Disallow wb mode in favor of w+b mode.

paragonie · Jan 25, 2018 · de63ad1 · de63ad1
1 parent a72ec65
commit de63ad1
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 5 deletions.
diff --git a/src/Stream/MutableFile.php b/src/Stream/MutableFile.php
@@ -28,7 +28,7 @@
  */
 class MutableFile implements StreamInterface
 {
-    const ALLOWED_MODES = ['r+b', 'wb', 'w+b', 'cb', 'c+b'];
+    const ALLOWED_MODES = ['r+b', 'w+b', 'cb', 'c+b'];
     const CHUNK = 8192; // PHP's fread() buffer is set to 8192 by default
 
     /**
@@ -70,7 +70,7 @@ public function __construct($file)
                     'Could not open file for writing'
                 );
             }
-            $fp = \fopen($file, 'wb');
+            $fp = \fopen($file, 'w+b');
             // @codeCoverageIgnoreStart
             if (!\is_resource($fp)) {
                 throw new FileAccessDenied(
@@ -166,8 +166,10 @@ public function readBytes(int $num, bool $skipTests = false): string
             if ($remaining <= 0) {
                 break;
             }
+            /** @var int $bufSize */
+            $bufSize = \min($remaining, self::CHUNK);
             /** @var string $read */
-            $read = \fread($this->fp, $remaining);
+            $read = \fread($this->fp, $bufSize);
             if (!\is_string($read)) {
                 throw new FileAccessDenied(
                     'Could not read from the file'

diff --git a/test/unit/StreamTest.php b/test/unit/StreamTest.php
@@ -32,6 +32,8 @@ public function testFileHash()
             $fileOne->getHash(),
             $fileTwo->getHash()
         );
+        $this->assertSame(65537, $fileOne->getSize());
+
         fclose($fp);
     }
 
@@ -94,14 +96,14 @@ public function testResource()
             );
         }
 
-        $writable = \fopen($filename, 'wb');
+        $writable = \fopen($filename, 'w+b');
         $wstream = new MutableFile($writable);
         $this->assertInstanceOf(MutableFile::class, $wstream);
         try {
             new ReadOnlyFile($writable);
         } catch (CryptoException\FileAccessDenied $ex) {
             $this->assertSame(
-                'Resource is in wb mode, which is not allowed.',
+                'Resource is in w+b mode, which is not allowed.',
                 $ex->getMessage()
             );
         }
@@ -141,6 +143,17 @@ public function testFileRead()
             $buf
         );
         $fStream->reset(0);
+
+        try {
+            $fStream->readBytes(-1);
+            $this->fail('Allowed to read -1 bytes');
+        } catch (CryptoException\CannotPerformOperation $ex) {
+        }
+        try {
+            $fStream->readBytes(65538);
+            $this->fail('Allowed to read more bytes than the file contains');
+        } catch (CryptoException\CannotPerformOperation $ex) {
+        }
 
         file_put_contents(
             $filename,
@@ -155,5 +168,16 @@ public function testFileRead()
                 $ex instanceof CryptoException\FileModified
             );
         }
+        foreach ([255, 65537] as $size) {
+            $buffer = random_bytes($size);
+            $fileWrite = tempnam('/tmp', 'x');
+            $mStream = new MutableFile($fileWrite);
+            $mStream->writeBytes($buffer);
+            $mStream->reset(0);
+
+            $this->assertSame(0, $mStream->getPos());
+            $this->assertSame($size, $mStream->getSize());
+            $this->assertSame(bin2hex($buffer), bin2hex($mStream->readBytes($size)));
+        }
     }
 }