php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #74991 include_path has a 4096 char (minus "__DIR__:") limit, in some PHAR cases
Submitted: 2017-07-26 06:01 UTC Modified: -
From: bw at broersma dot com Assigned:
Status: Closed Package: PHAR related
PHP Version: Irrelevant OS: Linux
Private report: No CVE-ID:
 [2017-07-26 06:01 UTC] bw at broersma dot com
Description:
------------
include_path has a 4096 char (minus "__DIR__:") limit, in some PHAR cases. I found out by running a phar tool that created long include_paths, and stopped working (https://github.com/civicrm/cv/issues/23).

Test script:
---------------
--TEST--
include_path has a 4096 char (minus "__DIR__:") limit, in some PHAR cases
--SKIPIF--
<?php if (!extension_loaded("phar")) die("skip");
--INI--
phar.readonly=0
--FILE--
<?php
// create a sample file in a custom include_path to lookup from the phar later:
mkdir('path');
touch('path/needle.php');
$p = new Phar('sample.phar');
// the use of a sub path is crucial, and make the include_path 1 byte larger (=OVERFLOW) than the MAXPATHLEN, the include_path will then be truncated to 4096 (MAXPATHLEN) into 'phar://..sample.phar/some:xx..xx:pat' so it will fail to find needle.php:
$p['some/file'] = "<?php const MAXPATHLEN = 4096, OVERFLOW = 1, PATH = 'path'; set_include_path(str_repeat('x', MAXPATHLEN - strlen(__DIR__ . PATH_SEPARATOR . PATH_SEPARATOR . PATH) + OVERFLOW) . PATH_SEPARATOR . PATH); require('needle.php');";
$p->setStub("<?php Phar::mapPhar('sample.phar'); __HALT_COMPILER();");
// execute the phar code:
require('phar://sample.phar/some/file');
--CLEAN--
<?php
unlink('path/needle.php');
unlink('sample.phar');
rmdir('path');
--EXPECT--


Actual result:
--------------
Warning: require(needle.php): failed to open stream: No such file or directory in phar:///tests/sample.phar/some/file on line 1

Fatal error: require(): Failed opening required 'needle.php' (include_path='xxxxxxxxx(...) in phar:///tests/sample.phar/some/file on line 1

Patches

Add a Patch

Pull Requests

Pull requests:

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-07-26 09:48 UTC] krakjoe@php.net
Automatic comment on behalf of bw@broersma.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=6b1fbafdf0590ec293968d38c78641283b119848
Log: Fix bug #74991 - include_path has a 4096 char (minus &quot;__DIR__:&quot;) limit, in some PHAR cases
 [2017-07-26 09:48 UTC] krakjoe@php.net
-Status: Open +Status: Closed
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Tue Aug 29 15:01:52 2017 UTC