From d387bf5e958e9d25a7192d1f5e5280ac0eb82da7 Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Wed, 18 Mar 2015 20:27:10 +0100
Subject: [PATCH] correct error checking for bz2 file reading
The code reading .bz2 compressed files did not correctly check for
possible read errors. In case of a corrupted file this could have led to
an infinite loop.
Thanks to Filippo Cavallarin from www.segment.technology for dicovering
this bug.
---
_test/tests/inc/io_readfile.test.php | 53 ++++++++++++++++++++
_test/tests/inc/io_readfile/corrupt.txt.bz2 | 1 +
_test/tests/inc/io_readfile/corrupt.txt.gz | Bin 0 -> 31 bytes
_test/tests/inc/io_readfile/test.txt.bz2 | Bin 0 -> 49 bytes
_test/tests/inc/io_readfile/test.txt.gz | Bin 0 -> 31 bytes
inc/io.php | 16 ++++--
6 files changed, 65 insertions(+), 5 deletions(-)
create mode 100644 _test/tests/inc/io_readfile.test.php
create mode 100644 _test/tests/inc/io_readfile/corrupt.txt.bz2
create mode 100644 _test/tests/inc/io_readfile/corrupt.txt.gz
create mode 100644 _test/tests/inc/io_readfile/test.txt.bz2
create mode 100644 _test/tests/inc/io_readfile/test.txt.gz
diff --git a/_test/tests/inc/io_readfile.test.php b/_test/tests/inc/io_readfile.test.php
new file mode 100644
index 000000000..e3e90cd8d
--- /dev/null
+++ b/_test/tests/inc/io_readfile.test.php
@@ -0,0 +1,53 @@
+<?php
+
+class io_readfile_test extends DokuWikiTest {
+
+ /*
+ * dependency for tests needing zlib extension to pass
+ */
+ public function test_ext_zlib() {
+ if (!extension_loaded('zlib')) {
+ $this->markTestSkipped('skipping all zlib tests. Need zlib extension');
+ }
+ }
+
+ /*
+ * dependency for tests needing zlib extension to pass
+ */
+ public function test_ext_bz2() {
+ if (!extension_loaded('bz2')) {
+ $this->markTestSkipped('skipping all bzip2 tests. Need bz2 extension');
+ }
+ }
+
+ function test_plain(){
+ // since git converts line endings, we can't check in this test file but have to create it ourselves
+ $plain = TMP_DIR.'/test.txt';
+ file_put_contents($plain, "The\015\012Test\015\012");
+
+ $this->assertEquals("The\012Test\012", io_readFile($plain));
+ $this->assertEquals("The\015\012Test\015\012", io_readFile($plain, false));
+ $this->assertEquals(false, io_readFile(__DIR__.'/io_readfile/nope.txt'));
+ }
+
+ /**
+ * @depends test_ext_zlib
+ */
+ function test_gzfiles(){
+ $this->assertEquals("The\012Test\012", io_readFile(__DIR__.'/io_readfile/test.txt.gz'));
+ $this->assertEquals("The\015\012Test\015\012", io_readFile(__DIR__.'/io_readfile/test.txt.gz', false));
+ $this->assertEquals(false, io_readFile(__DIR__.'/io_readfile/nope.txt.gz'));
+ $this->assertEquals(false, io_readFile(__DIR__.'/io_readfile/corrupt.txt.gz'));
+ }
+
+ /**
+ * @depends test_ext_bz2
+ */
+ function test_bzfiles(){
+ $this->assertEquals("The\012Test\012", io_readFile(__DIR__.'/io_readfile/test.txt.bz2'));
+ $this->assertEquals("The\015\012Test\015\012", io_readFile(__DIR__.'/io_readfile/test.txt.bz2', false));
+ $this->assertEquals(false, io_readFile(__DIR__.'/io_readfile/nope.txt.bz2'));
+ $this->assertEquals(false, io_readFile(__DIR__.'/io_readfile/corrupt.txt.bz2'));
+ }
+
+}
\ No newline at end of file
diff --git a/_test/tests/inc/io_readfile/corrupt.txt.bz2 b/_test/tests/inc/io_readfile/corrupt.txt.bz2
new file mode 100644
index 000000000..97f742919
--- /dev/null
+++ b/_test/tests/inc/io_readfile/corrupt.txt.bz2
@@ -0,0 +1 @@
+BZh91AY&SYXHd¬
\ No newline at end of file
diff --git a/_test/tests/inc/io_readfile/corrupt.txt.gz b/_test/tests/inc/io_readfile/corrupt.txt.gz
new file mode 100644
index 0000000000000000000000000000000000000000..f7f5d3397f2e370afae7fda0d33a838b93a6b155
GIT binary patch
literal 31
ncmb2|=3sbpnlqGvnY+T{=~FIGUA>1-nHWx2O#R5sz`y_is>TYc
literal 0
HcmV?d00001
diff --git a/_test/tests/inc/io_readfile/test.txt.bz2 b/_test/tests/inc/io_readfile/test.txt.bz2
new file mode 100644
index 0000000000000000000000000000000000000000..3d4e1b226919d86934f6c95756e867b498ffa898
GIT binary patch
literal 49
zcmZ>Y%CIzaj8qGbJn50LhJk_Ua07!73j>n_4}$`OqDCS|f=Q?l-;dpsG!M13c{!^l
F002f$4a@)l
literal 0
HcmV?d00001
diff --git a/_test/tests/inc/io_readfile/test.txt.gz b/_test/tests/inc/io_readfile/test.txt.gz
new file mode 100644
index 0000000000000000000000000000000000000000..8ac8f7d402263909ed35337fa8d9d68b7f4b165d
GIT binary patch
literal 31
ncmb2|=3sbpnlqGvnfs*2)2CdXx_S?vGBKRCpZbxTfq?-4uZs%8
literal 0
HcmV?d00001
diff --git a/inc/io.php b/inc/io.php
index 3ed227162..0636a4b62 100644
--- a/inc/io.php
+++ b/inc/io.php
@@ -101,7 +101,7 @@ function _io_readWikiPage_action($data) {
*
* @param string $file filename
* @param bool $clean
- * @return string
+ * @return string|bool the file contents or false on error
*/
function io_readFile($file,$clean=true){
$ret = '';
@@ -114,7 +114,7 @@ function io_readFile($file,$clean=true){
$ret = file_get_contents($file);
}
}
- if($clean){
+ if($ret !== false && $clean){
return cleanText($ret);
}else{
return $ret;
@@ -124,22 +124,28 @@ function io_readFile($file,$clean=true){
* Returns the content of a .bz2 compressed file as string
*
* @author marcel senf <marcel@rucksackreinigung.de>
+ * @author Andreas Gohr <andi@splitbrain.org>
*
* @param string $file filename
- * @return string content
+ * @return string|bool content or false on error
*/
function bzfile($file){
$bz = bzopen($file,"r");
+ if($bz === false) return false;
+
$str = '';
while (!feof($bz)){
//8192 seems to be the maximum buffersize?
- $str = $str . bzread($bz,8192);
+ $buffer = bzread($bz,8192);
+ if(($buffer === false) || (bzerrno($bz) !== 0)) {
+ return false;
+ }
+ $str = $str . $buffer;
}
bzclose($bz);
return $str;
}
-
/**
* Used to write out a DokuWiki page to file, and send IO_WIKIPAGE_WRITE events.
*
--
GitLab