php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-24 00:02:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix leak when path is too long in ZipArchive::extractTo()

Browse Source 
I did not find an easy way to trigger this branch without also
triggering some other error conditions earlier.

Closes GH-19002.
This commit is contained in:
Niels Dossche
2025-07-01 21:10:33 +02:00
parent 11ea995ff3
commit 09c223de00
2 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
NEWS
View File

@@ -42,6 +42,9 @@ PHP NEWS
. Fixed GH-13264 (fgets() and stream_get_line() do not return false on filter
fatal error). (Jakub Zelenka)
- Zip:
. Fix leak when path is too long in ZipArchive::extractTo(). (nielsdos)
03 Jul 2025, PHP 8.3.23
- Core:

1
ext/zip/php_zip.c
View File

@@ -218,6 +218,7 @@ static int php_zip_extract_file(struct zip * za, char *dest, const char *file, s
return 0;
} else if (len > MAXPATHLEN) {
php_error_docref(NULL, E_WARNING, "Full extraction path exceed MAXPATHLEN (%i)", MAXPATHLEN);
efree(fullpath);
efree(file_dirname_fullpath);
zend_string_release_ex(file_basename, 0);
CWD_STATE_FREE(new_state.cwd);