1 /*
2 +----------------------------------------------------------------------+
3 | TAR archive support for Phar |
4 +----------------------------------------------------------------------+
5 | Copyright (c) The PHP Group |
6 +----------------------------------------------------------------------+
7 | This source file is subject to version 3.01 of the PHP license, |
8 | that is bundled with this package in the file LICENSE, and is |
9 | available through the world-wide-web at the following url: |
10 | https://www.php.net/license/3_01.txt |
11 | If you did not receive a copy of the PHP license and are unable to |
12 | obtain it through the world-wide-web, please send a note to |
13 | license@php.net so we can mail you a copy immediately. |
14 +----------------------------------------------------------------------+
15 | Authors: Dmitry Stogov <dmitry@php.net> |
16 | Gregory Beaver <cellog@php.net> |
17 +----------------------------------------------------------------------+
18 */
19
20 #include "phar_internal.h"
21
phar_tar_number(char * buf,size_t len)22 static uint32_t phar_tar_number(char *buf, size_t len) /* {{{ */
23 {
24 uint32_t num = 0;
25 size_t i = 0;
26
27 while (i < len && buf[i] == ' ') {
28 ++i;
29 }
30
31 while (i < len && buf[i] >= '0' && buf[i] <= '7') {
32 num = num * 8 + (buf[i] - '0');
33 ++i;
34 }
35
36 return num;
37 }
38 /* }}} */
39
40 /* adapted from format_octal() in libarchive
41 *
42 * Copyright (c) 2003-2009 Tim Kientzle
43 * All rights reserved.
44 *
45 * Redistribution and use in source and binary forms, with or without
46 * modification, are permitted provided that the following conditions
47 * are met:
48 * 1. Redistributions of source code must retain the above copyright
49 * notice, this list of conditions and the following disclaimer.
50 * 2. Redistributions in binary form must reproduce the above copyright
51 * notice, this list of conditions and the following disclaimer in the
52 * documentation and/or other materials provided with the distribution.
53 *
54 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
55 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
56 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
57 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
58 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
59 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
60 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
61 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
62 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
63 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
64 */
phar_tar_octal(char * buf,uint32_t val,int len)65 static int phar_tar_octal(char *buf, uint32_t val, int len) /* {{{ */
66 {
67 char *p = buf;
68 int s = len;
69
70 p += len; /* Start at the end and work backwards. */
71 while (s-- > 0) {
72 *--p = (char)('0' + (val & 7));
73 val >>= 3;
74 }
75
76 if (val == 0)
77 return SUCCESS;
78
79 /* If it overflowed, fill field with max value. */
80 while (len-- > 0)
81 *p++ = '7';
82
83 return FAILURE;
84 }
85 /* }}} */
86
phar_tar_checksum(char * buf,size_t len)87 static uint32_t phar_tar_checksum(char *buf, size_t len) /* {{{ */
88 {
89 uint32_t sum = 0;
90 char *end = buf + len;
91
92 while (buf != end) {
93 sum += (unsigned char)*buf;
94 ++buf;
95 }
96 return sum;
97 }
98 /* }}} */
99
phar_is_tar(char * buf,char * fname)100 int phar_is_tar(char *buf, char *fname) /* {{{ */
101 {
102 tar_header *header = (tar_header *) buf;
103 uint32_t checksum = phar_tar_number(header->checksum, sizeof(header->checksum));
104 uint32_t ret;
105 char save[sizeof(header->checksum)], *bname;
106
107 /* assume that the first filename in a tar won't begin with <?php */
108 if (!strncmp(buf, "<?php", sizeof("<?php")-1)) {
109 return 0;
110 }
111
112 memcpy(save, header->checksum, sizeof(header->checksum));
113 memset(header->checksum, ' ', sizeof(header->checksum));
114 ret = (checksum == phar_tar_checksum(buf, 512));
115 memcpy(header->checksum, save, sizeof(header->checksum));
116 if ((bname = strrchr(fname, PHP_DIR_SEPARATOR))) {
117 fname = bname;
118 }
119 if (!ret && (bname = strstr(fname, ".tar")) && (bname[4] == '\0' || bname[4] == '.')) {
120 /* probably a corrupted tar - so we will pretend it is one */
121 return 1;
122 }
123 return ret;
124 }
125 /* }}} */
126
phar_open_or_create_tar(char * fname,size_t fname_len,char * alias,size_t alias_len,int is_data,uint32_t options,phar_archive_data ** pphar,char ** error)127 int phar_open_or_create_tar(char *fname, size_t fname_len, char *alias, size_t alias_len, int is_data, uint32_t options, phar_archive_data** pphar, char **error) /* {{{ */
128 {
129 phar_archive_data *phar;
130 int ret = phar_create_or_parse_filename(fname, fname_len, alias, alias_len, is_data, options, &phar, error);
131
132 if (FAILURE == ret) {
133 return FAILURE;
134 }
135
136 if (pphar) {
137 *pphar = phar;
138 }
139
140 phar->is_data = is_data;
141
142 if (phar->is_tar) {
143 return ret;
144 }
145
146 if (phar->is_brandnew) {
147 phar->is_tar = 1;
148 phar->is_zip = 0;
149 phar->internal_file_start = 0;
150 return SUCCESS;
151 }
152
153 /* we've reached here - the phar exists and is a regular phar */
154 if (error) {
155 spprintf(error, 4096, "phar tar error: \"%s\" already exists as a regular phar and must be deleted from disk prior to creating as a tar-based phar", fname);
156 }
157 return FAILURE;
158 }
159 /* }}} */
160
phar_tar_process_metadata(phar_entry_info * entry,php_stream * fp)161 static int phar_tar_process_metadata(phar_entry_info *entry, php_stream *fp) /* {{{ */
162 {
163 char *metadata;
164 size_t save = php_stream_tell(fp), read;
165 phar_entry_info *mentry;
166
167 metadata = (char *) safe_emalloc(1, entry->uncompressed_filesize, 1);
