xref: /PHP-5.5/ext/phar/tar.c (revision 9649ca16)
1 /*
2   +----------------------------------------------------------------------+
3   | TAR archive support for Phar                                         |
4   +----------------------------------------------------------------------+
5   | Copyright (c) 2005-2015 The PHP Group                                |
6   +----------------------------------------------------------------------+
7   | This source file is subject to version 3.01 of the PHP license,      |
8   | that is bundled with this package in the file LICENSE, and is        |
9   | available through the world-wide-web at the following url:           |
10   | http://www.php.net/license/3_01.txt.                                 |
11   | If you did not receive a copy of the PHP license and are unable to   |
12   | obtain it through the world-wide-web, please send a note to          |
13   | license@php.net so we can mail you a copy immediately.               |
14   +----------------------------------------------------------------------+
15   | Authors: Dmitry Stogov <dmitry@zend.com>                             |
16   |          Gregory Beaver <cellog@php.net>                             |
17   +----------------------------------------------------------------------+
18 */
19 
20 #include "phar_internal.h"
21 
phar_tar_number(char * buf,int len)22 static php_uint32 phar_tar_number(char *buf, int len) /* {{{ */
23 {
24 	php_uint32 num = 0;
25 	int i = 0;
26 
27 	while (i < len && buf[i] == ' ') {
28 		++i;
29 	}
30 
31 	while (i < len && buf[i] >= '0' && buf[i] <= '7') {
32 		num = num * 8 + (buf[i] - '0');
33 		++i;
34 	}
35 
36 	return num;
37 }
38 /* }}} */
39 
40 /* adapted from format_octal() in libarchive
41  *
42  * Copyright (c) 2003-2009 Tim Kientzle
43  * All rights reserved.
44  *
45  * Redistribution and use in source and binary forms, with or without
46  * modification, are permitted provided that the following conditions
47  * are met:
48  * 1. Redistributions of source code must retain the above copyright
49  *    notice, this list of conditions and the following disclaimer.
50  * 2. Redistributions in binary form must reproduce the above copyright
51  *    notice, this list of conditions and the following disclaimer in the
52  *    documentation and/or other materials provided with the distribution.
53  *
54  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
55  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
56  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
57  * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
58  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
59  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
60  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
61  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
62  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
63  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
64  */
phar_tar_octal(char * buf,php_uint32 val,int len)65 static int phar_tar_octal(char *buf, php_uint32 val, int len) /* {{{ */
66 {
67 	char *p = buf;
68 	int s = len;
69 
70 	p += len;		/* Start at the end and work backwards. */
71 	while (s-- > 0) {
72 		*--p = (char)('0' + (val & 7));
73 		val >>= 3;
74 	}
75 
76 	if (val == 0)
77 		return SUCCESS;
78 
79 	/* If it overflowed, fill field with max value. */
80 	while (len-- > 0)
81 		*p++ = '7';
82 
83 	return FAILURE;
84 }
85 /* }}} */
86 
phar_tar_checksum(char * buf,int len)87 static php_uint32 phar_tar_checksum(char *buf, int len) /* {{{ */
88 {
89 	php_uint32 sum = 0;
90 	char *end = buf + len;
91 
92 	while (buf != end) {
93 		sum += (unsigned char)*buf;
94 		++buf;
95 	}
96 	return sum;
97 }
98 /* }}} */
99 
phar_is_tar(char * buf,char * fname)100 int phar_is_tar(char *buf, char *fname) /* {{{ */
101 {
102 	tar_header *header = (tar_header *) buf;
103 	php_uint32 checksum = phar_tar_number(header->checksum, sizeof(header->checksum));
104 	php_uint32 ret;
105 	char save[sizeof(header->checksum)], *bname;
106 
107 	/* assume that the first filename in a tar won't begin with <?php */
108 	if (!strncmp(buf, "<?php", sizeof("<?php")-1)) {
109 		return 0;
110 	}
111 
112 	memcpy(save, header->checksum, sizeof(header->checksum));
113 	memset(header->checksum, ' ', sizeof(header->checksum));
114 	ret = (checksum == phar_tar_checksum(buf, 512));
115 	memcpy(header->checksum, save, sizeof(header->checksum));
116 	if ((bname = strrchr(fname, PHP_DIR_SEPARATOR))) {
117 		fname = bname;
118 	}
119 	if (!ret && (bname = strstr(fname, ".tar")) && (bname[4] == '\0' || bname[4] == '.')) {
120 		/* probably a corrupted tar - so we will pretend it is one */
121 		return 1;
122 	}
123 	return ret;
124 }
125 /* }}} */
126 
phar_open_or_create_tar(char * fname,int fname_len,char * alias,int alias_len,int is_data,int options,phar_archive_data ** pphar,char ** error TSRMLS_DC)127 int phar_open_or_create_tar(char *fname, int fname_len, char *alias, int alias_len, int is_data, int options, phar_archive_data** pphar, char **error TSRMLS_DC) /* {{{ */
128 {
129 	phar_archive_data *phar;
130 	int ret = phar_create_or_parse_filename(fname, fname_len, alias, alias_len, is_data, options, &phar, error TSRMLS_CC);
131 
132 	if (FAILURE == ret) {
133 		return FAILURE;
134 	}
135 
136 	if (pphar) {
137 		*pphar = phar;
138 	}
139 
140 	phar->is_data = is_data;
141 
142 	if (phar->is_tar) {
143 		return ret;
144 	}
145 
146 	if (phar->is_brandnew) {
147 		phar->is_tar = 1;
148 		phar->is_zip = 0;
149 		phar->internal_file_start = 0;
150 		return SUCCESS;
151 	}
152 
153 	/* we've reached here - the phar exists and is a regular phar */
154 	if (error) {
155 		spprintf(error, 4096, "phar tar error: \"%s\" already exists as a regular phar and must be deleted from disk prior to creating as a tar-based phar", fname);
156 	}
157 	return FAILURE;
158 }
159 /* }}} */
160 
phar_tar_process_metadata(phar_entry_info * entry,php_stream * fp TSRMLS_DC)161 static int phar_tar_process_metadata(phar_entry_info *entry, php_stream *fp TSRMLS_DC) /* {{{ */
