"); ?>
+--FILE--
+<?php
+chdir(__DIR__);
+try {
+$phar = new PharData('bug73035.tar');
+var_dump($phar);
+} catch(UnexpectedValueException $e) {
+	print $e->getMessage()."\n";
+}
+?>
+DONE
+--EXPECTF--
+phar error: tar-based phar "%sbug73035.tar" signature cannot be read
+DONE
--- a/ext/phar/tests/bug73035.tar
+++ b/ext/phar/tests/bug73035.tar