diff options
| author | Pierre Joye <pajoye@php.net> | 2010-11-18 15:22:22 +0000 |
|---|---|---|
| committer | Pierre Joye <pajoye@php.net> | 2010-11-18 15:22:22 +0000 |
| commit | ce96fd6b0761d98353761bf78d5bfb55291179fd (patch) | |
| tree | 0b66c858477f5ac7472bf35b842f89cdf4dce151 /ext/zip | |
| parent | 75631ab8ac231f141286428fd871ad31f2d71588 (diff) | |
| download | php-git-ce96fd6b0761d98353761bf78d5bfb55291179fd.tar.gz | |
- fix #39863, do not accept paths with NULL in them. See http://news.php.net/php.internals/50191, trunk will have the patch later (adding a macro and/or changing (some) APIs. Patch by Rasmus
Diffstat (limited to 'ext/zip')
| -rw-r--r-- | ext/zip/php_zip.c | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/ext/zip/php_zip.c b/ext/zip/php_zip.c index e89682546f..5c291381c5 100644 --- a/ext/zip/php_zip.c +++ b/ext/zip/php_zip.c @@ -1148,6 +1148,10 @@ static PHP_NAMED_FUNCTION(zif_zip_open) RETURN_FALSE; } + if (strlen(filename) != filename_len) { + RETURN_FALSE; + } + if (ZIP_OPENBASEDIR_CHECKPATH(filename)) { RETURN_FALSE; } @@ -1437,6 +1441,10 @@ static ZIPARCHIVE_METHOD(open) RETURN_FALSE; } + if (strlen(filename) != filename_len) { + RETURN_FALSE; + } + if (ZIP_OPENBASEDIR_CHECKPATH(filename)) { RETURN_FALSE; } @@ -2363,6 +2371,10 @@ static ZIPARCHIVE_METHOD(extractTo) RETURN_FALSE; } + if (strlen(pathto) != pathto_len) { + RETURN_FALSE; + } + if (php_stream_stat_path(pathto, &ssb) < 0) { ret = php_stream_mkdir(pathto, 0777, PHP_STREAM_MKDIR_RECURSIVE, NULL); if (!ret) { @@ -2449,6 +2461,9 @@ static void php_zip_get_from(INTERNAL_FUNCTION_PARAMETERS, int type) /* {{{ */ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|ll", &filename, &filename_len, &len, &flags) == FAILURE) { return; } + if (strlen(filename) != filename_len) { + return; + } PHP_ZIP_STAT_PATH(intern, filename, filename_len, flags, sb); } else { if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "l|ll", &index, &len, &flags) == FAILURE) { |