#47188 [NEW]: Zip::extractTo segfault on '..' paths

Wed, 21 Jan 2009 22:53:28 -0800 

From:             seanius at debian dot org
Operating system: Debian
PHP version:      5.2.8
PHP Bug Type:     Zip Related
Bug description:  Zip::extractTo segfault on '..' paths

Description:
------------
originally reported to php-internals here:

http://news.php.net/php.internals/42758

pierre has backported a couple functions from 5.3 as a first attempt at
patching 5.2.8 here:

http://news.php.net/php.internals/42762

i have not yet tested this patch, but am reporting here first as requested
:)

Reproduce code:
---------------
http://people.debian.org/~seanius/php/security/ziptest.tgz


Expected result:
----------------
rangda[/home/sean/ziptest] php ziptest.php                                
  :)
opening 'normal' zipfile...ok.
extracted.
opening 'bad' zipfile...ok.
extracted.

(and then two extracted directories should exist)


Actual result:
--------------
rangda[/home/sean/ziptest] php ziptest.php                                
  :)
opening 'normal' zipfile...ok.
extracted.
opening 'bad' zipfile...ok.
zsh: segmentation fault  php ziptest.php


-- 
Edit bug report at http://bugs.php.net/?id=47188&edit=1
-- 
Try a CVS snapshot (PHP 5.2):        
http://bugs.php.net/fix.php?id=47188&r=trysnapshot52
Try a CVS snapshot (PHP 5.3):        
http://bugs.php.net/fix.php?id=47188&r=trysnapshot53
Try a CVS snapshot (PHP 6.0):        
http://bugs.php.net/fix.php?id=47188&r=trysnapshot60
Fixed in CVS:                        
http://bugs.php.net/fix.php?id=47188&r=fixedcvs
Fixed in CVS and need be documented: 
http://bugs.php.net/fix.php?id=47188&r=needdocs
Fixed in release:                    
http://bugs.php.net/fix.php?id=47188&r=alreadyfixed
Need backtrace:                      
http://bugs.php.net/fix.php?id=47188&r=needtrace
Need Reproduce Script:               
http://bugs.php.net/fix.php?id=47188&r=needscript
Try newer version:                   
http://bugs.php.net/fix.php?id=47188&r=oldversion
Not developer issue:                 
http://bugs.php.net/fix.php?id=47188&r=support
Expected behavior:                   
http://bugs.php.net/fix.php?id=47188&r=notwrong
Not enough info:                     
http://bugs.php.net/fix.php?id=47188&r=notenoughinfo
Submitted twice:                     
http://bugs.php.net/fix.php?id=47188&r=submittedtwice
register_globals:                    
http://bugs.php.net/fix.php?id=47188&r=globals
PHP 4 support discontinued:          http://bugs.php.net/fix.php?id=47188&r=php4
Daylight Savings:                    http://bugs.php.net/fix.php?id=47188&r=dst
IIS Stability:                       
http://bugs.php.net/fix.php?id=47188&r=isapi
Install GNU Sed:                     
http://bugs.php.net/fix.php?id=47188&r=gnused
Floating point limitations:          
http://bugs.php.net/fix.php?id=47188&r=float
No Zend Extensions:                  
http://bugs.php.net/fix.php?id=47188&r=nozend
MySQL Configuration Error:           
http://bugs.php.net/fix.php?id=47188&r=mysqlcfg

Reply via email to