162 {
163 	char *metadata;
164 	size_t save = php_stream_tell(fp), read;
165 	phar_entry_info *mentry;
166 
167 	metadata = (char *) safe_emalloc(1, entry->uncompressed_filesize, 1);
168 
169 	read = php_stream_read(fp, metadata, entry->uncompressed_filesize);
170 	if (read != entry->uncompressed_filesize) {
171 		efree(metadata);
172 		php_stream_seek(fp, save, SEEK_SET);
173 		return FAILURE;
174 	}
175 
176 	if (phar_parse_metadata(&metadata, &entry->metadata, entry->uncompressed_filesize TSRMLS_CC) == FAILURE) {
177 		/* if not valid serialized data, it is a regular string */
178 		efree(metadata);
179 		php_stream_seek(fp, save, SEEK_SET);
180 		return FAILURE;
181 	}
182 
183 	if (entry->filename_len == sizeof(".phar/.metadata.bin")-1 && !memcmp(entry->filename, ".phar/.metadata.bin", sizeof(".phar/.metadata.bin")-1)) {
184 		entry->phar->metadata = entry->metadata;
185 		entry->metadata = NULL;
186 	} else if (entry->filename_len >= sizeof(".phar/.metadata/") + sizeof("/.metadata.bin") - 1 && SUCCESS == zend_hash_find(&(entry->phar->manifest), entry->filename + sizeof(".phar/.metadata/") - 1, entry->filename_len - (sizeof("/.metadata.bin") - 1 + sizeof(".phar/.metadata/") - 1), (void *)&mentry)) {
187 		/* transfer this metadata to the entry it refers */
188 		mentry->metadata = entry->metadata;
189 		entry->metadata = NULL;
190 	}
191 
192 	efree(metadata);
193 	php_stream_seek(fp, save, SEEK_SET);
194 	return SUCCESS;
195 }
196 /* }}} */
197 
198 #if !HAVE_STRNLEN
strnlen(const char * s,size_t maxlen)199 static size_t strnlen(const char *s, size_t maxlen) {
200         char *r = (char *)memchr(s, '\0', maxlen);
201         return r ? r-s : maxlen;
202 }
203 #endif
204 
phar_parse_tarfile(php_stream * fp,char * fname,int fname_len,char * alias,int alias_len,phar_archive_data ** pphar,int is_data,php_uint32 compression,char ** error TSRMLS_DC)205 int phar_parse_tarfile(php_stream* fp, char *fname, int fname_len, char *alias, int alias_len, phar_archive_data** pphar, int is_data, php_uint32 compression, char **error TSRMLS_DC) /* {{{ */
206 {
207 	char buf[512], *actual_alias = NULL, *p;
208 	phar_entry_info entry = {0};
209 	size_t pos = 0, read, totalsize;
210 	tar_header *hdr;
211 	php_uint32 sum1, sum2, size, old;
212 	phar_archive_data *myphar, **actual;
213 	int last_was_longlink = 0;
214 	int linkname_len;
215 
216 	if (error) {
217 		*error = NULL;
218 	}
219 
220 	php_stream_seek(fp, 0, SEEK_END);
221 	totalsize = php_stream_tell(fp);
222 	php_stream_seek(fp, 0, SEEK_SET);
223 	read = php_stream_read(fp, buf, sizeof(buf));
224 
225 	if (read != sizeof(buf)) {
226 		if (error) {
227 			spprintf(error, 4096, "phar error: \"%s\" is not a tar file or is truncated", fname);
228 		}
229 		php_stream_close(fp);
230 		return FAILURE;
231 	}
232 
233 	hdr = (tar_header*)buf;
234 	old = (memcmp(hdr->magic, "ustar", sizeof("ustar")-1) != 0);
235 
236 	myphar = (phar_archive_data *) pecalloc(1, sizeof(phar_archive_data), PHAR_G(persist));
237 	myphar->is_persistent = PHAR_G(persist);
238 	/* estimate number of entries, can't be certain with tar files */
239 	zend_hash_init(&myphar->manifest, 2 + (totalsize >> 12),
240 		zend_get_hash_value, destroy_phar_manifest_entry, (zend_bool)myphar->is_persistent);
241 	zend_hash_init(&myphar->mounted_dirs, 5,
242 		zend_get_hash_value, NULL, (zend_bool)myphar->is_persistent);
243 	zend_hash_init(&myphar->virtual_dirs, 4 + (totalsize >> 11),
244 		zend_get_hash_value, NULL, (zend_bool)myphar->is_persistent);
245 	myphar->is_tar = 1;
246 	/* remember whether this entire phar was compressed with gz/bzip2 */
247 	myphar->flags = compression;
248 
249 	entry.is_tar = 1;
250 	entry.is_crc_checked = 1;
251 	entry.phar = myphar;
252 	pos += sizeof(buf);
253 
254 	do {
255 		phar_entry_info *newentry;
256 
257 		pos = php_stream_tell(fp);
258 		hdr = (tar_header*) buf;
259 		sum1 = phar_tar_number(hdr->checksum, sizeof(hdr->checksum));
260 		if (sum1 == 0 && phar_tar_checksum(buf, sizeof(buf)) == 0) {
261 			break;
262 		}
263 		memset(hdr->checksum, ' ', sizeof(hdr->checksum));
264 		sum2 = phar_tar_checksum(buf, old?sizeof(old_tar_header):sizeof(tar_header));
265 
266 		size = entry.uncompressed_filesize = entry.compressed_filesize =
267 			phar_tar_number(hdr->size, sizeof(hdr->size));
268 
269 		/* skip global/file headers (pax) */
270 		if (!old && (hdr->typeflag == TAR_GLOBAL_HDR || hdr->typeflag == TAR_FILE_HDR)) {
271 			size = (size+511)&~511;
272 			goto next;
273 		}
274 
275 		if (((!old && hdr->prefix[0] == 0) || old) && strnlen(hdr->name, 100) == sizeof(".phar/signature.bin")-1 && !strncmp(hdr->name, ".phar/signature.bin", sizeof(".phar/signature.bin")-1)) {
276 			off_t curloc;
277 
278 			if (size > 511) {
279 				if (error) {
280 					spprintf(error, 4096, "phar error: tar-based phar \"%s\" has signature that is larger than 511 bytes, cannot process", fname);
281 				}
282 bail:
283 				php_stream_close(fp);
284 				phar_destroy_phar_data(myphar TSRMLS_CC);
285 				return FAILURE;
286 			}
287 			curloc = php_stream_tell(fp);
288 			read = php_stream_read(fp, buf, size);
289 			if (read != size) {
290 				if (error) {
291 					spprintf(error, 4096, "phar error: tar-based phar \"%s\" signature cannot be read", fname);
292 				}
293 				goto bail;
294 			}
295 #ifdef WORDS_BIGENDIAN
296 # define PHAR_GET_32(buffer) \
297 	(((((unsigned char*)(buffer))[3]) << 24) \
298 		| ((((unsigned char*)(buffer))[2]) << 16) \
299 		| ((((unsigned char*)(buffer))[1]) <<  8) \
300 		| (((unsigned char*)(buffer))[0]))
301 #else
302 # define PHAR_GET_32(buffer) (php_uint32) *(buffer)
303 #endif
304 			myphar->sig_flags = PHAR_GET_32(buf);
305 			if (FAILURE == phar_verify_signature(fp, php_stream_tell(fp) - size - 512, myphar->sig_flags, buf + 8, size - 8, fname, &myphar->signature, &myphar->sig_len, error TSRMLS_CC)) {
306 				if (error) {
307 					char *save = *error;
308 					spprintf(error, 4096, "phar error: tar-based phar \"%s\" signature cannot be verified: %s", fname, save);
