From 8aad3131a1d00e191db1b3b27aed6e7fae269f13 Mon Sep 17 00:00:00 2001
From: "Christoph M. Becker" <cmbecker69@gmx.de>
Date: Tue, 6 Sep 2016 00:28:28 +0200
Subject: Fix #70752: Depacking with wrong password leaves 0 length files

We should not open the output stream before we have tried to open the
archive entry, as failing the latter could leave an empty file behind.
---
 ext/zip/php_zip.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

(limited to 'ext/zip/php_zip.c')

diff --git a/ext/zip/php_zip.c b/ext/zip/php_zip.c
index 47477ac256..eeca8ab44d 100644
--- a/ext/zip/php_zip.c
+++ b/ext/zip/php_zip.c
@@ -279,6 +279,12 @@ static int php_zip_extract_file(struct zip * za, char *dest, char *file, int fil
 		return 0;
 	}
 
+	zf = zip_fopen(za, file, 0);
+	if (zf == NULL) {
+		n = -1;
+		goto done;
+	}
+
 #if PHP_API_VERSION < 20100412
 	stream = php_stream_open_wrapper(fullpath, "w+b", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL);
 #else
@@ -287,13 +293,7 @@ static int php_zip_extract_file(struct zip * za, char *dest, char *file, int fil
 
 	if (stream == NULL) {
 		n = -1;
-		goto done;
-	}
-
-	zf = zip_fopen(za, file, 0);
-	if (zf == NULL) {
-		n = -1;
-		php_stream_close(stream);
+		zip_fclose(zf);
 		goto done;
 	}
 
-- 
cgit v1.2.1