? ext/phar/tests/phar_convert_tar.phpt.phar
? ext/phar/tests/tar/phar_convert_phar2.phar
Index: ext/phar/phar.phar
===================================================================
RCS file: /repository/php-src/ext/phar/phar.phar,v
retrieving revision 1.7.2.30
diff -u -p -r1.7.2.30 phar.phar
Binary files /tmp/cvsDmfrBZ and phar.phar differ
Index: ext/phar/tar.c
===================================================================
RCS file: /repository/php-src/ext/phar/tar.c,v
retrieving revision 1.55.2.18
diff -u -p -r1.55.2.18 tar.c
--- ext/phar/tar.c	1 Aug 2008 13:48:45 -0000	1.55.2.18
+++ ext/phar/tar.c	16 Aug 2008 21:46:01 -0000
@@ -332,13 +332,8 @@ bail:
 		if (!old && hdr->prefix[0] != 0) {
 			char name[256];
 
-			strcpy(name, hdr->prefix);
-			/* remove potential buffer overflow */
-			if (hdr->name[99]) {
-				strncat(name, hdr->name, 100);
-			} else {
-				strcat(name, hdr->name);
-			}
+			strlcpy(name, hdr->prefix, sizeof(name));
+			strlcat(name, hdr->name, sizeof(name));
 
 			entry.filename_len = strlen(hdr->prefix) + 100;
 
@@ -657,12 +652,12 @@ int phar_tar_writeheaders(void *pDest, v
 	header.typeflag = entry->tar_type;
 
 	if (entry->link) {
-		strncpy(header.linkname, entry->link, strlen(entry->link));
+		strlcpy(header.linkname, entry->link, sizeof(header.linkname));
 	}
 
-	strncpy(header.magic, "ustar", sizeof("ustar")-1);
-	strncpy(header.version, "00", sizeof("00")-1);
-	strncpy(header.checksum, "        ", sizeof("        ")-1);
+	strlcpy(header.magic, "ustar", sizeof(header.magic));
+	strlcpy(header.version, "00", sizeof(header.version));
+	memset(header.checksum, ' ', sizeof(header.checksum));
 	entry->crc32 = phar_tar_checksum((char *)&header, sizeof(header));
 
 	if (FAILURE == phar_tar_octal(header.checksum, entry->crc32, sizeof(header.checksum)-1)) {
Index: ext/phar/util.c
===================================================================
RCS file: /repository/php-src/ext/phar/util.c,v
retrieving revision 1.55.2.28
diff -u -p -r1.55.2.28 util.c
--- ext/phar/util.c	1 Aug 2008 13:48:45 -0000	1.55.2.28
+++ ext/phar/util.c	16 Aug 2008 21:46:01 -0000
@@ -475,7 +475,7 @@ not_stream:
 
 			wrapper = php_stream_locate_url_wrapper(trypath, &actual, STREAM_OPEN_FOR_INCLUDE TSRMLS_CC);
 			if (wrapper == &php_plain_files_wrapper) {
-				strncpy(trypath, actual, MAXPATHLEN);
+				strlcpy(trypath, actual, sizeof(trypath));
 			} else if (!wrapper) {
 				/* if wrapper is NULL, there was a mal-formed include_path stream wrapper, so skip this ptr */
 				continue;
@@ -542,7 +542,7 @@ not_stream:
 
 				if (wrapper == &php_plain_files_wrapper) {
 					/* this should never technically happen, but we'll leave it here for completeness */
-					strncpy(trypath, actual, MAXPATHLEN);
+					strlcpy(trypath, actual, sizeof(trypath));
 				} else if (!wrapper) {
 					/* if wrapper is NULL, there was a malformed include_path stream wrapper
 					   this also should be impossible */