309 					efree(save);
310 				}
311 				goto bail;
312 			}
313 			php_stream_seek(fp, curloc + 512, SEEK_SET);
314 			/* signature checked out, let's ensure this is the last file in the phar */
315 			if (((hdr->typeflag == '\0') || (hdr->typeflag == TAR_FILE)) && size > 0) {
316 				/* this is not good enough - seek succeeds even on truncated tars */
317 				php_stream_seek(fp, 512, SEEK_CUR);
318 				if ((uint)php_stream_tell(fp) > totalsize) {
319 					if (error) {
320 						spprintf(error, 4096, "phar error: \"%s\" is a corrupted tar file (truncated)", fname);
321 					}
322 					php_stream_close(fp);
323 					phar_destroy_phar_data(myphar TSRMLS_CC);
324 					return FAILURE;
325 				}
326 			}
327 
328 			read = php_stream_read(fp, buf, sizeof(buf));
329 
330 			if (read != sizeof(buf)) {
331 				if (error) {
332 					spprintf(error, 4096, "phar error: \"%s\" is a corrupted tar file (truncated)", fname);
333 				}
334 				php_stream_close(fp);
335 				phar_destroy_phar_data(myphar TSRMLS_CC);
336 				return FAILURE;
337 			}
338 
339 			hdr = (tar_header*) buf;
340 			sum1 = phar_tar_number(hdr->checksum, sizeof(hdr->checksum));
341 
342 			if (sum1 == 0 && phar_tar_checksum(buf, sizeof(buf)) == 0) {
343 				break;
344 			}
345 
346 			if (error) {
347 				spprintf(error, 4096, "phar error: \"%s\" has entries after signature, invalid phar", fname);
348 			}
349 
350 			goto bail;
351 		}
352 
353 		if (!last_was_longlink && hdr->typeflag == 'L') {
354 			last_was_longlink = 1;
355 			/* support the ././@LongLink system for storing long filenames */
356 			entry.filename_len = entry.uncompressed_filesize;
357 
358 			/* Check for overflow - bug 61065 */
359 			if (entry.filename_len == UINT_MAX || entry.filename_len == 0) {
360 				if (error) {
361 					spprintf(error, 4096, "phar error: \"%s\" is a corrupted tar file (invalid entry size)", fname);
362 				}
363 				php_stream_close(fp);
364 				phar_destroy_phar_data(myphar TSRMLS_CC);
365 				return FAILURE;
366 			}
367 			entry.filename = pemalloc(entry.filename_len+1, myphar->is_persistent);
368 
369 			read = php_stream_read(fp, entry.filename, entry.filename_len);
370 			if (read != entry.filename_len) {
371 				efree(entry.filename);
372 				if (error) {
373 					spprintf(error, 4096, "phar error: \"%s\" is a corrupted tar file (truncated)", fname);
374 				}
375 				php_stream_close(fp);
376 				phar_destroy_phar_data(myphar TSRMLS_CC);
377 				return FAILURE;
378 			}
379 			entry.filename[entry.filename_len] = '\0';
380 
381 			/* skip blank stuff */
382 			size = ((size+511)&~511) - size;
383 
384 			/* this is not good enough - seek succeeds even on truncated tars */
385 			php_stream_seek(fp, size, SEEK_CUR);
386 			if ((uint)php_stream_tell(fp) > totalsize) {
387 				efree(entry.filename);
388 				if (error) {
389 					spprintf(error, 4096, "phar error: \"%s\" is a corrupted tar file (truncated)", fname);
390 				}
391 				php_stream_close(fp);
392 				phar_destroy_phar_data(myphar TSRMLS_CC);
393 				return FAILURE;
394 			}
395 
396 			read = php_stream_read(fp, buf, sizeof(buf));
397 
398 			if (read != sizeof(buf)) {
399 				efree(entry.filename);
400 				if (error) {
401 					spprintf(error, 4096, "phar error: \"%s\" is a corrupted tar file (truncated)", fname);
402 				}
403 				php_stream_close(fp);
404 				phar_destroy_phar_data(myphar TSRMLS_CC);
405 				return FAILURE;
406 			}
407 			continue;
408 		} else if (!last_was_longlink && !old && hdr->prefix[0] != 0) {
409 			char name[256];
410 			int i, j;
411 
412 			for (i = 0; i < 155; i++) {
413 				name[i] = hdr->prefix[i];
414 				if (name[i] == '\0') {
415 					break;
416 				}
417 			}
418 			name[i++] = '/';
419 			for (j = 0; j < 100; j++) {
420 				name[i+j] = hdr->name[j];
421 				if (name[i+j] == '\0') {
422 					break;
423 				}
424 			}
425 
426 			entry.filename_len = i+j;
427 
428 			if (name[entry.filename_len - 1] == '/') {
429 				/* some tar programs store directories with trailing slash */
430 				entry.filename_len--;
431 			}
432 			entry.filename = pestrndup(name, entry.filename_len, myphar->is_persistent);
433 		} else if (!last_was_longlink) {
434 			int i;
435 
436 			/* calculate strlen, which can be no longer than 100 */
437 			for (i = 0; i < 100; i++) {
438 				if (hdr->name[i] == '\0') {
439 					break;
440 				}
441 			}
442 			entry.filename_len = i;
443 			entry.filename = pestrndup(hdr->name, i, myphar->is_persistent);
444 
445 			if (i > 0 && entry.filename[entry.filename_len - 1] == '/') {
446 				/* some tar programs store directories with trailing slash */
447 				entry.filename[entry.filename_len - 1] = '\0';
448 				entry.filename_len--;
449 			}
450 		}
451 		last_was_longlink = 0;
452 
453 		phar_add_virtual_dirs(myphar, entry.filename, entry.filename_len TSRMLS_CC);
454 
455 		if (sum1 != sum2) {
456 			if (error) {
457 				spprintf(error, 4096, "phar error: \"%s\" is a corrupted tar file (checksum mismatch of file \"%s\")", fname, entry.filename);
458 			}
459 			pefree(entry.filename, myphar->is_persistent);
460 			php_stream_close(fp);
461 			phar_destroy_phar_data(myphar TSRMLS_CC);
462 			return FAILURE;
463 		}
464 
465 		entry.tar_type = ((old & (hdr->typeflag == '\0')) ? TAR_FILE : hdr->typeflag);
466 		entry.offset = entry.offset_abs = pos; /* header_offset unused in tar */
467 		entry.fp_type = PHAR_FP;
468 		entry.flags = phar_tar_number(hdr->mode, sizeof(hdr->mode)) & PHAR_ENT_PERM_MASK;
469 		entry.timestamp = phar_tar_number(hdr->mtime, sizeof(hdr->mtime));
470 		entry.is_persistent = myphar->is_persistent;
471 #ifndef S_ISDIR
472 #define S_ISDIR(mode)	(((mode)&S_IFMT) == S_IFDIR)
473 #endif
474 		if (old && entry.tar_type == TAR_FILE && S_ISDIR(entry.flags)) {
475 			entry.tar_type = TAR_DIR;
476 		}
477 
478 		if (entry.tar_type == TAR_DIR) {
479 			entry.is_dir = 1;
480 		} else {
481 			entry.is_dir = 0;
482 		}
483 
484 		entry.link = NULL;
485 		/* link field is null-terminated unless it has 100 non-null chars.
