Fix incorrect check in phar tar parsing

The entry.flags was used to check whether the entry has the directory flag. The flags however were masked to only contain the permissions. We need to check the mode, before the permission masking, instead of the flags to check whether it is a directory. Closes GH-10464 Signed-off-by: George Peter Banyard <girgias@php.net>
php · Jan 29, 2023 · ec4939b · ec4939b
1 parent 284c293
commit ec4939b
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 2 deletions.
diff --git a/NEWS b/NEWS
@@ -17,6 +17,9 @@ PHP                                                                        NEWS
 - Opcache:
   . Fix incorrect page_size check. (nielsdos)
 
+- Phar:
+  . Fix incorrect check in phar tar parsing. (nielsdos)
+
 - Standard:
   . Fixed bug GH-10292 (Made the default value of the first param of srand() and
     mt_srand() unknown). (kocsismate)

diff --git a/ext/phar/tar.c b/ext/phar/tar.c
@@ -478,14 +478,15 @@ int phar_parse_tarfile(php_stream* fp, char *fname, size_t fname_len, char *alia
 			return FAILURE;
 		}
 
+		uint32_t entry_mode = phar_tar_number(hdr->mode, sizeof(hdr->mode));
 		entry.tar_type = ((old & (hdr->typeflag == '\0')) ? TAR_FILE : hdr->typeflag);
 		entry.offset = entry.offset_abs = pos; /* header_offset unused in tar */
 		entry.fp_type = PHAR_FP;
-		entry.flags = phar_tar_number(hdr->mode, sizeof(hdr->mode)) & PHAR_ENT_PERM_MASK;
+		entry.flags = entry_mode & PHAR_ENT_PERM_MASK;
 		entry.timestamp = phar_tar_number(hdr->mtime, sizeof(hdr->mtime));
 		entry.is_persistent = myphar->is_persistent;
 
-		if (old && entry.tar_type == TAR_FILE && S_ISDIR(entry.flags)) {
+		if (old && entry.tar_type == TAR_FILE && S_ISDIR(entry_mode)) {
 			entry.tar_type = TAR_DIR;
 		}