168
169 read = php_stream_read(fp, metadata, entry->uncompressed_filesize);
170 if (read != entry->uncompressed_filesize) {
171 efree(metadata);
172 php_stream_seek(fp, save, SEEK_SET);
173 return FAILURE;
174 }
175
176 phar_parse_metadata_lazy(metadata, &entry->metadata_tracker, entry->uncompressed_filesize, entry->is_persistent);
177
178 if (entry->filename_len == sizeof(".phar/.metadata.bin")-1 && !memcmp(entry->filename, ".phar/.metadata.bin", sizeof(".phar/.metadata.bin")-1)) {
179 if (phar_metadata_tracker_has_data(&entry->phar->metadata_tracker, entry->phar->is_persistent)) {
180 efree(metadata);
181 return FAILURE;
182 }
183 entry->phar->metadata_tracker = entry->metadata_tracker;
184 entry->metadata_tracker.str = NULL;
185 ZVAL_UNDEF(&entry->metadata_tracker.val);
186 } else if (entry->filename_len >= sizeof(".phar/.metadata/") + sizeof("/.metadata.bin") - 1 && NULL != (mentry = zend_hash_str_find_ptr(&(entry->phar->manifest), entry->filename + sizeof(".phar/.metadata/") - 1, entry->filename_len - (sizeof("/.metadata.bin") - 1 + sizeof(".phar/.metadata/") - 1)))) {
187 if (phar_metadata_tracker_has_data(&mentry->metadata_tracker, mentry->is_persistent)) {
188 efree(metadata);
189 return FAILURE;
190 }
191 /* transfer this metadata to the entry it refers */
192 mentry->metadata_tracker = entry->metadata_tracker;
193 entry->metadata_tracker.str = NULL;
194 ZVAL_UNDEF(&entry->metadata_tracker.val);
195 }
196
197 efree(metadata);
198 php_stream_seek(fp, save, SEEK_SET);
199 return SUCCESS;
200 }
201 /* }}} */
202
203 #ifndef HAVE_STRNLEN
strnlen(const char * s,size_t maxlen)204 static size_t strnlen(const char *s, size_t maxlen) {
205 char *r = (char *)memchr(s, '\0', maxlen);
206 return r ? r-s : maxlen;
207 }
208 #endif
209
phar_parse_tarfile(php_stream * fp,char * fname,size_t fname_len,char * alias,size_t alias_len,phar_archive_data ** pphar,int is_data,uint32_t compression,char ** error)210 int phar_parse_tarfile(php_stream* fp, char *fname, size_t fname_len, char *alias, size_t alias_len, phar_archive_data** pphar, int is_data, uint32_t compression, char **error) /* {{{ */
211 {
212 char buf[512], *actual_alias = NULL, *p;
213 phar_entry_info entry = {0};
214 size_t pos = 0, read, totalsize;
215 tar_header *hdr;
216 uint32_t sum1, sum2, size, old;
217 phar_archive_data *myphar, *actual;
218 int last_was_longlink = 0;
219 size_t linkname_len;
220
221 if (error) {
222 *error = NULL;
223 }
224
225 php_stream_seek(fp, 0, SEEK_END);
226 totalsize = php_stream_tell(fp);
227 php_stream_seek(fp, 0, SEEK_SET);
228 read = php_stream_read(fp, buf, sizeof(buf));
229
230 if (read != sizeof(buf)) {
231 if (error) {
232 spprintf(error, 4096, "phar error: \"%s\" is not a tar file or is truncated", fname);
233 }
234 php_stream_close(fp);
235 return FAILURE;
236 }
237
238 hdr = (tar_header*)buf;
239 old = (memcmp(hdr->magic, "ustar", sizeof("ustar")-1) != 0);
240
241 myphar = (phar_archive_data *) pecalloc(1, sizeof(phar_archive_data), PHAR_G(persist));
242 myphar->is_persistent = PHAR_G(persist);
243 /* estimate number of entries, can't be certain with tar files */
244 zend_hash_init(&myphar->manifest, 2 + (totalsize >> 12),
245 zend_get_hash_value, destroy_phar_manifest_entry, (bool)myphar->is_persistent);
246 zend_hash_init(&myphar->mounted_dirs, 5,
247 zend_get_hash_value, NULL, (bool)myphar->is_persistent);
248 zend_hash_init(&myphar->virtual_dirs, 4 + (totalsize >> 11),
249 zend_get_hash_value, NULL, (bool)myphar->is_persistent);
250 myphar->is_tar = 1;
251 /* remember whether this entire phar was compressed with gz/bzip2 */
252 myphar->flags = compression;
253
254 entry.is_tar = 1;
255 entry.is_crc_checked = 1;
256 entry.phar = myphar;
257 pos += sizeof(buf);
258
259 do {
260 phar_entry_info *newentry;
261
262 pos = php_stream_tell(fp);
263 hdr = (tar_header*) buf;
264 sum1 = phar_tar_number(hdr->checksum, sizeof(hdr->checksum));
265 if (sum1 == 0 && phar_tar_checksum(buf, sizeof(buf)) == 0) {
266 break;
267 }
268 memset(hdr->checksum, ' ', sizeof(hdr->checksum));
269 sum2 = phar_tar_checksum(buf, old?sizeof(old_tar_header):sizeof(tar_header));
270
271 if (old && sum2 != sum1) {
272 uint32_t sum3 = phar_tar_checksum(buf, sizeof(tar_header));
273 if (sum3 == sum1) {
274 /* apparently a broken tar which is in ustar format w/o setting the ustar marker */
275 sum2 = sum3;
276 old = 0;
277 }
278 }
279
280 size = entry.uncompressed_filesize = entry.compressed_filesize =
281 phar_tar_number(hdr->size, sizeof(hdr->size));
282
283 /* skip global/file headers (pax) */
284 if (!old && (hdr->typeflag == TAR_GLOBAL_HDR || hdr->typeflag == TAR_FILE_HDR)) {
285 size = (size+511)&~511;
286 goto next;
287 }
288
289 if (((!old && hdr->prefix[0] == 0) || old) && strnlen(hdr->name, 100) == sizeof(".phar/signature.bin")-1 && !strncmp(hdr->name, ".phar/signature.bin", sizeof(".phar/signature.bin")-1)) {
290 zend_off_t curloc;
291 size_t sig_len;
292
293 if (size > 511) {
294 if (error) {
295 spprintf(error, 4096, "phar error: tar-based phar \"%s\" has signature that is larger than 511 bytes, cannot process", fname);
296 }
297 bail:
298 php_stream_close(fp);
299 phar_destroy_phar_data(myphar);
300 return FAILURE;
301 }
302 curloc = php_stream_tell(fp);
303 read = php_stream_read(fp, buf, size);
304 if (read != size || read <= 8) {
305 if (error) {
306 spprintf(error, 4096, "phar error: tar-based phar \"%s\" signature cannot be read", fname);
307 }
308 goto bail;
309 }
310 #ifdef WORDS_BIGENDIAN
311 # define PHAR_GET_32(buffer) \
312 (((((unsigned char*)(buffer))[3]) << 24) \
313 | ((((unsigned char*)(buffer))[2]) << 16) \
314 | ((((unsigned char*)(buffer))[1]) << 8) \
315 | (((unsigned char*)(buffer))[0]))
316 #else
317 # define PHAR_GET_32(buffer) (uint32_t) *(buffer)