486 		 * Thus we can not use strlen. */
487 		linkname_len = strnlen(hdr->linkname, 100);
488 		if (entry.tar_type == TAR_LINK) {
489 			if (!zend_hash_exists(&myphar->manifest, hdr->linkname, linkname_len)) {
490 				if (error) {
491 					spprintf(error, 4096, "phar error: \"%s\" is a corrupted tar file - hard link to non-existent file \"%.*s\"", fname, linkname_len, hdr->linkname);
492 				}
493 				pefree(entry.filename, entry.is_persistent);
494 				php_stream_close(fp);
495 				phar_destroy_phar_data(myphar TSRMLS_CC);
496 				return FAILURE;
497 			}
498 			entry.link = estrndup(hdr->linkname, linkname_len);
499 		} else if (entry.tar_type == TAR_SYMLINK) {
500 			entry.link = estrndup(hdr->linkname, linkname_len);
501 		}
502 		phar_set_inode(&entry TSRMLS_CC);
503 		zend_hash_add(&myphar->manifest, entry.filename, entry.filename_len, (void*)&entry, sizeof(phar_entry_info), (void **) &newentry);
504 
505 		if (entry.is_persistent) {
506 			++entry.manifest_pos;
507 		}
508 
509 		if (entry.filename_len >= sizeof(".phar/.metadata")-1 && !memcmp(entry.filename, ".phar/.metadata", sizeof(".phar/.metadata")-1)) {
510 			if (FAILURE == phar_tar_process_metadata(newentry, fp TSRMLS_CC)) {
511 				if (error) {
512 					spprintf(error, 4096, "phar error: tar-based phar \"%s\" has invalid metadata in magic file \"%s\"", fname, entry.filename);
513 				}
514 				php_stream_close(fp);
515 				phar_destroy_phar_data(myphar TSRMLS_CC);
516 				return FAILURE;
517 			}
518 		}
519 
520 		if (!actual_alias && entry.filename_len == sizeof(".phar/alias.txt")-1 && !strncmp(entry.filename, ".phar/alias.txt", sizeof(".phar/alias.txt")-1)) {
521 			/* found explicit alias */
522 			if (size > 511) {
523 				if (error) {
524 					spprintf(error, 4096, "phar error: tar-based phar \"%s\" has alias that is larger than 511 bytes, cannot process", fname);
525 				}
526 				php_stream_close(fp);
527 				phar_destroy_phar_data(myphar TSRMLS_CC);
528 				return FAILURE;
529 			}
530 
531 			read = php_stream_read(fp, buf, size);
532 
533 			if (read == size) {
534 				buf[size] = '\0';
535 				if (!phar_validate_alias(buf, size)) {
536 					if (size > 50) {
537 						buf[50] = '.';
538 						buf[51] = '.';
539 						buf[52] = '.';
540 						buf[53] = '\0';
541 					}
542 
543 					if (error) {
544 						spprintf(error, 4096, "phar error: invalid alias \"%s\" in tar-based phar \"%s\"", buf, fname);
545 					}
546 
547 					php_stream_close(fp);
548 					phar_destroy_phar_data(myphar TSRMLS_CC);
549 					return FAILURE;
550 				}
551 
552 				actual_alias = pestrndup(buf, size, myphar->is_persistent);
553 				myphar->alias = actual_alias;
554 				myphar->alias_len = size;
555 				php_stream_seek(fp, pos, SEEK_SET);
556 			} else {
557 				if (error) {
558 					spprintf(error, 4096, "phar error: Unable to read alias from tar-based phar \"%s\"", fname);
559 				}
560 
561 				php_stream_close(fp);
562 				phar_destroy_phar_data(myphar TSRMLS_CC);
563 				return FAILURE;
564 			}
565 		}
566 
567 		size = (size+511)&~511;
568 
569 		if (((hdr->typeflag == '\0') || (hdr->typeflag == TAR_FILE)) && size > 0) {
570 next:
571 			/* this is not good enough - seek succeeds even on truncated tars */
572 			php_stream_seek(fp, size, SEEK_CUR);
573 			if ((uint)php_stream_tell(fp) > totalsize) {
574 				if (error) {
575 					spprintf(error, 4096, "phar error: \"%s\" is a corrupted tar file (truncated)", fname);
576 				}
577 				php_stream_close(fp);
578 				phar_destroy_phar_data(myphar TSRMLS_CC);
579 				return FAILURE;
580 			}
581 		}
582 
583 		read = php_stream_read(fp, buf, sizeof(buf));
584 
585 		if (read != sizeof(buf)) {
586 			if (error) {
587 				spprintf(error, 4096, "phar error: \"%s\" is a corrupted tar file (truncated)", fname);
588 			}
589 			php_stream_close(fp);
590 			phar_destroy_phar_data(myphar TSRMLS_CC);
591 			return FAILURE;
592 		}
593 	} while (read != 0);
594 
595 	if (zend_hash_exists(&(myphar->manifest), ".phar/stub.php", sizeof(".phar/stub.php")-1)) {
596 		myphar->is_data = 0;
597 	} else {
598 		myphar->is_data = 1;
599 	}
600 
601 	/* ensure signature set */
602 	if (!myphar->is_data && PHAR_G(require_hash) && !myphar->signature) {
603 		php_stream_close(fp);
604 		phar_destroy_phar_data(myphar TSRMLS_CC);
605 		if (error) {
606 			spprintf(error, 0, "tar-based phar \"%s\" does not have a signature", fname);
607 		}
608 		return FAILURE;
609 	}
610 
611 	myphar->fname = pestrndup(fname, fname_len, myphar->is_persistent);
612 #ifdef PHP_WIN32
613 	phar_unixify_path_separators(myphar->fname, fname_len);
614 #endif
615 	myphar->fname_len = fname_len;
616 	myphar->fp = fp;
617 	p = strrchr(myphar->fname, '/');
618 
619 	if (p) {
620 		myphar->ext = memchr(p, '.', (myphar->fname + fname_len) - p);
621 		if (myphar->ext == p) {
622 			myphar->ext = memchr(p + 1, '.', (myphar->fname + fname_len) - p - 1);
623 		}
624 		if (myphar->ext) {
625 			myphar->ext_len = (myphar->fname + fname_len) - myphar->ext;
626 		}
627 	}
628 
629 	phar_request_initialize(TSRMLS_C);
630 
631 	if (SUCCESS != zend_hash_add(&(PHAR_GLOBALS->phar_fname_map), myphar->fname, fname_len, (void*)&myphar, sizeof(phar_archive_data*), (void **)&actual)) {
632 		if (error) {
633 			spprintf(error, 4096, "phar error: Unable to add tar-based phar \"%s\" to phar registry", fname);
634 		}
635 		php_stream_close(fp);
636 		phar_destroy_phar_data(myphar TSRMLS_CC);
637 		return FAILURE;
638 	}
639 
640 	myphar = *actual;
641 
642 	if (actual_alias) {
643 		phar_archive_data **fd_ptr;
644 
645 		myphar->is_temporary_alias = 0;
646 
647 		if (SUCCESS == zend_hash_find(&(PHAR_GLOBALS->phar_alias_map), actual_alias, myphar->alias_len, (void **)&fd_ptr)) {
648 			if (SUCCESS != phar_free_alias(*fd_ptr, actual_alias, myphar->alias_len TSRMLS_CC)) {
649 				if (error) {
650 					spprintf(error, 4096, "phar error: Unable to add tar-based phar \"%s\", alias is already in use", fname);
651 				}
652 				zend_hash_del(&(PHAR_GLOBALS->phar_fname_map), myphar->fname, fname_len);
653 				return FAILURE;
654 			}
655 		}
656 
657 		zend_hash_add(&(PHAR_GLOBALS->phar_alias_map), actual_alias, myphar->alias_len, (void*)&myphar, sizeof(phar_archive_data*), NULL);
658 	} else {
659 		phar_archive_data **fd_ptr;
660 
661 		if (alias_len) {
662 			if (SUCCESS == zend_hash_find(&(PHAR_GLOBALS->phar_alias_map), alias, alias_len, (void **)&fd_ptr)) {
