PHP :: Bug #68787 :: Incorrect code

Bug #68787	Incorrect code
Submitted:	2015-01-10 13:23 UTC	Modified:	2015-01-25 02:52 UTC
From:	bugreports at internot dot info	Assigned:
Status:	Not a bug	Package:	PHAR related
PHP Version:	master-Git-2015-01-10 (Git)	OS:	Linux Ubuntu 14.04
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	bugreports at internot dot info
New email:
PHP Version:		OS:

New Comment:

[2015-01-10 13:23 UTC] bugreports at internot dot info

Description:
------------
Hi,

In /ext/phar/util.c:



1876                                return FAILURE;
1877                        }
1878#endif
1879                        *signature = (char *) sigbuf;
1880                        *signature_length = siglen;
1881                }
1882                break;
    
1883                default:
1884                        phar->sig_flags = PHAR_SIG_SHA1;
    

1885                case PHAR_SIG_SHA1: {
1886                        unsigned char digest[20];
1887                        PHP_SHA1_CTX  context;
1888
1889                        PHP_SHA1Init(&context);
1890
1891                        while ((sig_len = php_stream_read(fp, (char*)buf, sizeof(buf))) > 0) {
1892                                PHP_SHA1Update(&context, buf, sig_len);
1893                        }
1894
1895                        PHP_SHA1Final(digest, &context);
1896                        *signature = estrndup((char *) digest, 20);
1897                        *signature_length = 20;
1898                        break;
1899                }
1900                case PHAR_SIG_MD5: {
1901                        unsigned char digest[16];
1902                        PHP_MD5_CTX   context;
1903
1904                        PHP_MD5Init(&context);
1905
1906                        while ((sig_len = php_stream_read(fp, (char*)buf, sizeof(buf))) > 0) {
1907                                PHP_MD5Update(&context, buf, sig_len);
1908                        }
1909
1910                        PHP_MD5Final(digest, &context);
1911                        *signature = estrndup((char *) digest, 16);
1912                        *signature_length = 16;
1913                        break;
1914               



Multiple problems.

1. at L1882, 'break;' breaks out of the whole expression, not just the case that L1881 closes.

2. case PHAR_SIG_SHA1 should be second last, and default should be the last. That would make PHAR_SIG_MD5 the third last.




Thanks,

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2015-01-25 02:52 UTC] yohgaki@php.net

-Status: Open +Status: Not a bug

[2015-01-25 02:52 UTC] yohgaki@php.net

http://stackoverflow.com/questions/3110088/switch-statement-must-default-be-the-last-case

Although it may seem strange, this code is valid.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Fri Oct 31 23:00:01 2025 UTC