diff options
| -rw-r--r-- | NEWS | 4 | ||||
| -rw-r--r-- | ext/zip/php_zip.c | 22 | ||||
| -rw-r--r-- | ext/zip/tests/bug11216.phpt | 5 |
3 files changed, 21 insertions, 10 deletions
@@ -4,6 +4,8 @@ PHP NEWS - Improved fix for MOPB-03-2007. (Ilia) - Corrected fix for CVE-2007-2872. (Ilia) - Added GD version constants GD_MAJOR_VERSION, GD_MINOR_VERSION +- Fixed crash in ZipArchive::addEmptyDir when a directory already + exists (pecl bug #11216) (Pierre) GD_RELEASE_VERSION, GD_EXTRA_VERSION and GD_VERSION_STRING. (Pierre) - Fixed bug #41576 (configure failure when using --without-apxs or some other SAPIs disabling options). (Jani) @@ -24,7 +26,7 @@ PHP NEWS - Optimized digest generation in md5() and sha1() functions. (Ilia) - Upgraded bundled SQLite 3 to version 3.3.17. (Ilia) -- Addded "max_input_nesting_level" php.ini option to limit nesting level of +- Added "max_input_nesting_level" php.ini option to limit nesting level of input variables. Fix for MOPB-03-2007. (Stas) - Added a 4th parameter flag to htmlspecialchars() and htmlentities() that makes the function not encode existing html entities. (Ilia) diff --git a/ext/zip/php_zip.c b/ext/zip/php_zip.c index 5f56478949..662513a6c8 100644 --- a/ext/zip/php_zip.c +++ b/ext/zip/php_zip.c @@ -120,7 +120,7 @@ static int php_zip_extract_file(struct zip * za, char *dest, char *file, int fil len = spprintf(&file_dirname_fullpath, 0, "%s", dest); } - php_basename(file, file_len, NULL, 0, &file_basename, (unsigned int *)&file_basename_len TSRMLS_CC); + php_basename(file, file_len, NULL, 0, &file_basename, (size_t *)&file_basename_len TSRMLS_CC); if (OPENBASEDIR_CHECKPATH(file_dirname_fullpath)) { efree(file_dirname_fullpath); @@ -1005,7 +1005,6 @@ static ZIPARCHIVE_METHOD(addEmptyDir) } if (dirname[dirname_len-1] != '/') { - s=(char *)emalloc(dirname_len+2); strcpy(s, dirname); s[dirname_len] = '/'; @@ -1016,14 +1015,23 @@ static ZIPARCHIVE_METHOD(addEmptyDir) idx = zip_stat(intern, s, 0, &sb); if (idx >= 0) { - RETURN_FALSE; - } + RETVAL_FALSE; + } else { + /* reset the error */ + if (intern->error.str) { + _zip_error_fini(&intern->error); + } + _zip_error_init(&intern->error); - if (zip_add_dir(intern, (const char *)s) == -1) { - RETURN_FALSE; + if (zip_add_dir(intern, (const char *)s) == -1) { + RETVAL_FALSE; + } + RETVAL_TRUE; } - RETURN_TRUE; + if (s != dirname) { + efree(s); + } } /* }}} */ diff --git a/ext/zip/tests/bug11216.phpt b/ext/zip/tests/bug11216.phpt index b5fa9b93bd..607217ad72 100644 --- a/ext/zip/tests/bug11216.phpt +++ b/ext/zip/tests/bug11216.phpt @@ -10,6 +10,7 @@ if(!extension_loaded('zip')) die('skip'); $archive = new ZipArchive(); $archive->open('__test.zip', ZIPARCHIVE::CREATE); var_dump($archive->addEmptyDir('test')); +print_r($archive); var_dump($archive->addEmptyDir('test')); $archive->close(); unlink('__test.zip'); @@ -21,7 +22,7 @@ ZipArchive Object [status] => 0 [statusSys] => 0 [numFiles] => 1 - [filename] => - [comment] => + [filename] => + [comment] => ) bool(false) |