663 				if (SUCCESS != phar_free_alias(*fd_ptr, alias, alias_len TSRMLS_CC)) {
664 					if (error) {
665 						spprintf(error, 4096, "phar error: Unable to add tar-based phar \"%s\", alias is already in use", fname);
666 					}
667 					zend_hash_del(&(PHAR_GLOBALS->phar_fname_map), myphar->fname, fname_len);
668 					return FAILURE;
669 				}
670 			}
671 			zend_hash_add(&(PHAR_GLOBALS->phar_alias_map), alias, alias_len, (void*)&myphar, sizeof(phar_archive_data*), NULL);
672 			myphar->alias = pestrndup(alias, alias_len, myphar->is_persistent);
673 			myphar->alias_len = alias_len;
674 		} else {
675 			myphar->alias = pestrndup(myphar->fname, fname_len, myphar->is_persistent);
676 			myphar->alias_len = fname_len;
677 		}
678 
679 		myphar->is_temporary_alias = 1;
680 	}
681 
682 	if (pphar) {
683 		*pphar = myphar;
684 	}
685 
686 	return SUCCESS;
687 }
688 /* }}} */
689 
690 struct _phar_pass_tar_info {
691 	php_stream *old;
692 	php_stream *new;
693 	int free_fp;
694 	int free_ufp;
695 	char **error;
696 };
697 
phar_tar_writeheaders(void * pDest,void * argument TSRMLS_DC)698 static int phar_tar_writeheaders(void *pDest, void *argument TSRMLS_DC) /* {{{ */
699 {
700 	tar_header header;
701 	size_t pos;
702 	phar_entry_info *entry = (phar_entry_info *) pDest;
703 	struct _phar_pass_tar_info *fp = (struct _phar_pass_tar_info *)argument;
704 	char padding[512];
705 
706 	if (entry->is_mounted) {
707 		return ZEND_HASH_APPLY_KEEP;
708 	}
709 
710 	if (entry->is_deleted) {
711 		if (entry->fp_refcount <= 0) {
712 			return ZEND_HASH_APPLY_REMOVE;
713 		} else {
714 			/* we can't delete this in-memory until it is closed */
715 			return ZEND_HASH_APPLY_KEEP;
716 		}
717 	}
718 
719 	phar_add_virtual_dirs(entry->phar, entry->filename, entry->filename_len TSRMLS_CC);
720 	memset((char *) &header, 0, sizeof(header));
721 
722 	if (entry->filename_len > 100) {
723 		char *boundary;
724 		if (entry->filename_len > 256) {
725 			if (fp->error) {
726 				spprintf(fp->error, 4096, "tar-based phar \"%s\" cannot be created, filename \"%s\" is too long for tar file format", entry->phar->fname, entry->filename);
727 			}
728 			return ZEND_HASH_APPLY_STOP;
729 		}
730 		boundary = entry->filename + entry->filename_len - 101;
731 		while (*boundary && *boundary != '/') {
732 			++boundary;
733 		}
734 		if (!*boundary || ((boundary - entry->filename) > 155)) {
735 			if (fp->error) {
736 				spprintf(fp->error, 4096, "tar-based phar \"%s\" cannot be created, filename \"%s\" is too long for tar file format", entry->phar->fname, entry->filename);
737 			}
738 			return ZEND_HASH_APPLY_STOP;
739 		}
740 		memcpy(header.prefix, entry->filename, boundary - entry->filename);
741 		memcpy(header.name, boundary + 1, entry->filename_len - (boundary + 1 - entry->filename));
742 	} else {
743 		memcpy(header.name, entry->filename, entry->filename_len);
744 	}
745 
746 	phar_tar_octal(header.mode, entry->flags & PHAR_ENT_PERM_MASK, sizeof(header.mode)-1);
747 
748 	if (FAILURE == phar_tar_octal(header.size, entry->uncompressed_filesize, sizeof(header.size)-1)) {
749 		if (fp->error) {
750 			spprintf(fp->error, 4096, "tar-based phar \"%s\" cannot be created, filename \"%s\" is too large for tar file format", entry->phar->fname, entry->filename);
751 		}
752 		return ZEND_HASH_APPLY_STOP;
753 	}
754 
755 	if (FAILURE == phar_tar_octal(header.mtime, entry->timestamp, sizeof(header.mtime)-1)) {
756 		if (fp->error) {
757 			spprintf(fp->error, 4096, "tar-based phar \"%s\" cannot be created, file modification time of file \"%s\" is too large for tar file format", entry->phar->fname, entry->filename);
758 		}
759 		return ZEND_HASH_APPLY_STOP;
760 	}
761 
762 	/* calc checksum */
763 	header.typeflag = entry->tar_type;
764 
765 	if (entry->link) {
766 		strncpy(header.linkname, entry->link, strlen(entry->link));
767 	}
768 
769 	strncpy(header.magic, "ustar", sizeof("ustar")-1);
770 	strncpy(header.version, "00", sizeof("00")-1);
771 	strncpy(header.checksum, "        ", sizeof("        ")-1);
772 	entry->crc32 = phar_tar_checksum((char *)&header, sizeof(header));
773 
774 	if (FAILURE == phar_tar_octal(header.checksum, entry->crc32, sizeof(header.checksum)-1)) {
775 		if (fp->error) {
776 			spprintf(fp->error, 4096, "tar-based phar \"%s\" cannot be created, checksum of file \"%s\" is too large for tar file format", entry->phar->fname, entry->filename);
777 		}
778 		return ZEND_HASH_APPLY_STOP;
779 	}
780 
781 	/* write header */
782 	entry->header_offset = php_stream_tell(fp->new);
783 
784 	if (sizeof(header) != php_stream_write(fp->new, (char *) &header, sizeof(header))) {
785 		if (fp->error) {
786 			spprintf(fp->error, 4096, "tar-based phar \"%s\" cannot be created, header for  file \"%s\" could not be written", entry->phar->fname, entry->filename);
787 		}
788 		return ZEND_HASH_APPLY_STOP;
789 	}
790 
791 	pos = php_stream_tell(fp->new); /* save start of file within tar */
792 
793 	/* write contents */
794 	if (entry->uncompressed_filesize) {
795 		if (FAILURE == phar_open_entry_fp(entry, fp->error, 0 TSRMLS_CC)) {
796 			return ZEND_HASH_APPLY_STOP;
797 		}
798 
799 		if (-1 == phar_seek_efp(entry, 0, SEEK_SET, 0, 0 TSRMLS_CC)) {
800 			if (fp->error) {
801 				spprintf(fp->error, 4096, "tar-based phar \"%s\" cannot be created, contents of file \"%s\" could not be written, seek failed", entry->phar->fname, entry->filename);
802 			}
803 			return ZEND_HASH_APPLY_STOP;
804 		}
805 
806 		if (SUCCESS != phar_stream_copy_to_stream(phar_get_efp(entry, 0 TSRMLS_CC), fp->new, entry->uncompressed_filesize, NULL)) {
807 			if (fp->error) {
808 				spprintf(fp->error, 4096, "tar-based phar \"%s\" cannot be created, contents of file \"%s\" could not be written", entry->phar->fname, entry->filename);
809 			}
810 			return ZEND_HASH_APPLY_STOP;
811 		}
812 
813 		memset(padding, 0, 512);
814 		php_stream_write(fp->new, padding, ((entry->uncompressed_filesize +511)&~511) - entry->uncompressed_filesize);
815 	}
816 
817 	if (!entry->is_modified && entry->fp_refcount) {
818 		/* open file pointers refer to this fp, do not free the stream */
819 		switch (entry->fp_type) {
820 			case PHAR_FP:
821 				fp->free_fp = 0;
822 				break;
823 			case PHAR_UFP:
824 				fp->free_ufp = 0;
825 			default:
826 				break;
827 		}
828 	}
829 
830 	entry->is_modified = 0;
831 
832 	if (entry->fp_type == PHAR_MOD && entry->fp != entry->phar->fp && entry->fp != entry->phar->ufp) {