318 #endif
319 myphar->sig_flags = PHAR_GET_32(buf);
320 if (FAILURE == phar_verify_signature(fp, php_stream_tell(fp) - size - 512, myphar->sig_flags, buf + 8, size - 8, fname, &myphar->signature, &sig_len, error)) {
321 if (error) {
322 char *save = *error;
323 spprintf(error, 4096, "phar error: tar-based phar \"%s\" signature cannot be verified: %s", fname, save);
324 efree(save);
325 }
326 goto bail;
327 }
328 myphar->sig_len = sig_len;
329 php_stream_seek(fp, curloc + 512, SEEK_SET);
330 /* signature checked out, let's ensure this is the last file in the phar */
331 if (((hdr->typeflag == '\0') || (hdr->typeflag == TAR_FILE)) && size > 0) {
332 /* this is not good enough - seek succeeds even on truncated tars */
333 php_stream_seek(fp, 512, SEEK_CUR);
334 if ((uint32_t)php_stream_tell(fp) > totalsize) {
335 if (error) {
336 spprintf(error, 4096, "phar error: \"%s\" is a corrupted tar file (truncated)", fname);
337 }
338 php_stream_close(fp);
339 phar_destroy_phar_data(myphar);
340 return FAILURE;
341 }
342 }
343
344 read = php_stream_read(fp, buf, sizeof(buf));
345
346 if (read != sizeof(buf)) {
347 if (error) {
348 spprintf(error, 4096, "phar error: \"%s\" is a corrupted tar file (truncated)", fname);
349 }
350 php_stream_close(fp);
351 phar_destroy_phar_data(myphar);
352 return FAILURE;
353 }
354
355 hdr = (tar_header*) buf;
356 sum1 = phar_tar_number(hdr->checksum, sizeof(hdr->checksum));
357
358 if (sum1 == 0 && phar_tar_checksum(buf, sizeof(buf)) == 0) {
359 break;
360 }
361
362 if (error) {
363 spprintf(error, 4096, "phar error: \"%s\" has entries after signature, invalid phar", fname);
364 }
365
366 goto bail;
367 }
368
369 if (!last_was_longlink && hdr->typeflag == 'L') {
370 last_was_longlink = 1;
371 /* support the ././@LongLink system for storing long filenames */
372 entry.filename_len = entry.uncompressed_filesize;
373
374 /* Check for overflow - bug 61065 */
375 if (entry.filename_len == UINT_MAX || entry.filename_len == 0) {
376 if (error) {
377 spprintf(error, 4096, "phar error: \"%s\" is a corrupted tar file (invalid entry size)", fname);
378 }
379 php_stream_close(fp);
380 phar_destroy_phar_data(myphar);
381 return FAILURE;
382 }
383 entry.filename = pemalloc(entry.filename_len+1, myphar->is_persistent);
384
385 read = php_stream_read(fp, entry.filename, entry.filename_len);
386 if (read != entry.filename_len) {
387 efree(entry.filename);
388 if (error) {
389 spprintf(error, 4096, "phar error: \"%s\" is a corrupted tar file (truncated)", fname);
390 }
391 php_stream_close(fp);
392 phar_destroy_phar_data(myphar);
393 return FAILURE;
394 }
395 entry.filename[entry.filename_len] = '\0';
396
397 /* skip blank stuff */
398 size = ((size+511)&~511) - size;
399
400 /* this is not good enough - seek succeeds even on truncated tars */
401 php_stream_seek(fp, size, SEEK_CUR);
402 if ((uint32_t)php_stream_tell(fp) > totalsize) {
403 efree(entry.filename);
404 if (error) {
405 spprintf(error, 4096, "phar error: \"%s\" is a corrupted tar file (truncated)", fname);
406 }
407 php_stream_close(fp);
408 phar_destroy_phar_data(myphar);
409 return FAILURE;
410 }
411
412 read = php_stream_read(fp, buf, sizeof(buf));
413
414 if (read != sizeof(buf)) {
415 efree(entry.filename);
416 if (error) {
417 spprintf(error, 4096, "phar error: \"%s\" is a corrupted tar file (truncated)", fname);
418 }
419 php_stream_close(fp);
420 phar_destroy_phar_data(myphar);
421 return FAILURE;
422 }
423 continue;
424 } else if (!last_was_longlink && !old && hdr->prefix[0] != 0) {
425 char name[256];
426 int i, j;
427
428 for (i = 0; i < 155; i++) {
429 name[i] = hdr->prefix[i];
430 if (name[i] == '\0') {
431 break;
432 }
433 }
434 name[i++] = '/';
435 for (j = 0; j < 100; j++) {
436 name[i+j] = hdr->name[j];
437 if (name[i+j] == '\0') {
438 break;
439 }
440 }
441
442 entry.filename_len = i+j;
443
444 if (name[entry.filename_len - 1] == '/') {
445 /* some tar programs store directories with trailing slash */
446 entry.filename_len--;
447 }
448 entry.filename = pestrndup(name, entry.filename_len, myphar->is_persistent);
449 } else if (!last_was_longlink) {
450 int i;
451
452 /* calculate strlen, which can be no longer than 100 */
453 for (i = 0; i < 100; i++) {
454 if (hdr->name[i] == '\0') {
455 break;
456 }
457 }
458 entry.filename_len = i;
459 entry.filename = pestrndup(hdr->name, i, myphar->is_persistent);
460
461 if (i > 0 && entry.filename[entry.filename_len - 1] == '/') {
462 /* some tar programs store directories with trailing slash */
463 entry.filename[entry.filename_len - 1] = '\0';
464 entry.filename_len--;
465 }
466 }
467 last_was_longlink = 0;
468
469 phar_add_virtual_dirs(myphar, entry.filename, entry.filename_len);
470
471 if (sum1 != sum2) {
472 if (error) {
473 spprintf(error, 4096, "phar error: \"%s\" is a corrupted tar file (checksum mismatch of file \"%s\")", fname, entry.filename);
474 }
475 pefree(entry.filename, myphar->is_persistent);
476 php_stream_close(fp);
477 phar_destroy_phar_data(myphar);
478 return FAILURE;
479 }
480
481 uint32_t entry_mode = phar_tar_number(hdr->mode, sizeof(hdr->mode));
482 entry.tar_type = ((old & (hdr->typeflag == '\0')) ? TAR_FILE : hdr->typeflag);
483 entry.offset = entry.offset_abs = pos; /* header_offset unused in tar */
484 entry.fp_type = PHAR_FP;
485 entry.flags = entry_mode & PHAR_ENT_PERM_MASK;
486 entry.timestamp = phar_tar_number(hdr->mtime, sizeof(hdr->mtime));
487 entry.is_persistent = myphar->is_persistent;
488
489 if (old && entry.tar_type == TAR_FILE && S_ISDIR(entry_mode)) {
490 entry.tar_type = TAR_DIR;
491 }
492
493 if (entry.tar_type == TAR_DIR) {
494 entry.is_dir = 1;
495 } else {
496 entry.is_dir = 0;
497 }
498
499 entry.link = NULL;
500 /* link field is null-terminated unless it has 100 non-null chars.
