php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

Patch zip_phar_require_hash.diff for PHAR related Bug #76929

Patch version 2018-09-24 19:56 UTC

Return to Bug #76929 | Download this patch
Patch Revisions:

Developer:

diff --git a/ext/phar/tests/zip/require_hash.phpt b/ext/phar/tests/zip/require_hash.phpt
new file mode 100644
index 0000000000..6a0cb5a001
--- /dev/null
+++ b/ext/phar/tests/zip/require_hash.phpt
@@ -0,0 +1,56 @@
+--TEST--
+Phar: zip-based phar, require_hash=1, no signature
+--SKIPIF--
+<?php if (!extension_loaded('phar')) die('skip'); ?>
+--INI--
+phar.readonly=1
+phar.require_hash=0
+--FILE--
+<?php
+ini_set('phar.require_hash', 1);
+include dirname(__FILE__) . '/files/zipmaker.php.inc';
+$fname = dirname(__FILE__) . '/zip_001.phar.zip';
+$alias = 'phar://' . $fname;
+$fname2 = dirname(__FILE__) . '/zip_001.zip';
+
+$zip = new zipmaker($fname);
+$zip->init();
+$zip->addFile('zip_001.php', '<?php var_dump(__FILE__);');
+$zip->addFile('internal/file/here', "hi there!\n");
+$zip->addFile('.phar/stub.php', "__HALT_COMPILER();");
+$zip->close();
+
+try {
+	$phar = new Phar($fname);
+	var_dump($phar->getStub());
+} catch (Exception $e) {
+	echo $e->getMessage()."\n";
+}
+ini_set('phar.require_hash', 0);
+try {
+	$phar = new PharData($fname2);
+	$phar['file'] = 'hi';
+	var_dump($phar->getSignature());
+	$phar->setSignatureAlgorithm(Phar::MD5);
+	var_dump($phar->getSignature());
+} catch (Exception $e) {
+	echo $e->getMessage()."\n";
+}
+
+?>
+===DONE===
+--CLEAN--
+<?php
+@unlink(dirname(__FILE__) . '/zip_001.phar.zip');
+@unlink(dirname(__FILE__) . '/zip_001.zip');
+?>
+--EXPECTF--
+zip-based phar "%szip_001.phar.zip" does not have a signature
+bool(false)
+array(2) {
+  ["hash"]=>
+  string(32) "%s"
+  ["hash_type"]=>
+  string(3) "MD5"
+}
+===DONE===
diff --git a/ext/phar/zip.c b/ext/phar/zip.c
index 9c9e3f6d68..c141ab6e0e 100644
--- a/ext/phar/zip.c
+++ b/ext/phar/zip.c
@@ -672,6 +672,16 @@ foundit:
 		mydata->is_data = 1;
 	}
 
+	/* ensure signature set */
+	if (!mydata->is_data && PHAR_G(require_hash) && !mydata->signature) {
+		php_stream_close(fp);
+		phar_destroy_phar_data(mydata);
+		if (error) {
+			spprintf(error, 0, "zip-based phar \"%s\" does not have a signature", fname);
+		}
+		return FAILURE;
+	}
+
 	zend_hash_str_add_ptr(&(PHAR_G(phar_fname_map)), mydata->fname, fname_len, mydata);
 
 	if (actual_alias) {
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Wed Aug 12 06:01:25 2020 UTC