833 		if (!entry->fp_refcount) {
834 			php_stream_close(entry->fp);
835 		}
836 		entry->fp = NULL;
837 	}
838 
839 	entry->fp_type = PHAR_FP;
840 
841 	/* note new location within tar */
842 	entry->offset = entry->offset_abs = pos;
843 	return ZEND_HASH_APPLY_KEEP;
844 }
845 /* }}} */
846 
phar_tar_setmetadata(zval * metadata,phar_entry_info * entry,char ** error TSRMLS_DC)847 int phar_tar_setmetadata(zval *metadata, phar_entry_info *entry, char **error TSRMLS_DC) /* {{{ */
848 {
849 	php_serialize_data_t metadata_hash;
850 
851 	if (entry->metadata_str.c) {
852 		smart_str_free(&entry->metadata_str);
853 	}
854 
855 	entry->metadata_str.c = 0;
856 	entry->metadata_str.len = 0;
857 	PHP_VAR_SERIALIZE_INIT(metadata_hash);
858 	php_var_serialize(&entry->metadata_str, &metadata, &metadata_hash TSRMLS_CC);
859 	PHP_VAR_SERIALIZE_DESTROY(metadata_hash);
860 	entry->uncompressed_filesize = entry->compressed_filesize = entry->metadata_str.len;
861 
862 	if (entry->fp && entry->fp_type == PHAR_MOD) {
863 		php_stream_close(entry->fp);
864 	}
865 
866 	entry->fp_type = PHAR_MOD;
867 	entry->is_modified = 1;
868 	entry->fp = php_stream_fopen_tmpfile();
869 	entry->offset = entry->offset_abs = 0;
870 	if (entry->fp == NULL) {
871 		spprintf(error, 0, "phar error: unable to create temporary file");
872 		return -1;
873 	}
874 	if (entry->metadata_str.len != php_stream_write(entry->fp, entry->metadata_str.c, entry->metadata_str.len)) {
875 		spprintf(error, 0, "phar tar error: unable to write metadata to magic metadata file \"%s\"", entry->filename);
876 		zend_hash_del(&(entry->phar->manifest), entry->filename, entry->filename_len);
877 		return ZEND_HASH_APPLY_STOP;
878 	}
879 
880 	return ZEND_HASH_APPLY_KEEP;
881 }
882 /* }}} */
883 
phar_tar_setupmetadata(void * pDest,void * argument TSRMLS_DC)884 static int phar_tar_setupmetadata(void *pDest, void *argument TSRMLS_DC) /* {{{ */
885 {
886 	int lookfor_len;
887 	struct _phar_pass_tar_info *i = (struct _phar_pass_tar_info *)argument;
888 	char *lookfor, **error = i->error;
889 	phar_entry_info *entry = (phar_entry_info *)pDest, *metadata, newentry = {0};
890 
891 	if (entry->filename_len >= sizeof(".phar/.metadata") && !memcmp(entry->filename, ".phar/.metadata", sizeof(".phar/.metadata")-1)) {
892 		if (entry->filename_len == sizeof(".phar/.metadata.bin")-1 && !memcmp(entry->filename, ".phar/.metadata.bin", sizeof(".phar/.metadata.bin")-1)) {
893 			if (entry->phar->metadata == NULL) {
894 				return ZEND_HASH_APPLY_REMOVE;
895 			}
896 			return phar_tar_setmetadata(entry->phar->metadata, entry, error TSRMLS_CC);
897 		}
898 		/* search for the file this metadata entry references */
899 		if (entry->filename_len >= sizeof(".phar/.metadata/") + sizeof("/.metadata.bin") - 1 && !zend_hash_exists(&(entry->phar->manifest), entry->filename + sizeof(".phar/.metadata/") - 1, entry->filename_len - (sizeof("/.metadata.bin") - 1 + sizeof(".phar/.metadata/") - 1))) {
900 			/* this is orphaned metadata, erase it */
901 			return ZEND_HASH_APPLY_REMOVE;
902 		}
903 		/* we can keep this entry, the file that refers to it exists */
904 		return ZEND_HASH_APPLY_KEEP;
905 	}
906 
907 	if (!entry->is_modified) {
908 		return ZEND_HASH_APPLY_KEEP;
909 	}
910 
911 	/* now we are dealing with regular files, so look for metadata */
912 	lookfor_len = spprintf(&lookfor, 0, ".phar/.metadata/%s/.metadata.bin", entry->filename);
913 
914 	if (!entry->metadata) {
915 		zend_hash_del(&(entry->phar->manifest), lookfor, lookfor_len);
916 		efree(lookfor);
917 		return ZEND_HASH_APPLY_KEEP;
918 	}
919 
920 	if (SUCCESS == zend_hash_find(&(entry->phar->manifest), lookfor, lookfor_len, (void **)&metadata)) {
921 		int ret;
922 		ret = phar_tar_setmetadata(entry->metadata, metadata, error TSRMLS_CC);
923 		efree(lookfor);
924 		return ret;
925 	}
926 
927 	newentry.filename = lookfor;
928 	newentry.filename_len = lookfor_len;
929 	newentry.phar = entry->phar;
930 	newentry.tar_type = TAR_FILE;
931 	newentry.is_tar = 1;
932 
933 	if (SUCCESS != zend_hash_add(&(entry->phar->manifest), lookfor, lookfor_len, (void *)&newentry, sizeof(phar_entry_info), (void **)&metadata)) {
934 		efree(lookfor);
935 		spprintf(error, 0, "phar tar error: unable to add magic metadata file to manifest for file \"%s\"", entry->filename);
936 		return ZEND_HASH_APPLY_STOP;
937 	}
938 
939 	return phar_tar_setmetadata(entry->metadata, metadata, error TSRMLS_CC);
940 }
941 /* }}} */
942 
phar_tar_flush(phar_archive_data * phar,char * user_stub,long len,int defaultstub,char ** error TSRMLS_DC)943 int phar_tar_flush(phar_archive_data *phar, char *user_stub, long len, int defaultstub, char **error TSRMLS_DC) /* {{{ */
944 {
945 	phar_entry_info entry = {0};
946 	static const char newstub[] = "<?php // tar-based phar archive stub file\n__HALT_COMPILER();";
947 	php_stream *oldfile, *newfile, *stubfile;
948 	int closeoldfile, free_user_stub, signature_length;
949 	struct _phar_pass_tar_info pass;
950 	char *buf, *signature, *tmp, sigbuf[8];
951 	char halt_stub[] = "__HALT_COMPILER();";
952 
953 	entry.flags = PHAR_ENT_PERM_DEF_FILE;
954 	entry.timestamp = time(NULL);
955 	entry.is_modified = 1;
956 	entry.is_crc_checked = 1;
957 	entry.is_tar = 1;
958 	entry.tar_type = '0';
959 	entry.phar = phar;
960 	entry.fp_type = PHAR_MOD;
961 
962 	if (phar->is_persistent) {
963 		if (error) {
964 			spprintf(error, 0, "internal error: attempt to flush cached tar-based phar \"%s\"", phar->fname);
965 		}
966 		return EOF;
967 	}
968 
969 	if (phar->is_data) {
970 		goto nostub;
971 	}
972 
973 	/* set alias */
974 	if (!phar->is_temporary_alias && phar->alias_len) {
975 		entry.filename = estrndup(".phar/alias.txt", sizeof(".phar/alias.txt")-1);
976 		entry.filename_len = sizeof(".phar/alias.txt")-1;
977 		entry.fp = php_stream_fopen_tmpfile();
978 		if (entry.fp == NULL) {
979 			spprintf(error, 0, "phar error: unable to create temporary file");
980 			return -1;
981 		}
982 		if (phar->alias_len != (int)php_stream_write(entry.fp, phar->alias, phar->alias_len)) {
983 			if (error) {
984 				spprintf(error, 0, "unable to set alias in tar-based phar \"%s\"", phar->fname);
985 			}
986 			return EOF;
987 		}
988 
989 		entry.uncompressed_filesize = phar->alias_len;
990 
991 		if (SUCCESS != zend_hash_update(&phar->manifest, entry.filename, entry.filename_len, (void*)&entry, sizeof(phar_entry_info), NULL)) {
992 			if (error) {
