diff options
| author | Christoph M. Becker <cmbecker69@gmx.de> | 2016-09-06 00:28:28 +0200 |
|---|---|---|
| committer | Christoph M. Becker <cmbecker69@gmx.de> | 2016-09-06 01:03:46 +0200 |
| commit | 8aad3131a1d00e191db1b3b27aed6e7fae269f13 (patch) | |
| tree | ef5770487a027f145e140fb9e887b7a918f27f04 /ext | |
| parent | dd6da58fac6532d72c9e699a45db2b52d68d4c50 (diff) | |
| download | php-git-8aad3131a1d00e191db1b3b27aed6e7fae269f13.tar.gz | |
Fix #70752: Depacking with wrong password leaves 0 length files
We should not open the output stream before we have tried to open the
archive entry, as failing the latter could leave an empty file behind.
Diffstat (limited to 'ext')
| -rw-r--r-- | ext/zip/php_zip.c | 14 | ||||
| -rw-r--r-- | ext/zip/tests/bug70752.phpt | 31 | ||||
| -rw-r--r-- | ext/zip/tests/bug70752.zip | bin | 0 -> 175 bytes |
3 files changed, 38 insertions, 7 deletions
diff --git a/ext/zip/php_zip.c b/ext/zip/php_zip.c index 47477ac256..eeca8ab44d 100644 --- a/ext/zip/php_zip.c +++ b/ext/zip/php_zip.c @@ -279,6 +279,12 @@ static int php_zip_extract_file(struct zip * za, char *dest, char *file, int fil return 0; } + zf = zip_fopen(za, file, 0); + if (zf == NULL) { + n = -1; + goto done; + } + #if PHP_API_VERSION < 20100412 stream = php_stream_open_wrapper(fullpath, "w+b", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL); #else @@ -287,13 +293,7 @@ static int php_zip_extract_file(struct zip * za, char *dest, char *file, int fil if (stream == NULL) { n = -1; - goto done; - } - - zf = zip_fopen(za, file, 0); - if (zf == NULL) { - n = -1; - php_stream_close(stream); + zip_fclose(zf); goto done; } diff --git a/ext/zip/tests/bug70752.phpt b/ext/zip/tests/bug70752.phpt new file mode 100644 index 0000000000..f006fbee9a --- /dev/null +++ b/ext/zip/tests/bug70752.phpt @@ -0,0 +1,31 @@ +--TEST-- +Bug #70752 (Depacking with wrong password leaves 0 length files) +--SKIPIF-- +<?php +if (!extension_loaded('zip')) die('skip zip extension not available'); +?> +--FILE-- +<?php +$filename = __DIR__ . DIRECTORY_SEPARATOR . 'bug70752.zip'; +$zip = new ZipArchive(); +$zip->open($filename); + +$filename = __DIR__ . DIRECTORY_SEPARATOR . 'bug70752.txt'; +var_dump(file_exists($filename)); + +$zip->setPassword('bar'); // correct password would be 'foo' +$zip->extractTo(__DIR__); +$zip->close(); + +var_dump(file_exists($filename)); +?> +===DONE=== +--EXPECT-- +bool(false) +bool(false) +===DONE=== +--CLEAN-- +<?php +$filename = __DIR__ . DIRECTORY_SEPARATOR . 'bug70752.txt'; +unlink($filename); +?> diff --git a/ext/zip/tests/bug70752.zip b/ext/zip/tests/bug70752.zip Binary files differnew file mode 100644 index 0000000000..9bec61bc18 --- /dev/null +++ b/ext/zip/tests/bug70752.zip |