pajoye Wed Mar 14 11:32:25 2007 UTC Modified files: (Branch: PHP_5_2) /php-src NEWS /php-src/ext/zip php_zip.c Log: - MFH: Fixed possible relative path issues in zip_open in TS mode (old API) http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.588&r2=1.2027.2.547.2.589&diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.2027.2.547.2.588 php-src/NEWS:1.2027.2.547.2.589 --- php-src/NEWS:1.2027.2.547.2.588 Wed Mar 14 11:08:57 2007 +++ php-src/NEWS Wed Mar 14 11:32:25 2007 @@ -15,6 +15,7 @@ - Added --ri switch to CLI which allows to check extension information. (Marcus) - Added tidyNode::getParent() method (John, Nuno) - Added openbasedir and safemode checks in zip:// stream wrapper (Pierre) +- Fixed possible relative path issues in zip_open and TS mode (old API) (Pierre) - Fixed zend_llist_remove_tail (Michael Wallner, Dmitry) - Fixed a thread safety issue in gd gif read code (Nuno, Roman Nemecek) - Fixed CVE-2007-1001, GD wbmp used with invalid image size (Pierre) http://cvs.php.net/viewvc.cgi/php-src/ext/zip/php_zip.c?r1=1.1.2.28&r2=1.1.2.29&diff_format=u Index: php-src/ext/zip/php_zip.c diff -u php-src/ext/zip/php_zip.c:1.1.2.28 php-src/ext/zip/php_zip.c:1.1.2.29 --- php-src/ext/zip/php_zip.c:1.1.2.28 Wed Mar 14 11:08:57 2007 +++ php-src/ext/zip/php_zip.c Wed Mar 14 11:32:25 2007 @@ -16,7 +16,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: php_zip.c,v 1.1.2.28 2007/03/14 11:08:57 pajoye Exp $ */ +/* $Id: php_zip.c,v 1.1.2.29 2007/03/14 11:32:25 pajoye Exp $ */ #ifdef HAVE_CONFIG_H #include "config.h" @@ -616,16 +616,27 @@ { char *filename; int filename_len; + char resolved_path[MAXPATHLEN + 1]; zip_rsrc *rsrc_int; int err = 0; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &filename, &filename_len) == FAILURE) { return; } + + if (filename_len == 0) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Empty string as source"); + RETURN_FALSE; + } + if (OPENBASEDIR_CHECKPATH(filename)) { RETURN_FALSE; } + if(!expand_filepath(filename, resolved_path TSRMLS_CC)) { + RETURN_FALSE; + } + rsrc_int = (zip_rsrc *)emalloc(sizeof(zip_rsrc)); rsrc_int->za = zip_open(filename, 0, &err); @@ -2011,7 +2022,7 @@ php_info_print_table_start(); php_info_print_table_row(2, "Zip", "enabled"); - php_info_print_table_row(2, "Extension Version","$Id: php_zip.c,v 1.1.2.28 2007/03/14 11:08:57 pajoye Exp $"); + php_info_print_table_row(2, "Extension Version","$Id: php_zip.c,v 1.1.2.29 2007/03/14 11:32:25 pajoye Exp $"); php_info_print_table_row(2, "Zip version", "2.0.0"); php_info_print_table_row(2, "Libzip version", "0.7.1");
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php