diff options
| author | Ilia Alshanetsky <iliaa@php.net> | 2006-12-23 23:28:39 +0000 |
|---|---|---|
| committer | Ilia Alshanetsky <iliaa@php.net> | 2006-12-23 23:28:39 +0000 |
| commit | eaf3d32157811f6f43da084b55b34f124fc795e1 (patch) | |
| tree | ae933134c119fb85662ef713e2e1bd0fb77f983f /ext/zip/php_zip.c | |
| parent | 1379ad02e36d4e242338628ce44f89f92b455101 (diff) | |
| download | php-git-eaf3d32157811f6f43da084b55b34f124fc795e1.tar.gz | |
Safety checks
Diffstat (limited to 'ext/zip/php_zip.c')
| -rw-r--r-- | ext/zip/php_zip.c | 23 |
1 files changed, 11 insertions, 12 deletions
diff --git a/ext/zip/php_zip.c b/ext/zip/php_zip.c index aca65f1d16..28fc27fc03 100644 --- a/ext/zip/php_zip.c +++ b/ext/zip/php_zip.c @@ -88,30 +88,29 @@ static int le_zip_entry; /* {{{ php_zip_extract_file */ /* TODO: Simplify it */ -static int php_zip_extract_file(struct zip * za, char *dest, char *file TSRMLS_DC) +static int php_zip_extract_file(struct zip * za, char *dest, char *file, int file_len TSRMLS_DC) { php_stream_statbuf ssb; struct zip_file *zf; struct zip_stat sb; char b[8192]; - int n, len, ret, file_len; + int n, len, ret; php_stream *stream; char *fullpath; char *file_dirname_fullpath; - char file_dirname[MAXPATHLEN + 1]; + char file_dirname[MAXPATHLEN]; size_t dir_len; char *file_basename; size_t file_basename_len; - if (zip_stat(za, file, 0, &sb)) { + if (file_len >= MAXPATHLEN || zip_stat(za, file, 0, &sb)) { return 0; } - file_len = strlen(file); memcpy(file_dirname, file, file_len); dir_len = php_dirname(file_dirname, file_len); @@ -122,7 +121,7 @@ static int php_zip_extract_file(struct zip * za, char *dest, char *file TSRMLS_D len = spprintf(&file_dirname_fullpath, 0, "%s", dest); } - php_basename(file, file_len, NULL, 0, &file_basename, (int *)&file_basename_len TSRMLS_CC); + php_basename(file, file_len, NULL, 0, &file_basename, &file_basename_len TSRMLS_CC); if (SAFEMODE_CHECKFILE(file_dirname_fullpath)) { efree(file_dirname_fullpath); @@ -882,7 +881,7 @@ static ZIPARCHIVE_METHOD(open) int filename_len; int err = 0; long flags = 0; - char resolved_path[MAXPATHLEN + 1]; + char resolved_path[MAXPATHLEN]; zval *this = getThis(); ze_zip_object *ze_obj = NULL; @@ -995,7 +994,7 @@ static ZIPARCHIVE_METHOD(addFile) struct zip_source *zs; long offset_start = 0, offset_len = 0; int cur_idx; - char resolved_path[MAXPATHLEN + 1]; + char resolved_path[MAXPATHLEN]; if (!this) { RETURN_FALSE; @@ -1705,7 +1704,7 @@ static ZIPARCHIVE_METHOD(extractTo) switch (Z_TYPE_P(zval_files)) { case IS_STRING: file = Z_STRVAL_P(zval_files); - if (!php_zip_extract_file(intern, pathto, file TSRMLS_CC)) { + if (!php_zip_extract_file(intern, pathto, file, Z_STRLEN_P(zval_files) TSRMLS_CC)) { RETURN_FALSE; } break; @@ -1721,7 +1720,7 @@ static ZIPARCHIVE_METHOD(extractTo) break; case IS_STRING: file = Z_STRVAL_PP(zval_file); - if (!php_zip_extract_file(intern, pathto, file TSRMLS_CC)) { + if (!php_zip_extract_file(intern, pathto, file, Z_STRLEN_P(zval_files) TSRMLS_CC)) { RETURN_FALSE; } break; @@ -1745,7 +1744,7 @@ static ZIPARCHIVE_METHOD(extractTo) for (i = 0; i < filecount; i++) { file = (char*)zip_get_name(intern, i, ZIP_FL_UNCHANGED); - if (!php_zip_extract_file(intern, pathto, file TSRMLS_CC)) { + if (!php_zip_extract_file(intern, pathto, file, strlen(file) TSRMLS_CC)) { RETURN_FALSE; } } @@ -1807,7 +1806,7 @@ static void php_zip_get_from(INTERNAL_FUNCTION_PARAMETERS, int type) /* {{{ */ RETURN_FALSE; } - buffer = safe_emalloc(len + 1, 1, 1); + buffer = safe_emalloc(len, 1, 2); n = zip_fread(zf, buffer, len); if (n < 1) { RETURN_EMPTY_STRING(); |