501 * Thus we can not use strlen. */
502 linkname_len = strnlen(hdr->linkname, 100);
503 if (entry.tar_type == TAR_LINK) {
504 if (!zend_hash_str_exists(&myphar->manifest, hdr->linkname, linkname_len)) {
505 if (error) {
506 spprintf(error, 4096, "phar error: \"%s\" is a corrupted tar file - hard link to non-existent file \"%.*s\"", fname, (int)linkname_len, hdr->linkname);
507 }
508 pefree(entry.filename, entry.is_persistent);
509 php_stream_close(fp);
510 phar_destroy_phar_data(myphar);
511 return FAILURE;
512 }
513 entry.link = estrndup(hdr->linkname, linkname_len);
514 } else if (entry.tar_type == TAR_SYMLINK) {
515 entry.link = estrndup(hdr->linkname, linkname_len);
516 }
517 phar_set_inode(&entry);
518
519 newentry = zend_hash_str_update_mem(&myphar->manifest, entry.filename, entry.filename_len, (void*)&entry, sizeof(phar_entry_info));
520 ZEND_ASSERT(newentry != NULL);
521
522 if (entry.is_persistent) {
523 ++entry.manifest_pos;
524 }
525
526 if (entry.filename_len >= sizeof(".phar/.metadata")-1 && !memcmp(entry.filename, ".phar/.metadata", sizeof(".phar/.metadata")-1)) {
527 if (FAILURE == phar_tar_process_metadata(newentry, fp)) {
528 if (error) {
529 spprintf(error, 4096, "phar error: tar-based phar \"%s\" has invalid metadata in magic file \"%s\"", fname, entry.filename);
530 }
531 php_stream_close(fp);
532 phar_destroy_phar_data(myphar);
533 return FAILURE;
534 }
535 }
536
537 if (!actual_alias && entry.filename_len == sizeof(".phar/alias.txt")-1 && !strncmp(entry.filename, ".phar/alias.txt", sizeof(".phar/alias.txt")-1)) {
538 /* found explicit alias */
539 if (size > 511) {
540 if (error) {
541 spprintf(error, 4096, "phar error: tar-based phar \"%s\" has alias that is larger than 511 bytes, cannot process", fname);
542 }
543 php_stream_close(fp);
544 phar_destroy_phar_data(myphar);
545 return FAILURE;
546 }
547
548 read = php_stream_read(fp, buf, size);
549
550 if (read == size) {
551 buf[size] = '\0';
552 if (!phar_validate_alias(buf, size)) {
553 if (size > 50) {
554 buf[50] = '.';
555 buf[51] = '.';
556 buf[52] = '.';
557 buf[53] = '\0';
558 }
559
560 if (error) {
561 spprintf(error, 4096, "phar error: invalid alias \"%s\" in tar-based phar \"%s\"", buf, fname);
562 }
563
564 php_stream_close(fp);
565 phar_destroy_phar_data(myphar);
566 return FAILURE;
567 }
568
569 actual_alias = pestrndup(buf, size, myphar->is_persistent);
570 myphar->alias = actual_alias;
571 myphar->alias_len = size;
572 php_stream_seek(fp, pos, SEEK_SET);
573 } else {
574 if (error) {
575 spprintf(error, 4096, "phar error: Unable to read alias from tar-based phar \"%s\"", fname);
576 }
577
578 php_stream_close(fp);
579 phar_destroy_phar_data(myphar);
580 return FAILURE;
581 }
582 }
583
584 size = (size+511)&~511;
585
586 if (((hdr->typeflag == '\0') || (hdr->typeflag == TAR_FILE)) && size > 0) {
587 next:
588 /* this is not good enough - seek succeeds even on truncated tars */
589 php_stream_seek(fp, size, SEEK_CUR);
590 if ((uint32_t)php_stream_tell(fp) > totalsize) {
591 if (error) {
592 spprintf(error, 4096, "phar error: \"%s\" is a corrupted tar file (truncated)", fname);
593 }
594 php_stream_close(fp);
595 phar_destroy_phar_data(myphar);
596 return FAILURE;
597 }
598 }
599
600 read = php_stream_read(fp, buf, sizeof(buf));
601
602 if (read != sizeof(buf)) {
603 if (error) {
604 spprintf(error, 4096, "phar error: \"%s\" is a corrupted tar file (truncated)", fname);
605 }
606 php_stream_close(fp);
607 phar_destroy_phar_data(myphar);
608 return FAILURE;
609 }
610 } while (!php_stream_eof(fp));
611
612 if (zend_hash_str_exists(&(myphar->manifest), ".phar/stub.php", sizeof(".phar/stub.php")-1)) {
613 myphar->is_data = 0;
614 } else {
615 myphar->is_data = 1;
616 }
617
618 /* ensure signature set */
619 if (!myphar->is_data && PHAR_G(require_hash) && !myphar->signature) {
620 php_stream_close(fp);
621 phar_destroy_phar_data(myphar);
622 if (error) {
623 spprintf(error, 0, "tar-based phar \"%s\" does not have a signature", fname);
624 }
625 return FAILURE;
626 }
627
628 myphar->fname = pestrndup(fname, fname_len, myphar->is_persistent);
629 #ifdef PHP_WIN32
630 phar_unixify_path_separators(myphar->fname, fname_len);
631 #endif
632 myphar->fname_len = fname_len;
633 myphar->fp = fp;
634 p = strrchr(myphar->fname, '/');
635
636 if (p) {
637 myphar->ext = memchr(p, '.', (myphar->fname + fname_len) - p);
638 if (myphar->ext == p) {
639 myphar->ext = memchr(p + 1, '.', (myphar->fname + fname_len) - p - 1);
640 }
641 if (myphar->ext) {
642 myphar->ext_len = (myphar->fname + fname_len) - myphar->ext;
643 }
644 }
645
646 phar_request_initialize();
647
648 if (NULL == (actual = zend_hash_str_add_ptr(&(PHAR_G(phar_fname_map)), myphar->fname, fname_len, myphar))) {
649 if (error) {
650 spprintf(error, 4096, "phar error: Unable to add tar-based phar \"%s\" to phar registry", fname);
651 }
652 php_stream_close(fp);
653 phar_destroy_phar_data(myphar);
654 return FAILURE;
655 }
656
657 myphar = actual;
658
659 if (actual_alias) {
660 phar_archive_data *fd_ptr;
661
662 myphar->is_temporary_alias = 0;
663
664 if (NULL != (fd_ptr = zend_hash_str_find_ptr(&(PHAR_G(phar_alias_map)), actual_alias, myphar->alias_len))) {
665 if (SUCCESS != phar_free_alias(fd_ptr, actual_alias, myphar->alias_len)) {
666 if (error) {
667 spprintf(error, 4096, "phar error: Unable to add tar-based phar \"%s\", alias is already in use", fname);
668 }
669 zend_hash_str_del(&(PHAR_G(phar_fname_map)), myphar->fname, fname_len);
670 return FAILURE;
671 }
672 }
673
674 zend_hash_str_add_ptr(&(PHAR_G(phar_alias_map)), actual_alias, myphar->alias_len, myphar);
675 } else {
676 phar_archive_data *fd_ptr;
677
678 if (alias_len) {
679 if (NULL != (fd_ptr = zend_hash_str_find_ptr(&(PHAR_G(phar_alias_map)), alias, alias_len))) {
680 if (SUCCESS != phar_free_alias(fd_ptr, alias, alias_len)) {
681 if (error) {
682 spprintf(error, 4096, "phar error: Unable to add tar-based phar \"%s\", alias is already in use", fname);
683 }
684 zend_hash_str_del(&(PHAR_G(phar_fname_map)), myphar->fname, fname_len);
685 return FAILURE;
686 }
687 }
688 zend_hash_str_add_ptr(&(PHAR_G(phar_alias_map)), alias, alias_len, myphar);
689 myphar->alias = pestrndup(alias, alias_len, myphar->is_persistent);
690 myphar->alias_len = alias_len;
691 } else {
692 myphar->alias = pestrndup(myphar->fname, fname_len, myphar->is_persistent);
693 myphar->alias_len = fname_len;
694 }
695
696 myphar->is_temporary_alias = 1;
697 }
698
699 if (pphar) {
700 *pphar = myphar;
701 }
