Accueil Explorer Aide
Connexion
SoftwareDesign
/
csu3_am335x
8
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Aborescence: 52bd49a6d4
Branches Tags
csu3_am335x
/
EVSE
/
GPL
/
php-8.1.12
/
ext
/
phar
/
tests
/
tar
/
files
/
make.dangerous.tar.php.inc

make.dangerous.tar.php.inc 5.1 KB
Historique Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170 
  1. <?php
    2. 

  2. // stolen from PEAR2_Pyrus_Developer_Creator_Tar by Greg Beaver, the original author, for use in unit tests
    3. 

  3. // this tarmaker makes a malicious tar with a header designed to overflow the buffer
    4. 

  4. class danger_tarmaker
    5. 

  5. {
    6. 

  6.     /**
    7. 

  7.      * Path to archive file
    8. 

  8.      *
    9. 

  9.      * @var string
    10. 

  10.      */
    11. 

  11.     protected $archive;
    12. 

  12.     /**
    13. 

  13.      * Temporary stream used for creating the archive
    14. 

  14.      *
    15. 

  15.      * @var stream
    16. 

  16.      */
    17. 

  17.     protected $tmp;
    18. 

  18.     protected $path;
    19. 

  19.     protected $compress;
    20. 

  20.     function __construct($path, $compress = 'zlib')
    21. 

  21.     {
    22. 

  22.         $this->compress = $compress;
    23. 

  23.         if ($compress === 'bz2' && !function_exists('bzopen')) {
    24. 

  24.             throw new PEAR2_Pyrus_Developer_Creator_Exception(
    25. 

  25.                 'bzip2 extension not available');
    26. 

  26.         }
    27. 

  27.         if ($compress === 'zlib' && !function_exists('gzopen')) {
    28. 

  28.             throw new PEAR2_Pyrus_Developer_Creator_Exception(
    29. 

  29.                 'zlib extension not available');
    30. 

  30.         }
    31. 

  31.         $this->path = $path;
    32. 

  32.     }
    33. 

  33. 

  34.     /**
    35. 

  35.      * save a file inside this package
    36. 

  36.      *
    37. 

  37.      * This code is modified from Vincent Lascaux's File_Archive
    38. 

  38.      * package, which is licensed under the LGPL license.
    39. 

  39.      * @param string relative path within the package
    40. 

  40.      * @param string|resource file contents or open file handle
    41. 

  41.      */
    42. 

  42.     function addFile($path, $fileOrStream, $stat = null)
    43. 

  43.     {
    44. 

  44.         clearstatcache();
    45. 

  45.         if ($stat === null) {
    46. 

  46.             if (is_resource($fileOrStream)) {
    47. 

  47.                 $stat = fstat($fileOrStream);
    48. 

  48.             } else {
    49. 

  49.                 $stat = array(
    50. 

  50.                     'mode' => 0x8000 + 0644,
    51. 

  51.                     'uid' => 0,
    52. 

  52.                     'gid' => 0,
    53. 

  53.                     'size' => strlen($fileOrStream),
    54. 

  54.                     'mtime' => time(),
    55. 

  55.                 );
    56. 

  56.             }
    57. 

  57.         }
    58. 

  58. 

  59.         $link = null;
    60. 

  60.         if ($stat['mode'] & 0x4000) {
    61. 

  61.             $type = 5;        // Directory
    62. 

  62.         } else if ($stat['mode'] & 0x8000) {
    63. 

  63.             $type = 0;        // Regular
    64. 

  64.         } else if ($stat['mode'] & 0xA000) {
    65. 

  65.             $type = 1;        // Link
    66. 

  66.             $link = @readlink($current);
    67. 

  67.         } else {
    68. 

  68.             $type = 9;        // Unknown
    69. 

  69.         }
    70. 

  70. 

  71.         $filePrefix = '';
    72. 

  72.         if (strlen($path) > 255) {
    73. 

  73.             throw new Exception(
    74. 

  74.                 "$path is too long, must be 255 characters or less"
    75. 

  75.             );
    76. 

  76.         } else if (strlen($path) > 100) {
    77. 

  77.             $filePrefix = substr($path, 0, strlen($path)-100);
    78. 

  78.             $path = substr($path, -100);
    79. 

  79.         }
    80. 

  80. 

  81.         $block = pack('a100a8a8a8a12A12',
    82. 