993 				spprintf(error, 0, "unable to set alias in tar-based phar \"%s\"", phar->fname);
994 			}
995 			return EOF;
996 		}
997 	} else {
998 		zend_hash_del(&phar->manifest, ".phar/alias.txt", sizeof(".phar/alias.txt")-1);
999 	}
1000 
1001 	/* set stub */
1002 	if (user_stub && !defaultstub) {
1003 		char *pos;
1004 		if (len < 0) {
1005 			/* resource passed in */
1006 			if (!(php_stream_from_zval_no_verify(stubfile, (zval **)user_stub))) {
1007 				if (error) {
1008 					spprintf(error, 0, "unable to access resource to copy stub to new tar-based phar \"%s\"", phar->fname);
1009 				}
1010 				return EOF;
1011 			}
1012 			if (len == -1) {
1013 				len = PHP_STREAM_COPY_ALL;
1014 			} else {
1015 				len = -len;
1016 			}
1017 			user_stub = 0;
1018 
1019 			if (!(len = php_stream_copy_to_mem(stubfile, &user_stub, len, 0)) || !user_stub) {
1020 				if (error) {
1021 					spprintf(error, 0, "unable to read resource to copy stub to new tar-based phar \"%s\"", phar->fname);
1022 				}
1023 				return EOF;
1024 			}
1025 			free_user_stub = 1;
1026 		} else {
1027 			free_user_stub = 0;
1028 		}
1029 
1030 		tmp = estrndup(user_stub, len);
1031 		if ((pos = php_stristr(tmp, halt_stub, len, sizeof(halt_stub) - 1)) == NULL) {
1032 			efree(tmp);
1033 			if (error) {
1034 				spprintf(error, 0, "illegal stub for tar-based phar \"%s\"", phar->fname);
1035 			}
1036 			if (free_user_stub) {
1037 				efree(user_stub);
1038 			}
1039 			return EOF;
1040 		}
1041 		pos = user_stub + (pos - tmp);
1042 		efree(tmp);
1043 
1044 		len = pos - user_stub + 18;
1045 		entry.fp = php_stream_fopen_tmpfile();
1046 		if (entry.fp == NULL) {
1047 			spprintf(error, 0, "phar error: unable to create temporary file");
1048 			return EOF;
1049 		}
1050 		entry.uncompressed_filesize = len + 5;
1051 
1052 		if ((size_t)len != php_stream_write(entry.fp, user_stub, len)
1053 		||            5 != php_stream_write(entry.fp, " ?>\r\n", 5)) {
1054 			if (error) {
1055 				spprintf(error, 0, "unable to create stub from string in new tar-based phar \"%s\"", phar->fname);
1056 			}
1057 			if (free_user_stub) {
1058 				efree(user_stub);
1059 			}
1060 			php_stream_close(entry.fp);
1061 			return EOF;
1062 		}
1063 
1064 		entry.filename = estrndup(".phar/stub.php", sizeof(".phar/stub.php")-1);
1065 		entry.filename_len = sizeof(".phar/stub.php")-1;
1066 		zend_hash_update(&phar->manifest, entry.filename, entry.filename_len, (void*)&entry, sizeof(phar_entry_info), NULL);
1067 
1068 		if (free_user_stub) {
1069 			efree(user_stub);
1070 		}
1071 	} else {
1072 		/* Either this is a brand new phar (add the stub), or the default stub is required (overwrite the stub) */
1073 		entry.fp = php_stream_fopen_tmpfile();
1074 		if (entry.fp == NULL) {
1075 			spprintf(error, 0, "phar error: unable to create temporary file");
1076 			return EOF;
1077 		}
1078 		if (sizeof(newstub)-1 != php_stream_write(entry.fp, newstub, sizeof(newstub)-1)) {
1079 			php_stream_close(entry.fp);
1080 			if (error) {
1081 				spprintf(error, 0, "unable to %s stub in%star-based phar \"%s\", failed", user_stub ? "overwrite" : "create", user_stub ? " " : " new ", phar->fname);
1082 			}
1083 			return EOF;
1084 		}
1085 
1086 		entry.uncompressed_filesize = entry.compressed_filesize = sizeof(newstub) - 1;
1087 		entry.filename = estrndup(".phar/stub.php", sizeof(".phar/stub.php")-1);
1088 		entry.filename_len = sizeof(".phar/stub.php")-1;
1089 
1090 		if (!defaultstub) {
1091 			if (!zend_hash_exists(&phar->manifest, ".phar/stub.php", sizeof(".phar/stub.php")-1)) {
1092 				if (SUCCESS != zend_hash_add(&phar->manifest, entry.filename, entry.filename_len, (void*)&entry, sizeof(phar_entry_info), NULL)) {
1093 					php_stream_close(entry.fp);
1094 					efree(entry.filename);
1095 					if (error) {
1096 						spprintf(error, 0, "unable to create stub in tar-based phar \"%s\"", phar->fname);
1097 					}
1098 					return EOF;
1099 				}
1100 			} else {
1101 				php_stream_close(entry.fp);
1102 				efree(entry.filename);
1103 			}
1104 		} else {
1105 			if (SUCCESS != zend_hash_update(&phar->manifest, entry.filename, entry.filename_len, (void*)&entry, sizeof(phar_entry_info), NULL)) {
1106 				php_stream_close(entry.fp);
1107 				efree(entry.filename);
1108 				if (error) {
1109 					spprintf(error, 0, "unable to overwrite stub in tar-based phar \"%s\"", phar->fname);
1110 				}
1111 				return EOF;
1112 			}
1113 		}
1114 	}
1115 nostub:
1116 	if (phar->fp && !phar->is_brandnew) {
1117 		oldfile = phar->fp;
1118 		closeoldfile = 0;
1119 		php_stream_rewind(oldfile);
1120 	} else {
1121 		oldfile = php_stream_open_wrapper(phar->fname, "rb", 0, NULL);
1122 		closeoldfile = oldfile != NULL;
1123 	}
1124 
1125 	newfile = php_stream_fopen_tmpfile();
1126 	if (!newfile) {
1127 		if (error) {
1128 			spprintf(error, 0, "unable to create temporary file");
1129 		}
1130 		if (closeoldfile) {
1131 			php_stream_close(oldfile);
1132 		}
1133 		return EOF;
1134 	}
1135 
1136 	pass.old = oldfile;
1137 	pass.new = newfile;
1138 	pass.error = error;
1139 	pass.free_fp = 1;
1140 	pass.free_ufp = 1;
1141 
1142 	if (phar->metadata) {
1143 		phar_entry_info *mentry;
1144 		if (SUCCESS == zend_hash_find(&(phar->manifest), ".phar/.metadata.bin", sizeof(".phar/.metadata.bin")-1, (void **)&mentry)) {
1145 			if (ZEND_HASH_APPLY_KEEP != phar_tar_setmetadata(phar->metadata, mentry, error TSRMLS_CC)) {
1146 				if (closeoldfile) {
1147 					php_stream_close(oldfile);
1148 				}
1149 				return EOF;
1150 			}
1151 		} else {
1152 			phar_entry_info newentry = {0};
1153 
1154 			newentry.filename = estrndup(".phar/.metadata.bin", sizeof(".phar/.metadata.bin")-1);
1155 			newentry.filename_len = sizeof(".phar/.metadata.bin")-1;
1156 			newentry.phar = phar;
1157 			newentry.tar_type = TAR_FILE;
1158 			newentry.is_tar = 1;
1159 
1160 			if (SUCCESS != zend_hash_add(&(phar->manifest), ".phar/.metadata.bin", sizeof(".phar/.metadata.bin")-1, (void *)&newentry, sizeof(phar_entry_info), (void **)&mentry)) {
1161 				spprintf(error, 0, "phar tar error: unable to add magic metadata file to manifest for phar archive \"%s\"", phar->fname);
1162 				if (closeoldfile) {
1163 					php_stream_close(oldfile);
1164 				}
1165 				return EOF;
1166 			}
1167 
1168 			if (ZEND_HASH_APPLY_KEEP != phar_tar_setmetadata(phar->metadata, mentry, error TSRMLS_CC)) {
1169 				zend_hash_del(&(phar->manifest), ".phar/.metadata.bin", sizeof(".phar/.metadata.bin")-1);
