diff options
| -rw-r--r-- | NEWS | 4 | ||||
| -rw-r--r-- | ext/zip/php_zip.c | 14 | ||||
| -rw-r--r-- | ext/zip/tests/bug70752.phpt | 31 | ||||
| -rw-r--r-- | ext/zip/tests/bug70752.zip | bin | 0 -> 175 bytes |
4 files changed, 42 insertions, 7 deletions
@@ -17,6 +17,10 @@ PHP NEWS . Fixed bug #72590 (Opcache restart with kill_all_lockers does not work). (Keyur) (julien backport) +- Zip: + . Fixed bug #70752 (Depacking with wrong password leaves 0 length files). + (cmb) + 15 Sep 2016, PHP 5.6.26 - Core: diff --git a/ext/zip/php_zip.c b/ext/zip/php_zip.c index 47477ac256..eeca8ab44d 100644 --- a/ext/zip/php_zip.c +++ b/ext/zip/php_zip.c @@ -279,6 +279,12 @@ static int php_zip_extract_file(struct zip * za, char *dest, char *file, int fil return 0; } + zf = zip_fopen(za, file, 0); + if (zf == NULL) { + n = -1; + goto done; + } + #if PHP_API_VERSION < 20100412 stream = php_stream_open_wrapper(fullpath, "w+b", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL); #else @@ -287,13 +293,7 @@ static int php_zip_extract_file(struct zip * za, char *dest, char *file, int fil if (stream == NULL) { n = -1; - goto done; - } - - zf = zip_fopen(za, file, 0); - if (zf == NULL) { - n = -1; - php_stream_close(stream); + zip_fclose(zf); goto done; } diff --git a/ext/zip/tests/bug70752.phpt b/ext/zip/tests/bug70752.phpt new file mode 100644 index 0000000000..f006fbee9a --- /dev/null +++ b/ext/zip/tests/bug70752.phpt @@ -0,0 +1,31 @@ +--TEST-- +Bug #70752 (Depacking with wrong password leaves 0 length files) +--SKIPIF-- +<?php +if (!extension_loaded('zip')) die('skip zip extension not available'); +?> +--FILE-- +<?php +$filename = __DIR__ . DIRECTORY_SEPARATOR . 'bug70752.zip'; +$zip = new ZipArchive(); +$zip->open($filename); + +$filename = __DIR__ . DIRECTORY_SEPARATOR . 'bug70752.txt'; +var_dump(file_exists($filename)); + +$zip->setPassword('bar'); // correct password would be 'foo' +$zip->extractTo(__DIR__); +$zip->close(); + +var_dump(file_exists($filename)); +?> +===DONE=== +--EXPECT-- +bool(false) +bool(false) +===DONE=== +--CLEAN-- +<?php +$filename = __DIR__ . DIRECTORY_SEPARATOR . 'bug70752.txt'; +unlink($filename); +?> diff --git a/ext/zip/tests/bug70752.zip b/ext/zip/tests/bug70752.zip Binary files differnew file mode 100644 index 0000000000..9bec61bc18 --- /dev/null +++ b/ext/zip/tests/bug70752.zip |