iliaa Sat Dec 23 23:28:39 2006 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/zip php_zip.c zip_stream.c
Log:
Safety checks
http://cvs.php.net/viewvc.cgi/php-src/ext/zip/php_zip.c?r1=1.1.2.20&r2=1.1.2.21&diff_format=u
Index: php-src/ext/zip/php_zip.c
diff -u php-src/ext/zip/php_zip.c:1.1.2.20 php-src/ext/zip/php_zip.c:1.1.2.21
--- php-src/ext/zip/php_zip.c:1.1.2.20 Tue Nov 28 01:31:53 2006
+++ php-src/ext/zip/php_zip.c Sat Dec 23 23:28:39 2006
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: php_zip.c,v 1.1.2.20 2006/11/28 01:31:53 pajoye Exp $ */
+/* $Id: php_zip.c,v 1.1.2.21 2006/12/23 23:28:39 iliaa Exp $ */
#ifdef HAVE_CONFIG_H
#include "config.h"
@@ -88,30 +88,29 @@
/* {{{ php_zip_extract_file */
/* TODO: Simplify it */
-static int php_zip_extract_file(struct zip * za, char *dest, char *file
TSRMLS_DC)
+static int php_zip_extract_file(struct zip * za, char *dest, char *file, int
file_len TSRMLS_DC)
{
php_stream_statbuf ssb;
struct zip_file *zf;
struct zip_stat sb;
char b[8192];
- int n, len, ret, file_len;
+ int n, len, ret;
php_stream *stream;
char *fullpath;
char *file_dirname_fullpath;
- char file_dirname[MAXPATHLEN + 1];
+ char file_dirname[MAXPATHLEN];
size_t dir_len;
char *file_basename;
size_t file_basename_len;
- if (zip_stat(za, file, 0, &sb)) {
+ if (file_len >= MAXPATHLEN || zip_stat(za, file, 0, &sb)) {
return 0;
}
- file_len = strlen(file);
memcpy(file_dirname, file, file_len);
dir_len = php_dirname(file_dirname, file_len);
@@ -122,7 +121,7 @@
len = spprintf(&file_dirname_fullpath, 0, "%s", dest);
}
- php_basename(file, file_len, NULL, 0, &file_basename, (int
*)&file_basename_len TSRMLS_CC);
+ php_basename(file, file_len, NULL, 0, &file_basename,
&file_basename_len TSRMLS_CC);
if (SAFEMODE_CHECKFILE(file_dirname_fullpath)) {
efree(file_dirname_fullpath);
@@ -882,7 +881,7 @@
int filename_len;
int err = 0;
long flags = 0;
- char resolved_path[MAXPATHLEN + 1];
+ char resolved_path[MAXPATHLEN];
zval *this = getThis();
ze_zip_object *ze_obj = NULL;
@@ -995,7 +994,7 @@
struct zip_source *zs;
long offset_start = 0, offset_len = 0;
int cur_idx;
- char resolved_path[MAXPATHLEN + 1];
+ char resolved_path[MAXPATHLEN];
if (!this) {
RETURN_FALSE;
@@ -1705,7 +1704,7 @@
switch (Z_TYPE_P(zval_files)) {
case IS_STRING:
file = Z_STRVAL_P(zval_files);
- if (!php_zip_extract_file(intern, pathto, file
TSRMLS_CC)) {
+ if (!php_zip_extract_file(intern, pathto, file,
Z_STRLEN_P(zval_files) TSRMLS_CC)) {
RETURN_FALSE;
}
break;
@@ -1721,7 +1720,7 @@
break;
case IS_STRING:
file =
Z_STRVAL_PP(zval_file);
- if
(!php_zip_extract_file(intern, pathto, file TSRMLS_CC)) {
+ if
(!php_zip_extract_file(intern, pathto, file, Z_STRLEN_P(zval_files) TSRMLS_CC))
{
RETURN_FALSE;
}
break;
@@ -1745,7 +1744,7 @@
for (i = 0; i < filecount; i++) {
file = (char*)zip_get_name(intern, i, ZIP_FL_UNCHANGED);
- if (!php_zip_extract_file(intern, pathto, file TSRMLS_CC)) {
+ if (!php_zip_extract_file(intern, pathto, file, strlen(file)
TSRMLS_CC)) {
RETURN_FALSE;
}
}
@@ -1807,7 +1806,7 @@
RETURN_FALSE;
}
- buffer = safe_emalloc(len + 1, 1, 1);
+ buffer = safe_emalloc(len, 1, 2);
n = zip_fread(zf, buffer, len);
if (n < 1) {
RETURN_EMPTY_STRING();
@@ -2001,7 +2000,7 @@
php_info_print_table_start();
php_info_print_table_row(2, "Zip", "enabled");
- php_info_print_table_row(2, "Extension Version","$Id: php_zip.c,v
1.1.2.20 2006/11/28 01:31:53 pajoye Exp $");
+ php_info_print_table_row(2, "Extension Version","$Id: php_zip.c,v
1.1.2.21 2006/12/23 23:28:39 iliaa Exp $");
php_info_print_table_row(2, "Zip version", "2.0.0");
php_info_print_table_row(2, "Libzip version", "0.7.1");
http://cvs.php.net/viewvc.cgi/php-src/ext/zip/zip_stream.c?r1=1.1.2.2&r2=1.1.2.3&diff_format=u
Index: php-src/ext/zip/zip_stream.c
diff -u php-src/ext/zip/zip_stream.c:1.1.2.2
php-src/ext/zip/zip_stream.c:1.1.2.3
--- php-src/ext/zip/zip_stream.c:1.1.2.2 Sun Nov 12 00:41:16 2006
+++ php-src/ext/zip/zip_stream.c Sat Dec 23 23:28:39 2006
@@ -1,4 +1,4 @@
-/* $Id: zip_stream.c,v 1.1.2.2 2006/11/12 00:41:16 nlopess Exp $ */
+/* $Id: zip_stream.c,v 1.1.2.3 2006/12/23 23:28:39 iliaa Exp $ */
#ifdef HAVE_CONFIG_H
# include "config.h"
#endif
@@ -153,7 +153,7 @@
char *file_basename;
size_t file_basename_len;
- char file_dirname[MAXPATHLEN+1];
+ char file_dirname[MAXPATHLEN];
struct zip *za;
struct zip_file *zf = NULL;
@@ -179,15 +179,15 @@
return NULL;
}
path_len = strlen(path);
+ if (path_len >= MAXPATHLEN || mode[0] != 'r') {
+ return NULL;
+ }
memcpy(file_dirname, path, path_len - fragment_len);
file_dirname[path_len - fragment_len] = '\0';
php_basename(path, path_len - fragment_len, NULL, 0, &file_basename,
&file_basename_len TSRMLS_CC);
fragment++;
- if (mode[0] != 'r') {
- return NULL;
- }
za = zip_open(file_dirname, ZIP_CREATE, &err);
if (za) {
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