702
703 return SUCCESS;
704 }
705 /* }}} */
706
707 struct _phar_pass_tar_info {
708 php_stream *old;
709 php_stream *new;
710 int free_fp;
711 int free_ufp;
712 char **error;
713 };
714
phar_tar_writeheaders_int(phar_entry_info * entry,void * argument)715 static int phar_tar_writeheaders_int(phar_entry_info *entry, void *argument) /* {{{ */
716 {
717 tar_header header;
718 size_t pos;
719 struct _phar_pass_tar_info *fp = (struct _phar_pass_tar_info *)argument;
720 char padding[512];
721
722 if (entry->is_mounted) {
723 return ZEND_HASH_APPLY_KEEP;
724 }
725
726 if (entry->is_deleted) {
727 if (entry->fp_refcount <= 0) {
728 return ZEND_HASH_APPLY_REMOVE;
729 } else {
730 /* we can't delete this in-memory until it is closed */
731 return ZEND_HASH_APPLY_KEEP;
732 }
733 }
734
735 phar_add_virtual_dirs(entry->phar, entry->filename, entry->filename_len);
736 memset((char *) &header, 0, sizeof(header));
737
738 if (entry->filename_len > 100) {
739 char *boundary;
740 if (entry->filename_len > 256) {
741 if (fp->error) {
742 spprintf(fp->error, 4096, "tar-based phar \"%s\" cannot be created, filename \"%s\" is too long for tar file format", entry->phar->fname, entry->filename);
743 }
744 return ZEND_HASH_APPLY_STOP;
745 }
746 boundary = entry->filename + entry->filename_len - 101;
747 while (*boundary && *boundary != '/') {
748 ++boundary;
749 }
750 if (!*boundary || ((boundary - entry->filename) > 155)) {
751 if (fp->error) {
752 spprintf(fp->error, 4096, "tar-based phar \"%s\" cannot be created, filename \"%s\" is too long for tar file format", entry->phar->fname, entry->filename);
753 }
754 return ZEND_HASH_APPLY_STOP;
755 }
756 memcpy(header.prefix, entry->filename, boundary - entry->filename);
757 memcpy(header.name, boundary + 1, entry->filename_len - (boundary + 1 - entry->filename));
758 } else {
759 memcpy(header.name, entry->filename, entry->filename_len);
760 }
761
762 phar_tar_octal(header.mode, entry->flags & PHAR_ENT_PERM_MASK, sizeof(header.mode)-1);
763
764 if (FAILURE == phar_tar_octal(header.size, entry->uncompressed_filesize, sizeof(header.size)-1)) {
765 if (fp->error) {
766 spprintf(fp->error, 4096, "tar-based phar \"%s\" cannot be created, filename \"%s\" is too large for tar file format", entry->phar->fname, entry->filename);
767 }
768 return ZEND_HASH_APPLY_STOP;
769 }
770
771 if (FAILURE == phar_tar_octal(header.mtime, entry->timestamp, sizeof(header.mtime)-1)) {
772 if (fp->error) {
773 spprintf(fp->error, 4096, "tar-based phar \"%s\" cannot be created, file modification time of file \"%s\" is too large for tar file format", entry->phar->fname, entry->filename);
774 }
775 return ZEND_HASH_APPLY_STOP;
776 }
777
778 /* calc checksum */
779 header.typeflag = entry->tar_type;
780
781 if (entry->link) {
782 if (strlcpy(header.linkname, entry->link, sizeof(header.linkname)) >= sizeof(header.linkname)) {
783 if (fp->error) {
784 spprintf(fp->error, 4096, "tar-based phar \"%s\" cannot be created, link \"%s\" is too long for format", entry->phar->fname, entry->link);
785 }
786 return ZEND_HASH_APPLY_STOP;
787 }
788 }
789
790 memcpy(header.magic, "ustar", sizeof("ustar")-1);
791 memcpy(header.version, "00", sizeof("00")-1);
792 memcpy(header.checksum, " ", sizeof(" ")-1);
793 entry->crc32 = phar_tar_checksum((char *)&header, sizeof(header));
794
795 if (FAILURE == phar_tar_octal(header.checksum, entry->crc32, sizeof(header.checksum)-1)) {
796 if (fp->error) {
797 spprintf(fp->error, 4096, "tar-based phar \"%s\" cannot be created, checksum of file \"%s\" is too large for tar file format", entry->phar->fname, entry->filename);
798 }
799 return ZEND_HASH_APPLY_STOP;
800 }
801
802 /* write header */
803 entry->header_offset = php_stream_tell(fp->new);
804
805 if (sizeof(header) != php_stream_write(fp->new, (char *) &header, sizeof(header))) {
806 if (fp->error) {
807 spprintf(fp->error, 4096, "tar-based phar \"%s\" cannot be created, header for file \"%s\" could not be written", entry->phar->fname, entry->filename);
808 }
809 return ZEND_HASH_APPLY_STOP;
810 }
811
812 pos = php_stream_tell(fp->new); /* save start of file within tar */
813
814 /* write contents */
815 if (entry->uncompressed_filesize) {
816 if (FAILURE == phar_open_entry_fp(entry, fp->error, 0)) {
817 return ZEND_HASH_APPLY_STOP;
818 }
819
820 if (-1 == phar_seek_efp(entry, 0, SEEK_SET, 0, 0)) {
821 if (fp->error) {
822 spprintf(fp->error, 4096, "tar-based phar \"%s\" cannot be created, contents of file \"%s\" could not be written, seek failed", entry->phar->fname, entry->filename);
823 }
824 return ZEND_HASH_APPLY_STOP;
825 }
826
827 if (SUCCESS != php_stream_copy_to_stream_ex(phar_get_efp(entry, 0), fp->new, entry->uncompressed_filesize, NULL)) {
828 if (fp->error) {
829 spprintf(fp->error, 4096, "tar-based phar \"%s\" cannot be created, contents of file \"%s\" could not be written", entry->phar->fname, entry->filename);
830 }
831 return ZEND_HASH_APPLY_STOP;
832 }
833
834 memset(padding, 0, 512);
835 php_stream_write(fp->new, padding, ((entry->uncompressed_filesize +511)&~511) - entry->uncompressed_filesize);
836 }
837
838 if (!entry->is_modified && entry->fp_refcount) {
839 /* open file pointers refer to this fp, do not free the stream */
840 switch (entry->fp_type) {
841 case PHAR_FP:
842 fp->free_fp = 0;
843 break;
844 case PHAR_UFP:
845 fp->free_ufp = 0;
846 default:
847 break;
848 }
849 }
850
851 entry->is_modified = 0;
852
853 if (entry->fp_type == PHAR_MOD && entry->fp != entry->phar->fp && entry->fp != entry->phar->ufp) {
854 if (!entry->fp_refcount) {
855 php_stream_close(entry->fp);
856 }
857 entry->fp = NULL;
858 }
859
860 entry->fp_type = PHAR_FP;
861
862 /* note new location within tar */
863 entry->offset = entry->offset_abs = pos;
864 return ZEND_HASH_APPLY_KEEP;
865 }
866 /* }}} */
867
phar_tar_writeheaders(zval * zv,void * argument)868 static int phar_tar_writeheaders(zval *zv, void *argument) /* {{{ */
869 {
870 return phar_tar_writeheaders_int(Z_PTR_P(zv), argument);
871 }
872 /* }}} */
873
phar_tar_setmetadata(const phar_metadata_tracker * tracker,phar_entry_info * entry,char ** error)874 int phar_tar_setmetadata(const phar_metadata_tracker *tracker, phar_entry_info *entry, char **error) /* {{{ */
875 {
876 /* Copy the metadata from tracker to the new entry being written out to temporary files */
877 const zend_string *serialized_str;
878 phar_metadata_tracker_copy(&entry->metadata_tracker, tracker, entry->is_persistent);
