Fix Bug #49020: phar misinterprets ustar long filename standard

NEWS

@@ -6,6 +6,8 @@ PHP                                                                        NEWS
 - Fixed open_basedir circumvention for mail.log. (Maksymilian Arciemowicz,
   Stas)
 
+- Fixed bug #49020 (phar misinterprets ustar long filename standard).
+  (Greg)
 - Fixed bug #49018 (phar tar stores long filenames wit prefix/name reversed).
   (Greg)
 - Fixed bug #48962 (cURL does not upload files with specified filename).

ext/phar/tar.c

@@ -341,6 +341,7 @@ int phar_parse_tarfile(php_stream* fp, char *fname, int fname_len, char *alias,
 					break;
 				}
 			}
+			name[i++] = '/';
 			for (j = 0; j < 100; j++) {
 				name[i+j] = hdr->name[j];
 				if (name[i+j] == '\0') {
@@ -641,14 +642,25 @@ static int phar_tar_writeheaders(void *pDest, void *argument TSRMLS_DC) /* {{{ *
 	memset((char *) &header, 0, sizeof(header));
 
 	if (entry->filename_len > 100) {
-		if (entry->filename_len > 255) {
+		char *boundary;
+		if (entry->filename_len > 256) {
 			if (fp->error) {
 				spprintf(fp->error, 4096, "tar-based phar \"%s\" cannot be created, filename \"%s\" is too long for tar file format", entry->phar->fname, entry->filename);
 			}
 			return ZEND_HASH_APPLY_STOP;
 		}
-		memcpy(header.prefix, entry->filename, entry->filename_len - 100);
-		memcpy(header.name, entry->filename + (entry->filename_len - 100), 100);
+		boundary = entry->filename + entry->filename_len - 101;
+		while (*boundary && *boundary != '/') {
+			++boundary;
+		}
+		if (!*boundary || ((boundary - entry->filename) > 155)) {
+			if (fp->error) {
+				spprintf(fp->error, 4096, "tar-based phar \"%s\" cannot be created, filename \"%s\" is too long for tar file format", entry->phar->fname, entry->filename);
+			}
+			return ZEND_HASH_APPLY_STOP;
+		}
+		memcpy(header.prefix, entry->filename, boundary - entry->filename);
+		memcpy(header.name, boundary + 1, entry->filename_len - (boundary + 1 - entry->filename));
 	} else {
 		memcpy(header.name, entry->filename, entry->filename_len);
 	}

ext/phar/tests/tar/bignames.phpt

@@ -8,30 +8,50 @@ phar.require_hash=0
 <?php
 $fname = dirname(__FILE__) . '/' . basename(__FILE__, '.php') . '.tar';
 $fname2 = dirname(__FILE__) . '/' . basename(__FILE__, '.php') . '.2.tar';
+$fname3 = dirname(__FILE__) . '/' . basename(__FILE__, '.php') . '.3.tar';
+$fname4 = dirname(__FILE__) . '/' . basename(__FILE__, '.php') . '.4.tar';
 $pname = 'phar://' . $fname;
 
 $p1 = new PharData($fname);
-$p1[str_repeat('a', 100) . 'b'] = 'hi';
-$p1[str_repeat('a', 255)] = 'hi2';
+$p1[str_repeat('a', 100) . '/b'] = 'hi';
+$p1[str_repeat('a', 155) . '/' . str_repeat('b', 100)] = 'hi2';
 copy($fname, $fname2);
 $p2 = new PharData($fname2);
-echo $p2[str_repeat('a', 100) . 'b']->getContent() . "\n";
-echo $p2[str_repeat('a', 255)]->getContent() . "\n";
+echo $p2[str_repeat('a', 100) . '/b']->getContent() . "\n";
+echo $p2[str_repeat('a', 155) . '/' . str_repeat('b', 100)]->getContent() . "\n";
 
 try {
 	$p2[str_repeat('a', 400)] = 'yuck';
 } catch (Exception $e) {
 	echo $e->getMessage() . "\n";
 }
+
+try {
+	$p2 = new PharData($fname3);
+	$p2[str_repeat('a', 101)] = 'yuck';
+} catch (Exception $e) {
+	echo $e->getMessage() . "\n";
+}
+
+try {
+	$p2 = new PharData($fname4);
+	$p2[str_repeat('b', 160) . '/' . str_repeat('a', 90)] = 'yuck';
+} catch (Exception $e) {
+	echo $e->getMessage() . "\n";
+}
 ?>
 ===DONE===
 --CLEAN--
 <?php
 unlink(dirname(__FILE__) . '/' . basename(__FILE__, '.clean.php') . '.tar');
 unlink(dirname(__FILE__) . '/' . basename(__FILE__, '.clean.php') . '.2.tar');
+@unlink(dirname(__FILE__) . '/' . basename(__FILE__, '.clean.php') . '.3.tar');
+@unlink(dirname(__FILE__) . '/' . basename(__FILE__, '.clean.php') . '.4.tar');
 ?>
 --EXPECTF--
 hi
 hi2
 tar-based phar "%sbignames.2.tar" cannot be created, filename "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" is too long for tar file format
+tar-based phar "%sbignames.3.tar" cannot be created, filename "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" is too long for tar file format
+tar-based phar "%sbignames.4.tar" cannot be created, filename "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" is too long for tar file format
 ===DONE===

ext/phar/tests/tar/bignames_overflow.phpt

@@ -22,8 +22,8 @@ $p1 = new PharData($fname);
 foreach ($p1 as $file) {
 	echo $file->getFileName(), "\n";
 }
-echo $p1[str_repeat('a', 101)]->getContent() . "\n";
-echo $p1[str_repeat('a', 255)]->getContent() . "\n";
+echo $p1['a/' . str_repeat('a', 100)]->getContent() . "\n";
+echo $p1[str_repeat('a', 155) . '/' . str_repeat('a', 100)]->getContent() . "\n";
 
 ?>
 ===DONE===
@@ -33,8 +33,8 @@ unlink(dirname(__FILE__) . '/' . basename(__FILE__, '.clean.php') . '.tar');
 unlink(dirname(__FILE__) . '/' . basename(__FILE__, '.clean.php') . '.2.tar');
 ?>
 --EXPECT--
-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+a
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 hi
 hi2
 ===DONE===