diff options
author | Andreas Gohr <andi@splitbrain.org> | 2015-03-18 20:27:10 +0100 |
---|---|---|
committer | Andreas Gohr <andi@splitbrain.org> | 2015-03-18 20:30:24 +0100 |
commit | d387bf5e958e9d25a7192d1f5e5280ac0eb82da7 (patch) | |
tree | 0d79305202777f3639bfe7c8b38c75619d251c32 | |
parent | 2432ea9ee263bc34d0f985a5b75e792d24693186 (diff) | |
download | rpg-d387bf5e958e9d25a7192d1f5e5280ac0eb82da7.tar.gz rpg-d387bf5e958e9d25a7192d1f5e5280ac0eb82da7.tar.bz2 |
correct error checking for bz2 file reading
The code reading .bz2 compressed files did not correctly check for
possible read errors. In case of a corrupted file this could have led to
an infinite loop.
Thanks to Filippo Cavallarin from www.segment.technology for dicovering
this bug.
-rw-r--r-- | _test/tests/inc/io_readfile.test.php | 53 | ||||
-rw-r--r-- | _test/tests/inc/io_readfile/corrupt.txt.bz2 | 1 | ||||
-rw-r--r-- | _test/tests/inc/io_readfile/corrupt.txt.gz | bin | 0 -> 31 bytes | |||
-rw-r--r-- | _test/tests/inc/io_readfile/test.txt.bz2 | bin | 0 -> 49 bytes | |||
-rw-r--r-- | _test/tests/inc/io_readfile/test.txt.gz | bin | 0 -> 31 bytes | |||
-rw-r--r-- | inc/io.php | 16 |
6 files changed, 65 insertions, 5 deletions
diff --git a/_test/tests/inc/io_readfile.test.php b/_test/tests/inc/io_readfile.test.php new file mode 100644 index 000000000..e3e90cd8d --- /dev/null +++ b/_test/tests/inc/io_readfile.test.php @@ -0,0 +1,53 @@ +<?php + +class io_readfile_test extends DokuWikiTest { + + /* + * dependency for tests needing zlib extension to pass + */ + public function test_ext_zlib() { + if (!extension_loaded('zlib')) { + $this->markTestSkipped('skipping all zlib tests. Need zlib extension'); + } + } + + /* + * dependency for tests needing zlib extension to pass + */ + public function test_ext_bz2() { + if (!extension_loaded('bz2')) { + $this->markTestSkipped('skipping all bzip2 tests. Need bz2 extension'); + } + } + + function test_plain(){ + // since git converts line endings, we can't check in this test file but have to create it ourselves + $plain = TMP_DIR.'/test.txt'; + file_put_contents($plain, "The\015\012Test\015\012"); + + $this->assertEquals("The\012Test\012", io_readFile($plain)); + $this->assertEquals("The\015\012Test\015\012", io_readFile($plain, false)); + $this->assertEquals(false, io_readFile(__DIR__.'/io_readfile/nope.txt')); + } + + /** + * @depends test_ext_zlib + */ + function test_gzfiles(){ + $this->assertEquals("The\012Test\012", io_readFile(__DIR__.'/io_readfile/test.txt.gz')); + $this->assertEquals("The\015\012Test\015\012", io_readFile(__DIR__.'/io_readfile/test.txt.gz', false)); + $this->assertEquals(false, io_readFile(__DIR__.'/io_readfile/nope.txt.gz')); + $this->assertEquals(false, io_readFile(__DIR__.'/io_readfile/corrupt.txt.gz')); + } + + /** + * @depends test_ext_bz2 + */ + function test_bzfiles(){ + $this->assertEquals("The\012Test\012", io_readFile(__DIR__.'/io_readfile/test.txt.bz2')); + $this->assertEquals("The\015\012Test\015\012", io_readFile(__DIR__.'/io_readfile/test.txt.bz2', false)); + $this->assertEquals(false, io_readFile(__DIR__.'/io_readfile/nope.txt.bz2')); + $this->assertEquals(false, io_readFile(__DIR__.'/io_readfile/corrupt.txt.bz2')); + } + +}
\ No newline at end of file diff --git a/_test/tests/inc/io_readfile/corrupt.txt.bz2 b/_test/tests/inc/io_readfile/corrupt.txt.bz2 new file mode 100644 index 000000000..97f742919 --- /dev/null +++ b/_test/tests/inc/io_readfile/corrupt.txt.bz2 @@ -0,0 +1 @@ +BZh91AY&SYXHd¬
\ No newline at end of file diff --git a/_test/tests/inc/io_readfile/corrupt.txt.gz b/_test/tests/inc/io_readfile/corrupt.txt.gz Binary files differnew file mode 100644 index 000000000..f7f5d3397 --- /dev/null +++ b/_test/tests/inc/io_readfile/corrupt.txt.gz diff --git a/_test/tests/inc/io_readfile/test.txt.bz2 b/_test/tests/inc/io_readfile/test.txt.bz2 Binary files differnew file mode 100644 index 000000000..3d4e1b226 --- /dev/null +++ b/_test/tests/inc/io_readfile/test.txt.bz2 diff --git a/_test/tests/inc/io_readfile/test.txt.gz b/_test/tests/inc/io_readfile/test.txt.gz Binary files differnew file mode 100644 index 000000000..8ac8f7d40 --- /dev/null +++ b/_test/tests/inc/io_readfile/test.txt.gz diff --git a/inc/io.php b/inc/io.php index 3ed227162..0636a4b62 100644 --- a/inc/io.php +++ b/inc/io.php @@ -101,7 +101,7 @@ function _io_readWikiPage_action($data) { * * @param string $file filename * @param bool $clean - * @return string + * @return string|bool the file contents or false on error */ function io_readFile($file,$clean=true){ $ret = ''; @@ -114,7 +114,7 @@ function io_readFile($file,$clean=true){ $ret = file_get_contents($file); } } - if($clean){ + if($ret !== false && $clean){ return cleanText($ret); }else{ return $ret; @@ -124,22 +124,28 @@ function io_readFile($file,$clean=true){ * Returns the content of a .bz2 compressed file as string * * @author marcel senf <marcel@rucksackreinigung.de> + * @author Andreas Gohr <andi@splitbrain.org> * * @param string $file filename - * @return string content + * @return string|bool content or false on error */ function bzfile($file){ $bz = bzopen($file,"r"); + if($bz === false) return false; + $str = ''; while (!feof($bz)){ //8192 seems to be the maximum buffersize? - $str = $str . bzread($bz,8192); + $buffer = bzread($bz,8192); + if(($buffer === false) || (bzerrno($bz) !== 0)) { + return false; + } + $str = $str . $buffer; } bzclose($bz); return $str; } - /** * Used to write out a DokuWiki page to file, and send IO_WIKIPAGE_WRITE events. * |