879 phar_metadata_tracker_try_ensure_has_serialized_data(&entry->metadata_tracker, entry->is_persistent);
880 serialized_str = entry->metadata_tracker.str;
881
882 /* If there is no data, this will replace the metadata file (e.g. .phar/.metadata.bin) with an empty file */
883 entry->uncompressed_filesize = entry->compressed_filesize = serialized_str ? ZSTR_LEN(serialized_str) : 0;
884
885 if (entry->fp && entry->fp_type == PHAR_MOD) {
886 php_stream_close(entry->fp);
887 }
888
889 entry->fp_type = PHAR_MOD;
890 entry->is_modified = 1;
891 entry->fp = php_stream_fopen_tmpfile();
892 entry->offset = entry->offset_abs = 0;
893 if (entry->fp == NULL) {
894 spprintf(error, 0, "phar error: unable to create temporary file");
895 return -1;
896 }
897 if (serialized_str && ZSTR_LEN(serialized_str) != php_stream_write(entry->fp, ZSTR_VAL(serialized_str), ZSTR_LEN(serialized_str))) {
898 spprintf(error, 0, "phar tar error: unable to write metadata to magic metadata file \"%s\"", entry->filename);
899 zend_hash_str_del(&(entry->phar->manifest), entry->filename, entry->filename_len);
900 return ZEND_HASH_APPLY_STOP;
901 }
902
903 return ZEND_HASH_APPLY_KEEP;
904 }
905 /* }}} */
906
phar_tar_setupmetadata(zval * zv,void * argument)907 static int phar_tar_setupmetadata(zval *zv, void *argument) /* {{{ */
908 {
909 int lookfor_len;
910 struct _phar_pass_tar_info *i = (struct _phar_pass_tar_info *)argument;
911 char *lookfor, **error = i->error;
912 phar_entry_info *entry = (phar_entry_info *)Z_PTR_P(zv), *metadata, newentry = {0};
913
914 if (entry->filename_len >= sizeof(".phar/.metadata") && !memcmp(entry->filename, ".phar/.metadata", sizeof(".phar/.metadata")-1)) {
915 if (entry->filename_len == sizeof(".phar/.metadata.bin")-1 && !memcmp(entry->filename, ".phar/.metadata.bin", sizeof(".phar/.metadata.bin")-1)) {
916 return phar_tar_setmetadata(&entry->phar->metadata_tracker, entry, error);
917 }
918 /* search for the file this metadata entry references */
919 if (entry->filename_len >= sizeof(".phar/.metadata/") + sizeof("/.metadata.bin") - 1 && !zend_hash_str_exists(&(entry->phar->manifest), entry->filename + sizeof(".phar/.metadata/") - 1, entry->filename_len - (sizeof("/.metadata.bin") - 1 + sizeof(".phar/.metadata/") - 1))) {
920 /* this is orphaned metadata, erase it */
921 return ZEND_HASH_APPLY_REMOVE;
922 }
923 /* we can keep this entry, the file that refers to it exists */
924 return ZEND_HASH_APPLY_KEEP;
925 }
926
927 if (!entry->is_modified) {
928 return ZEND_HASH_APPLY_KEEP;
929 }
930
931 /* now we are dealing with regular files, so look for metadata */
932 lookfor_len = spprintf(&lookfor, 0, ".phar/.metadata/%s/.metadata.bin", entry->filename);
933
934 if (!phar_metadata_tracker_has_data(&entry->metadata_tracker, entry->is_persistent)) {
935 zend_hash_str_del(&(entry->phar->manifest), lookfor, lookfor_len);
936 efree(lookfor);
937 return ZEND_HASH_APPLY_KEEP;
938 }
939
940 if (NULL != (metadata = zend_hash_str_find_ptr(&(entry->phar->manifest), lookfor, lookfor_len))) {
941 int ret;
942 ret = phar_tar_setmetadata(&entry->metadata_tracker, metadata, error);
943 efree(lookfor);
944 return ret;
945 }
946
947 newentry.filename = lookfor;
948 newentry.filename_len = lookfor_len;
949 newentry.phar = entry->phar;
950 newentry.tar_type = TAR_FILE;
951 newentry.is_tar = 1;
952
953 if (NULL == (metadata = zend_hash_str_add_mem(&(entry->phar->manifest), lookfor, lookfor_len, (void *)&newentry, sizeof(phar_entry_info)))) {
954 efree(lookfor);
955 spprintf(error, 0, "phar tar error: unable to add magic metadata file to manifest for file \"%s\"", entry->filename);
956 return ZEND_HASH_APPLY_STOP;
957 }
958
959 return phar_tar_setmetadata(&entry->metadata_tracker, metadata, error);
960 }
961 /* }}} */
962
phar_tar_flush(phar_archive_data * phar,char * user_stub,zend_long len,int defaultstub,char ** error)963 int phar_tar_flush(phar_archive_data *phar, char *user_stub, zend_long len, int defaultstub, char **error) /* {{{ */
964 {
965 phar_entry_info entry = {0};
966 static const char newstub[] = "<?php // tar-based phar archive stub file\n__HALT_COMPILER();";
967 php_stream *oldfile, *newfile, *stubfile;
968 int closeoldfile, free_user_stub;
969 size_t signature_length;
970 struct _phar_pass_tar_info pass;
971 char *buf, *signature, *tmp, sigbuf[8];
972 char halt_stub[] = "__HALT_COMPILER();";
973
974 entry.flags = PHAR_ENT_PERM_DEF_FILE;
975 entry.timestamp = time(NULL);
976 entry.is_modified = 1;
977 entry.is_crc_checked = 1;
978 entry.is_tar = 1;
979 entry.tar_type = '0';
980 entry.phar = phar;
981 entry.fp_type = PHAR_MOD;
982 entry.fp = NULL;
983 entry.filename = NULL;
984
985 if (phar->is_persistent) {
986 if (error) {
987 spprintf(error, 0, "internal error: attempt to flush cached tar-based phar \"%s\"", phar->fname);
988 }
989 return EOF;
990 }
991
992 if (phar->is_data) {
993 goto nostub;
994 }
995
996 /* set alias */
997 if (!phar->is_temporary_alias && phar->alias_len) {
998 entry.filename = estrndup(".phar/alias.txt", sizeof(".phar/alias.txt")-1);
999 entry.filename_len = sizeof(".phar/alias.txt")-1;
1000 entry.fp = php_stream_fopen_tmpfile();
1001 if (entry.fp == NULL) {
1002 efree(entry.filename);
1003 spprintf(error, 0, "phar error: unable to create temporary file");
1004 return -1;
1005 }
1006 if (phar->alias_len != php_stream_write(entry.fp, phar->alias, phar->alias_len)) {
1007 if (error) {
1008 spprintf(error, 0, "unable to set alias in tar-based phar \"%s\"", phar->fname);
1009 }
1010 php_stream_close(entry.fp);
1011 efree(entry.filename);
1012 return EOF;
1013 }
1014
1015 entry.uncompressed_filesize = phar->alias_len;
1016
1017 zend_hash_str_update_mem(&phar->manifest, entry.filename, entry.filename_len, (void*)&entry, sizeof(phar_entry_info));
1018 /* At this point the entry is saved into the manifest. The manifest destroy
1019 routine will care about any resources to be freed. */
1020 } else {
1021 zend_hash_str_del(&phar->manifest, ".phar/alias.txt", sizeof(".phar/alias.txt")-1);
1022 }
1023
1024 /* set stub */
1025 if (user_stub && !defaultstub) {
1026 char *pos;
1027 if (len < 0) {
1028 /* resource passed in */
1029 if (!(php_stream_from_zval_no_verify(stubfile, (zval *)user_stub))) {
1030 if (error) {
1031 spprintf(error, 0, "unable to access resource to copy stub to new tar-based phar \"%s\"", phar->fname);
1032 }
1033 return EOF;
1034 }
1035 if (len == -1) {
1036 len = PHP_STREAM_COPY_ALL;
1037 } else {
1038 len = -len;
1039 }
1040 user_stub = 0;
1041
1042 // TODO: refactor to avoid reallocation ???