  82.                 $path,
    83. 

  83.                 '12345678', // have a mode that allows the name to overflow
    84. 

  84.                 sprintf('%6s ',decoct($stat['uid'])),
    85. 

  85.                 sprintf('%6s ',decoct($stat['gid'])),
    86. 

  86.                 sprintf('%11s ',decoct($stat['size'])),
    87. 

  87.                 sprintf('%11s ',decoct($stat['mtime']))
    88. 

  88.             );
    89. 

  89. 

  90.         $blockend = pack('a1a100a6a2a32a32a8a8a155a12',
    91. 

  91.             $type,
    92. 

  92.             $link,
    93. 

  93.             'ustar',
    94. 

  94.             '00',
    95. 

  95.             'Pyrus',
    96. 

  96.             'Pyrus',
    97. 

  97.             '',
    98. 

  98.             '',
    99. 

  99.             $filePrefix,
    100. 

  100.             '123456789abc'); // malicious block
    101. 

  101. 

  102.         $checkheader = array_merge(str_split($block), str_split($blockend));
    103. 

  103.         if (!function_exists('_pear2tarchecksum')) {
    104. 

  104.             function _pear2tarchecksum($a, $b) {return $a + ord($b);}
    105. 

  105.         }
    106. 

  106.         $checksum = 256; // 8 * ord(' ');
    107. 

  107.         $checksum += array_reduce($checkheader, '_pear2tarchecksum');
    108. 

  108. 

  109.         $checksum = pack('a8', sprintf('%6s ', decoct($checksum)));
    110. 

  110. 

  111.         fwrite($this->tmp, (binary)$block . $checksum . $blockend, 512);
    112. 

  112.         if (is_resource($fileOrStream)) {
    113. 

  113.             stream_copy_to_stream($fileOrStream, $this->tmp);
    114. 

  114.             if ($stat['size'] % 512) {
    115. 

  115.                 fwrite($this->tmp, (binary)str_repeat("\0", 512 - $stat['size'] % 512));
    116. 

  116.             }
    117. 

  117.         } else {
    118. 

  118.             fwrite($this->tmp, (binary)$fileOrStream);
    119. 

  119.             if (strlen($fileOrStream) % 512) {
    120. 

  120.                 fwrite($this->tmp, (binary)str_repeat("\0", 512 - strlen($fileOrStream) % 512));
    121. 

  121.             }
    122. 

  122.         }
    123. 

  123.     }
    124. 

  124. 

  125.     /**
    126. 

  126.      * Initialize the package creator
    127. 

  127.      */
    128. 

  128.     function init()
    129. 

  129.     {
    130. 

  130.         switch ($this->compress) {
    131. 

  131.             case 'zlib' :
    132. 

  132.                 $this->tmp = gzopen($this->path, 'wb');
    133. 

  133.                 break;
    134. 

  134.             case 'bz2' :
    135. 

  135.                 $this->tmp = bzopen($this->path, 'w');
    136. 

  136.                 break;
    137. 

  137.             case 'none' :
    138. 

  138.                 $this->tmp = fopen($this->path, 'wb');
    139. 

  139.                 break;
    140. 

  140.             default :
    141. 

  141.                 throw new Exception(
    142. 

  142.                     'unknown compression type ' . $this->compress);
    143. 

  143.         }
    144. 

  144.     }
    145. 

  145. 

  146.     /**
    147. 

  147.      * Create an internal directory, creating parent directories as needed
    148. 

  148.      *
    149. 

  149.      * @param string $dir
    150. 

  150.      */
    151. 

  151.     function mkdir($dir)
    152. 

  152.     {
    153. 

  153.         $this->addFile($dir, "", array(
    154. 

  154.                     'mode' => 0x4000 + 0644,
    155. 

  155.                     'uid' => 0,
    156. 

  156.                     'gid' => 0,
    157. 

  157.                     'size' => 0,
    158. 

  158.                     'mtime' => time(),
    159. 

  159.                 ));
    160. 

  160.     }
    161. 

  161. 

  162.     /**
    163. 

  163.      * Finish saving the package
    164. 

  164.      */
    165. 

  165.     function close()
    166. 

  166.     {
    167. 

  167.         fwrite($this->tmp, pack('a1024', ''));
    168. 

  168.         fclose($this->tmp);
    169. 

  169.     }
    170. 

  170. }
    171.