From 968ae4a56a08587d73f81f30a0d57fbd109e4cf4 Mon Sep 17 00:00:00 2001 From: Anatol Belski Date: Wed, 10 Apr 2013 20:39:17 +0200 Subject: [PATCH] Fixed bug #64342 ZipArchive::addFile() has to check for file existence --- NEWS | 4 ++++ ext/zip/php_zip.c | 7 ++++++ ext/zip/tests/bug64342_0.phpt | 42 +++++++++++++++++++++++++++++++++++ ext/zip/tests/bug64342_1.phpt | 37 ++++++++++++++++++++++++++++++ 4 files changed, 90 insertions(+) create mode 100644 ext/zip/tests/bug64342_0.phpt create mode 100644 ext/zip/tests/bug64342_1.phpt diff --git a/NEWS b/NEWS index 688f4f9bce4..a5cd7f23a74 100644 --- a/NEWS +++ b/NEWS @@ -7,6 +7,10 @@ PHP NEWS segfault). (Laruence) . Fixed bugs #47675 and #64577 (fd leak on Solaris) +- Zip: + . Fixed bug #64342 (ZipArchive::addFile() has to check for file existence). + (Anatol) + 11 Apr 2013, PHP 5.3.24 - Core diff --git a/ext/zip/php_zip.c b/ext/zip/php_zip.c index bdd35a2ede0..b1a1a3628c4 100644 --- a/ext/zip/php_zip.c +++ b/ext/zip/php_zip.c @@ -28,6 +28,7 @@ #include "ext/standard/file.h" #include "ext/standard/php_string.h" #include "ext/pcre/php_pcre.h" +#include "ext/standard/php_filestat.h" #include "php_zip.h" #include "lib/zip.h" #include "lib/zipint.h" @@ -309,6 +310,7 @@ static int php_zip_add_file(struct zip *za, const char *filename, size_t filenam struct zip_source *zs; int cur_idx; char resolved_path[MAXPATHLEN]; + zval exists_flag; if (ZIP_OPENBASEDIR_CHECKPATH(filename)) { @@ -319,6 +321,11 @@ static int php_zip_add_file(struct zip *za, const char *filename, size_t filenam return -1; } + php_stat(resolved_path, strlen(resolved_path), FS_EXISTS, &exists_flag TSRMLS_CC); + if (!Z_BVAL(exists_flag)) { + return -1; + } + zs = zip_source_file(za, resolved_path, offset_start, offset_len); if (!zs) { return -1; diff --git a/ext/zip/tests/bug64342_0.phpt b/ext/zip/tests/bug64342_0.phpt new file mode 100644 index 00000000000..066d3e6fc20 --- /dev/null +++ b/ext/zip/tests/bug64342_0.phpt @@ -0,0 +1,42 @@ +--TEST-- +Bug #64342 ZipArchive::addFile() has to check file existance (variation 1) +--SKIPIF-- + +--FILE-- +open(dirname(__FILE__) . '/bug64342.zip', ZipArchive::CREATE); +if ($res === TRUE) { + $f = md5(uniqid()) . '.txt'; + echo "$f\n"; + $res = $zip->addFile($f); + if (true == $res) { + echo "add ok\n"; + } else { + echo "add failed\n"; + } + $res = $zip->close(); + if (true == $res) { + echo "close ok\n"; + } else { + echo "close failed\n"; + } +} else { + echo "open failed\n"; +} + + +?> +DONE +--CLEAN-- + +--FILE-- +open($file)) { + exit('failed'); +} +if (!$zip->addFile($dirname . 'cant_find_me.txt', 'test.php')) { + echo "failed\n"; +} +if ($zip->status == ZIPARCHIVE::ER_OK) { + dump_entries_name($zip); + $zip->close(); +} else { + echo "failed\n"; +} +@unlink($file); +?> +--EXPECTF-- +failed +0 bar +1 foobar/ +2 foobar/baz +3 entry1.txt