1170 				if (closeoldfile) {
1171 					php_stream_close(oldfile);
1172 				}
1173 				return EOF;
1174 			}
1175 		}
1176 	}
1177 
1178 	zend_hash_apply_with_argument(&phar->manifest, (apply_func_arg_t) phar_tar_setupmetadata, (void *) &pass TSRMLS_CC);
1179 
1180 	if (error && *error) {
1181 		if (closeoldfile) {
1182 			php_stream_close(oldfile);
1183 		}
1184 
1185 		/* on error in the hash iterator above, error is set */
1186 		php_stream_close(newfile);
1187 		return EOF;
1188 	}
1189 
1190 	zend_hash_apply_with_argument(&phar->manifest, (apply_func_arg_t) phar_tar_writeheaders, (void *) &pass TSRMLS_CC);
1191 
1192 	/* add signature for executable tars or tars explicitly set with setSignatureAlgorithm */
1193 	if (!phar->is_data || phar->sig_flags) {
1194 		if (FAILURE == phar_create_signature(phar, newfile, &signature, &signature_length, error TSRMLS_CC)) {
1195 			if (error) {
1196 				char *save = *error;
1197 				spprintf(error, 0, "phar error: unable to write signature to tar-based phar: %s", save);
1198 				efree(save);
1199 			}
1200 
1201 			if (closeoldfile) {
1202 				php_stream_close(oldfile);
1203 			}
1204 
1205 			php_stream_close(newfile);
1206 			return EOF;
1207 		}
1208 
1209 		entry.filename = ".phar/signature.bin";
1210 		entry.filename_len = sizeof(".phar/signature.bin")-1;
1211 		entry.fp = php_stream_fopen_tmpfile();
1212 		if (entry.fp == NULL) {
1213 			spprintf(error, 0, "phar error: unable to create temporary file");
1214 			return EOF;
1215 		}
1216 #ifdef WORDS_BIGENDIAN
1217 # define PHAR_SET_32(var, buffer) \
1218 	*(php_uint32 *)(var) = (((((unsigned char*)&(buffer))[3]) << 24) \
1219 		| ((((unsigned char*)&(buffer))[2]) << 16) \
1220 		| ((((unsigned char*)&(buffer))[1]) << 8) \
1221 		| (((unsigned char*)&(buffer))[0]))
1222 #else
1223 # define PHAR_SET_32(var, buffer) *(php_uint32 *)(var) = (php_uint32) (buffer)
1224 #endif
1225 		PHAR_SET_32(sigbuf, phar->sig_flags);
1226 		PHAR_SET_32(sigbuf + 4, signature_length);
1227 
1228 		if (8 != (int)php_stream_write(entry.fp, sigbuf, 8) || signature_length != (int)php_stream_write(entry.fp, signature, signature_length)) {
1229 			efree(signature);
1230 			if (error) {
1231 				spprintf(error, 0, "phar error: unable to write signature to tar-based phar %s", phar->fname);
1232 			}
1233 
1234 			if (closeoldfile) {
1235 				php_stream_close(oldfile);
1236 			}
1237 			php_stream_close(newfile);
1238 			return EOF;
1239 		}
1240 
1241 		efree(signature);
1242 		entry.uncompressed_filesize = entry.compressed_filesize = signature_length + 8;
1243 		/* throw out return value and write the signature */
1244 		entry.filename_len = phar_tar_writeheaders((void *)&entry, (void *)&pass TSRMLS_CC);
1245 
1246 		if (error && *error) {
1247 			if (closeoldfile) {
1248 				php_stream_close(oldfile);
1249 			}
1250 			/* error is set by writeheaders */
1251 			php_stream_close(newfile);
1252 			return EOF;
1253 		}
1254 	} /* signature */
1255 
1256 	/* add final zero blocks */
1257 	buf = (char *) ecalloc(1024, 1);
1258 	php_stream_write(newfile, buf, 1024);
1259 	efree(buf);
1260 
1261 	if (closeoldfile) {
1262 		php_stream_close(oldfile);
1263 	}
1264 
1265 	/* on error in the hash iterator above, error is set */
1266 	if (error && *error) {
1267 		php_stream_close(newfile);
1268 		return EOF;
1269 	}
1270 
1271 	if (phar->fp && pass.free_fp) {
1272 		php_stream_close(phar->fp);
1273 	}
1274 
1275 	if (phar->ufp) {
1276 		if (pass.free_ufp) {
1277 			php_stream_close(phar->ufp);
1278 		}
1279 		phar->ufp = NULL;
1280 	}
1281 
1282 	phar->is_brandnew = 0;
1283 	php_stream_rewind(newfile);
1284 
1285 	if (phar->donotflush) {
1286 		/* deferred flush */
1287 		phar->fp = newfile;
1288 	} else {
1289 		phar->fp = php_stream_open_wrapper(phar->fname, "w+b", IGNORE_URL|STREAM_MUST_SEEK|REPORT_ERRORS, NULL);
1290 		if (!phar->fp) {
1291 			phar->fp = newfile;
1292 			if (error) {
1293 				spprintf(error, 0, "unable to open new phar \"%s\" for writing", phar->fname);
1294 			}
1295 			return EOF;
1296 		}
1297 
1298 		if (phar->flags & PHAR_FILE_COMPRESSED_GZ) {
1299 			php_stream_filter *filter;
1300 			/* to properly compress, we have to tell zlib to add a zlib header */
1301 			zval filterparams;
1302 
1303 			array_init(&filterparams);
1304 /* this is defined in zlib's zconf.h */
1305 #ifndef MAX_WBITS
1306 #define MAX_WBITS 15
1307 #endif
1308 			add_assoc_long(&filterparams, "window", MAX_WBITS + 16);
1309 			filter = php_stream_filter_create("zlib.deflate", &filterparams, php_stream_is_persistent(phar->fp) TSRMLS_CC);
1310 			zval_dtor(&filterparams);
1311 
1312 			if (!filter) {
1313 				/* copy contents uncompressed rather than lose them */
1314 				phar_stream_copy_to_stream(newfile, phar->fp, PHP_STREAM_COPY_ALL, NULL);
1315 				php_stream_close(newfile);
1316 				if (error) {
1317 					spprintf(error, 4096, "unable to compress all contents of phar \"%s\" using zlib, PHP versions older than 5.2.6 have a buggy zlib", phar->fname);
1318 				}
1319 				return EOF;
1320 			}
1321 
1322 			php_stream_filter_append(&phar->fp->writefilters, filter);
1323 			phar_stream_copy_to_stream(newfile, phar->fp, PHP_STREAM_COPY_ALL, NULL);
1324 			php_stream_filter_flush(filter, 1);
1325 			php_stream_filter_remove(filter, 1 TSRMLS_CC);
1326 			php_stream_close(phar->fp);
1327 			/* use the temp stream as our base */
1328 			phar->fp = newfile;
1329 		} else if (phar->flags & PHAR_FILE_COMPRESSED_BZ2) {
1330 			php_stream_filter *filter;
1331 
1332 			filter = php_stream_filter_create("bzip2.compress", NULL, php_stream_is_persistent(phar->fp) TSRMLS_CC);
1333 			php_stream_filter_append(&phar->fp->writefilters, filter);
1334 			phar_stream_copy_to_stream(newfile, phar->fp, PHP_STREAM_COPY_ALL, NULL);
1335 			php_stream_filter_flush(filter, 1);
1336 			php_stream_filter_remove(filter, 1 TSRMLS_CC);
1337 			php_stream_close(phar->fp);
1338 			/* use the temp stream as our base */
1339 			phar->fp = newfile;
1340 		} else {
1341 			phar_stream_copy_to_stream(newfile, phar->fp, PHP_STREAM_COPY_ALL, NULL);
1342 			/* we could also reopen the file in "rb" mode but there is no need for that */
1343 			php_stream_close(newfile);
1344 		}
1345 	}
1346 	return EOF;
1347 }
1348 /* }}} */
1349 
1350 /*
1351  * Local variables:
1352  * tab-width: 4
1353  * c-basic-offset: 4
1354  * End:
1355  * vim600: noet sw=4 ts=4 fdm=marker
1356  * vim<600: noet sw=4 ts=4
1357  */
1358