php7/0060-Fix-regression-introduced-by-fixing-bug-81726.patch

From 432bf196d59bcb661fcf9cb7029cea9b43f490af Mon Sep 17 00:00:00 2001
From: "Christoph M. Becker" <cmbecker69@gmx.de>
Date: Tue, 27 Sep 2022 17:43:40 +0200
Subject: [PATCH] Fix regression introduced by fixing bug 81726

When a tar phar is created, `phar_open_from_fp()` is also called, but
since the file has just been created, none of the format checks can
succeed, so we continue to loop, but must not check again for the
format.  Therefore, we bring back the old `test` variable.

Closes GH-9620.
---
 ext/phar/phar.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/ext/phar/phar.c b/ext/phar/phar.c
index 4a761ef799..ecab9162fa 100644
--- a/ext/phar/phar.c
+++ b/ext/phar/phar.c
@@ -1584,7 +1584,7 @@ static int phar_open_from_fp(php_stream* fp, char *fname, size_t fname_len, char
 	const char zip_magic[] = "PK\x03\x04";
 	const char gz_magic[] = "\x1f\x8b\x08";
 	const char bz_magic[] = "BZh";
-	char *pos;
+	char *pos, test = '\0';
 	int recursion_count = 3; // arbitrary limit to avoid too deep or even infinite recursion
 	const int window_size = 1024;
 	char buffer[1024 + sizeof(token)]; /* a 1024 byte window + the size of the halt_compiler token (moving window) */
@@ -1613,7 +1613,8 @@ static int phar_open_from_fp(php_stream* fp, char *fname, size_t fname_len, char
 			MAPPHAR_ALLOC_FAIL("internal corruption of phar \"%s\" (truncated entry)")
 		}
 
-		if (recursion_count) {
+		if (!test && recursion_count) {
+			test = '\1';
 			pos = buffer+tokenlen;
 			if (!memcmp(pos, gz_magic, 3)) {
 				char err = 0;
@@ -1673,6 +1674,7 @@ static int phar_open_from_fp(php_stream* fp, char *fname, size_t fname_len, char
 				compression = PHAR_FILE_COMPRESSED_GZ;
 
 				/* now, start over */
+				test = '\0';
 				if (!--recursion_count) {
 					MAPPHAR_ALLOC_FAIL("unable to decompress gzipped phar archive \"%s\"");
 					break;
@@ -1714,6 +1716,7 @@ static int phar_open_from_fp(php_stream* fp, char *fname, size_t fname_len, char
 				compression = PHAR_FILE_COMPRESSED_BZ2;
 
 				/* now, start over */
+				test = '\0';
 				if (!--recursion_count) {
 					MAPPHAR_ALLOC_FAIL("unable to decompress bzipped phar archive \"%s\"");
 					break;
-- 
2.30.2
security fixed 2023-05-22 20:43:19 +03:00			`From 432bf196d59bcb661fcf9cb7029cea9b43f490af Mon Sep 17 00:00:00 2001`
			`From: "Christoph M. Becker" <cmbecker69@gmx.de>`
			`Date: Tue, 27 Sep 2022 17:43:40 +0200`
			`Subject: [PATCH] Fix regression introduced by fixing bug 81726`

			When a tar phar is created, `phar_open_from_fp()` is also called, but
			`since the file has just been created, none of the format checks can`
			`succeed, so we continue to loop, but must not check again for the`
			format. Therefore, we bring back the old `test` variable.

			`Closes GH-9620.`
			`---`
			`ext/phar/phar.c \| 7 +++++--`
			`1 file changed, 5 insertions(+), 2 deletions(-)`

			`diff --git a/ext/phar/phar.c b/ext/phar/phar.c`
			`index 4a761ef799..ecab9162fa 100644`
			`--- a/ext/phar/phar.c`
			`+++ b/ext/phar/phar.c`
			`@@ -1584,7 +1584,7 @@ static int phar_open_from_fp(php_stream* fp, char *fname, size_t fname_len, char`
			`const char zip_magic[] = "PK\x03\x04";`
			`const char gz_magic[] = "\x1f\x8b\x08";`
			`const char bz_magic[] = "BZh";`
			`- char *pos;`
			`+ char *pos, test = '\0';`
			`int recursion_count = 3; // arbitrary limit to avoid too deep or even infinite recursion`
			`const int window_size = 1024;`
			`char buffer[1024 + sizeof(token)]; /* a 1024 byte window + the size of the halt_compiler token (moving window) */`
			`@@ -1613,7 +1613,8 @@ static int phar_open_from_fp(php_stream* fp, char *fname, size_t fname_len, char`
			`MAPPHAR_ALLOC_FAIL("internal corruption of phar \"%s\" (truncated entry)")`
			`}`

			`- if (recursion_count) {`
			`+ if (!test && recursion_count) {`
			`+ test = '\1';`
			`pos = buffer+tokenlen;`
			`if (!memcmp(pos, gz_magic, 3)) {`
			`char err = 0;`
			`@@ -1673,6 +1674,7 @@ static int phar_open_from_fp(php_stream* fp, char *fname, size_t fname_len, char`
			`compression = PHAR_FILE_COMPRESSED_GZ;`

			`/* now, start over */`
			`+ test = '\0';`
			`if (!--recursion_count) {`
			`MAPPHAR_ALLOC_FAIL("unable to decompress gzipped phar archive \"%s\"");`
			`break;`
			`@@ -1714,6 +1716,7 @@ static int phar_open_from_fp(php_stream* fp, char *fname, size_t fname_len, char`
			`compression = PHAR_FILE_COMPRESSED_BZ2;`

			`/* now, start over */`
			`+ test = '\0';`
			`if (!--recursion_count) {`
			`MAPPHAR_ALLOC_FAIL("unable to decompress bzipped phar archive \"%s\"");`
			`break;`
			`--`
			`2.30.2`