From 8aad3131a1d00e191db1b3b27aed6e7fae269f13 Mon Sep 17 00:00:00 2001
From: "Christoph M. Becker" <cmbecker69@gmx.de>
Date: Tue, 6 Sep 2016 00:28:28 +0200
Subject: Fix #70752: Depacking with wrong password leaves 0 length files

We should not open the output stream before we have tried to open the
archive entry, as failing the latter could leave an empty file behind.
---
 ext/zip/php_zip.c           |  14 +++++++-------
 ext/zip/tests/bug70752.phpt |  31 +++++++++++++++++++++++++++++++
 ext/zip/tests/bug70752.zip  | Bin 0 -> 175 bytes
 3 files changed, 38 insertions(+), 7 deletions(-)
 create mode 100644 ext/zip/tests/bug70752.phpt
 create mode 100644 ext/zip/tests/bug70752.zip

(limited to 'ext')

diff --git a/ext/zip/php_zip.c b/ext/zip/php_zip.c
index 47477ac256..eeca8ab44d 100644
--- a/ext/zip/php_zip.c
+++ b/ext/zip/php_zip.c
@@ -279,6 +279,12 @@ static int php_zip_extract_file(struct zip * za, char *dest, char *file, int fil
 		return 0;
 	}
 
+	zf = zip_fopen(za, file, 0);
+	if (zf == NULL) {
+		n = -1;
+		goto done;
+	}
+
 #if PHP_API_VERSION < 20100412
 	stream = php_stream_open_wrapper(fullpath, "w+b", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL);
 #else
@@ -287,13 +293,7 @@ static int php_zip_extract_file(struct zip * za, char *dest, char *file, int fil
 
 	if (stream == NULL) {
 		n = -1;
-		goto done;
-	}
-
-	zf = zip_fopen(za, file, 0);
-	if (zf == NULL) {
-		n = -1;
-		php_stream_close(stream);
+		zip_fclose(zf);
 		goto done;
 	}
 
diff --git a/ext/zip/tests/bug70752.phpt b/ext/zip/tests/bug70752.phpt
new file mode 100644
index 0000000000..f006fbee9a
--- /dev/null
+++ b/ext/zip/tests/bug70752.phpt
@@ -0,0 +1,31 @@
+--TEST--
+Bug #70752 (Depacking with wrong password leaves 0 length files)
+--SKIPIF--
+<?php
+if (!extension_loaded('zip')) die('skip zip extension not available');
+?>
+--FILE--
+<?php
+$filename = __DIR__ . DIRECTORY_SEPARATOR . 'bug70752.zip';
+$zip = new ZipArchive();
+$zip->open($filename);
+
+$filename =  __DIR__ . DIRECTORY_SEPARATOR . 'bug70752.txt';
+var_dump(file_exists($filename));
+
+$zip->setPassword('bar'); // correct password would be 'foo'
+$zip->extractTo(__DIR__);
+$zip->close();
+
+var_dump(file_exists($filename));
+?>
+===DONE===
+--EXPECT--
+bool(false)
+bool(false)
+===DONE===
+--CLEAN--
+<?php
+$filename =  __DIR__ . DIRECTORY_SEPARATOR . 'bug70752.txt';
+unlink($filename);
+?>
diff --git a/ext/zip/tests/bug70752.zip b/ext/zip/tests/bug70752.zip
new file mode 100644
index 0000000000..9bec61bc18
Binary files /dev/null and b/ext/zip/tests/bug70752.zip differ
-- 
cgit v1.2.1