1043 //??? len = php_stream_copy_to_mem(stubfile, &user_stub, len, 0)
1044 {
1045 zend_string *str = php_stream_copy_to_mem(stubfile, len, 0);
1046 if (str) {
1047 len = ZSTR_LEN(str);
1048 user_stub = estrndup(ZSTR_VAL(str), ZSTR_LEN(str));
1049 zend_string_release_ex(str, 0);
1050 } else {
1051 user_stub = NULL;
1052 len = 0;
1053 }
1054 }
1055
1056 if (!len || !user_stub) {
1057 if (error) {
1058 spprintf(error, 0, "unable to read resource to copy stub to new tar-based phar \"%s\"", phar->fname);
1059 }
1060 return EOF;
1061 }
1062 free_user_stub = 1;
1063 } else {
1064 free_user_stub = 0;
1065 }
1066
1067 tmp = estrndup(user_stub, len);
1068 if ((pos = php_stristr(tmp, halt_stub, len, sizeof(halt_stub) - 1)) == NULL) {
1069 efree(tmp);
1070 if (error) {
1071 spprintf(error, 0, "illegal stub for tar-based phar \"%s\"", phar->fname);
1072 }
1073 if (free_user_stub) {
1074 efree(user_stub);
1075 }
1076 return EOF;
1077 }
1078 pos = user_stub + (pos - tmp);
1079 efree(tmp);
1080
1081 len = pos - user_stub + 18;
1082 entry.fp = php_stream_fopen_tmpfile();
1083 if (entry.fp == NULL) {
1084 spprintf(error, 0, "phar error: unable to create temporary file");
1085 return EOF;
1086 }
1087 entry.uncompressed_filesize = len + 5;
1088
1089 if ((size_t)len != php_stream_write(entry.fp, user_stub, len)
1090 || 5 != php_stream_write(entry.fp, " ?>\r\n", 5)) {
1091 if (error) {
1092 spprintf(error, 0, "unable to create stub from string in new tar-based phar \"%s\"", phar->fname);
1093 }
1094 if (free_user_stub) {
1095 efree(user_stub);
1096 }
1097 php_stream_close(entry.fp);
1098 return EOF;
1099 }
1100
1101 entry.filename = estrndup(".phar/stub.php", sizeof(".phar/stub.php")-1);
1102 entry.filename_len = sizeof(".phar/stub.php")-1;
1103 zend_hash_str_update_mem(&phar->manifest, entry.filename, entry.filename_len, (void*)&entry, sizeof(phar_entry_info));
1104
1105 if (free_user_stub) {
1106 efree(user_stub);
1107 }
1108 } else {
1109 /* Either this is a brand new phar (add the stub), or the default stub is required (overwrite the stub) */
1110 entry.fp = php_stream_fopen_tmpfile();
1111 if (entry.fp == NULL) {
1112 spprintf(error, 0, "phar error: unable to create temporary file");
1113 return EOF;
1114 }
1115 if (sizeof(newstub)-1 != php_stream_write(entry.fp, newstub, sizeof(newstub)-1)) {
1116 php_stream_close(entry.fp);
1117 if (error) {
1118 spprintf(error, 0, "unable to %s stub in%star-based phar \"%s\", failed", user_stub ? "overwrite" : "create", user_stub ? " " : " new ", phar->fname);
1119 }
1120 return EOF;
1121 }
1122
1123 entry.uncompressed_filesize = entry.compressed_filesize = sizeof(newstub) - 1;
1124 entry.filename = estrndup(".phar/stub.php", sizeof(".phar/stub.php")-1);
1125 entry.filename_len = sizeof(".phar/stub.php")-1;
1126
1127 if (!defaultstub) {
1128 if (!zend_hash_str_exists(&phar->manifest, ".phar/stub.php", sizeof(".phar/stub.php")-1)) {
1129 if (NULL == zend_hash_str_add_mem(&phar->manifest, entry.filename, entry.filename_len, (void*)&entry, sizeof(phar_entry_info))) {
1130 php_stream_close(entry.fp);
1131 efree(entry.filename);
1132 if (error) {
1133 spprintf(error, 0, "unable to create stub in tar-based phar \"%s\"", phar->fname);
1134 }
1135 return EOF;
1136 }
1137 } else {
1138 php_stream_close(entry.fp);
1139 efree(entry.filename);
1140 }
1141 } else {
1142 zend_hash_str_update_mem(&phar->manifest, entry.filename, entry.filename_len, (void*)&entry, sizeof(phar_entry_info));
1143 }
1144 }
1145 nostub:
1146 if (phar->fp && !phar->is_brandnew) {
1147 oldfile = phar->fp;
1148 closeoldfile = 0;
1149 php_stream_rewind(oldfile);
1150 } else {
1151 oldfile = php_stream_open_wrapper(phar->fname, "rb", 0, NULL);
1152 closeoldfile = oldfile != NULL;
1153 }
1154
1155 newfile = php_stream_fopen_tmpfile();
1156 if (!newfile) {
1157 if (error) {
1158 spprintf(error, 0, "unable to create temporary file");
1159 }
1160 if (closeoldfile) {
1161 php_stream_close(oldfile);
1162 }
1163 return EOF;
1164 }
1165
1166 pass.old = oldfile;
1167 pass.new = newfile;
1168 pass.error = error;
1169 pass.free_fp = 1;
1170 pass.free_ufp = 1;
1171
1172 if (phar_metadata_tracker_has_data(&phar->metadata_tracker, phar->is_persistent)) {
1173 phar_entry_info *mentry;
1174 if (NULL != (mentry = zend_hash_str_find_ptr(&(phar->manifest), ".phar/.metadata.bin", sizeof(".phar/.metadata.bin")-1))) {
1175 if (ZEND_HASH_APPLY_KEEP != phar_tar_setmetadata(&phar->metadata_tracker, mentry, error)) {
1176 if (closeoldfile) {
1177 php_stream_close(oldfile);
1178 }
1179 return EOF;
1180 }
1181 } else {
1182 phar_entry_info newentry = {0};
1183
1184 newentry.filename = estrndup(".phar/.metadata.bin", sizeof(".phar/.metadata.bin")-1);
1185 newentry.filename_len = sizeof(".phar/.metadata.bin")-1;
1186 newentry.phar = phar;
1187 newentry.tar_type = TAR_FILE;
1188 newentry.is_tar = 1;
1189
1190 if (NULL == (mentry = zend_hash_str_add_mem(&(phar->manifest), ".phar/.metadata.bin", sizeof(".phar/.metadata.bin")-1, (void *)&newentry, sizeof(phar_entry_info)))) {
1191 spprintf(error, 0, "phar tar error: unable to add magic metadata file to manifest for phar archive \"%s\"", phar->fname);
1192 if (closeoldfile) {
1193 php_stream_close(oldfile);
1194 }
1195 return EOF;
1196 }
1197
1198 if (ZEND_HASH_APPLY_KEEP != phar_tar_setmetadata(&phar->metadata_tracker, mentry, error)) {
1199 zend_hash_str_del(&(phar->manifest), ".phar/.metadata.bin", sizeof(".phar/.metadata.bin")-1);
1200 if (closeoldfile) {
1201 php_stream_close(oldfile);
1202 }
1203 return EOF;
1204 }
1205 }
1206 }
1207
1208 zend_hash_apply_with_argument(&phar->manifest, phar_tar_setupmetadata, (void *) &pass);
1209
1210 if (error && *error) {
1211 if (closeoldfile) {
1212 php_stream_close(oldfile);
1213 }
1214
1215 /* on error in the hash iterator above, error is set */
1216 php_stream_close(newfile);
1217 return EOF;
1218 }
1219
1220 zend_hash_apply_with_argument(&phar->manifest, phar_tar_writeheaders, (void *) &pass);
1221
1222 /* add signature for executable tars or tars explicitly set with setSignatureAlgorithm */
1223 if (!phar->is_data || phar->sig_flags) {
1224 if (FAILURE == phar_create_signature(phar, newfile, &signature, &signature_length, error)) {
1225 if (error) {
1226 char *save = *error;
1227 spprintf(error, 0, "phar error: unable to write signature to tar-based phar: %s", save);
1228 efree(save);
1229 }
1230
1231 if (closeoldfile) {
1232 php_stream_close(oldfile);
1233 }
1234
1235 php_stream_close(newfile);
1236 return EOF;
1237 }
1238
1239 entry.filename = ".phar/signature.bin";
1240 entry.filename_len = sizeof(".phar/signature.bin")-1;
1241 entry.fp = php_stream_fopen_tmpfile();
1242 if (entry.fp == NULL) {
1243 spprintf(error, 0, "phar error: unable to create temporary file");
1244 return EOF;
1245 }
1246 #ifdef WORDS_BIGENDIAN
1247 # define PHAR_SET_32(destination, source) do { \
1248 uint32_t swapped = (((((unsigned char*)&(source))[3]) << 24) \
1249 | ((((unsigned char*)&(source))[2]) << 16) \
1250 | ((((unsigned char*)&(source))[1]) << 8) \
1251 | (((unsigned char*)&(source))[0])); \
1252 memcpy(destination, &swapped, 4); \
1253 } while (0);
1254 #else
1255 # define PHAR_SET_32(destination, source) memcpy(destination, &source, 4)
1256 #endif
1257 PHAR_SET_32(sigbuf, phar->sig_flags);
1258 PHAR_SET_32(sigbuf + 4, signature_length);
1259
1260 if (8 != php_stream_write(entry.fp, sigbuf, 8) || signature_length != php_stream_write(entry.fp, signature, signature_length)) {
1261 efree(signature);
1262 if (error) {
1263 spprintf(error, 0, "phar error: unable to write signature to tar-based phar %s", phar->fname);
1264 }
1265
1266 if (closeoldfile) {
1267 php_stream_close(oldfile);
1268 }
1269 php_stream_close(newfile);
1270 return EOF;
1271 }
1272
1273 efree(signature);
1274 entry.uncompressed_filesize = entry.compressed_filesize = signature_length + 8;
1275 /* throw out return value and write the signature */
1276 entry.filename_len = phar_tar_writeheaders_int(&entry, (void *)&pass);
1277
1278 if (error && *error) {
1279 if (closeoldfile) {
1280 php_stream_close(oldfile);
1281 }
1282 /* error is set by writeheaders */
1283 php_stream_close(newfile);
1284 return EOF;
1285 }
1286 } /* signature */
1287
1288 /* add final zero blocks */
1289 buf = (char *) ecalloc(1024, 1);
1290 php_stream_write(newfile, buf, 1024);
1291 efree(buf);
1292
1293 if (closeoldfile) {
1294 php_stream_close(oldfile);
1295 }
1296
1297 /* on error in the hash iterator above, error is set */
1298 if (error && *error) {
1299 php_stream_close(newfile);
1300 return EOF;
1301 }
1302
1303 if (phar->fp && pass.free_fp) {
1304 php_stream_close(phar->fp);
1305 }
1306
1307 if (phar->ufp) {
1308 if (pass.free_ufp) {
1309 php_stream_close(phar->ufp);
1310 }
1311 phar->ufp = NULL;
1312 }
1313
1314 phar->is_brandnew = 0;
1315 php_stream_rewind(newfile);
1316
1317 if (phar->donotflush) {
1318 /* deferred flush */
1319 phar->fp = newfile;
1320 } else {
1321 phar->fp = php_stream_open_wrapper(phar->fname, "w+b", IGNORE_URL|STREAM_MUST_SEEK|REPORT_ERRORS, NULL);
1322 if (!phar->fp) {
1323 phar->fp = newfile;
1324 if (error) {
1325 spprintf(error, 0, "unable to open new phar \"%s\" for writing", phar->fname);
1326 }
1327 return EOF;
1328 }
1329
1330 if (phar->flags & PHAR_FILE_COMPRESSED_GZ) {
1331 php_stream_filter *filter;
1332 /* to properly compress, we have to tell zlib to add a zlib header */
1333 zval filterparams;
1334
1335 array_init(&filterparams);
1336 /* this is defined in zlib's zconf.h */
1337 #ifndef MAX_WBITS
1338 #define MAX_WBITS 15
1339 #endif
1340 add_assoc_long(&filterparams, "window", MAX_WBITS + 16);
1341 filter = php_stream_filter_create("zlib.deflate", &filterparams, php_stream_is_persistent(phar->fp));
1342 zend_array_destroy(Z_ARR(filterparams));
1343
1344 if (!filter) {
1345 /* copy contents uncompressed rather than lose them */
1346 php_stream_copy_to_stream_ex(newfile, phar->fp, PHP_STREAM_COPY_ALL, NULL);
1347 php_stream_close(newfile);
1348 if (error) {
1349 spprintf(error, 4096, "unable to compress all contents of phar \"%s\" using zlib, PHP versions older than 5.2.6 have a buggy zlib", phar->fname);
1350 }
1351 return EOF;
1352 }
1353
1354 php_stream_filter_append(&phar->fp->writefilters, filter);
1355 php_stream_copy_to_stream_ex(newfile, phar->fp, PHP_STREAM_COPY_ALL, NULL);
1356 php_stream_filter_flush(filter, 1);
1357 php_stream_filter_remove(filter, 1);
1358 php_stream_close(phar->fp);
1359 /* use the temp stream as our base */
1360 phar->fp = newfile;
1361 } else if (phar->flags & PHAR_FILE_COMPRESSED_BZ2) {
1362 php_stream_filter *filter;
1363
1364 filter = php_stream_filter_create("bzip2.compress", NULL, php_stream_is_persistent(phar->fp));
1365 php_stream_filter_append(&phar->fp->writefilters, filter);
1366 php_stream_copy_to_stream_ex(newfile, phar->fp, PHP_STREAM_COPY_ALL, NULL);
1367 php_stream_filter_flush(filter, 1);
1368 php_stream_filter_remove(filter, 1);
1369 php_stream_close(phar->fp);
1370 /* use the temp stream as our base */
1371 phar->fp = newfile;
1372 } else {
1373 php_stream_copy_to_stream_ex(newfile, phar->fp, PHP_STREAM_COPY_ALL, NULL);
1374 /* we could also reopen the file in "rb" mode but there is no need for that */
1375 php_stream_close(newfile);
1376 }
1377 }
1378 return EOF;
1379 }
1380 /* }}} */
1381