php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-24 00:02:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'PHP-8.4'

Browse Source 
* PHP-8.4:
  Fix GH-19688: Remove pattern overflow in zip addGlob()
This commit is contained in:
Niels Dossche
2025-09-10 23:48:22 +02:00
parent c15d51f747 98aba6c165
commit 2d545dd1b7
2 changed files with 22 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ext/zip/php_zip.c
View File

@@ -1742,7 +1742,7 @@ static void php_zip_add_from_pattern(INTERNAL_FUNCTION_PARAMETERS, int type) /*
basename = php_basename(Z_STRVAL_P(zval_file), Z_STRLEN_P(zval_file), NULL, 0);
file_stripped = ZSTR_VAL(basename);
file_stripped_len = ZSTR_LEN(basename);
} else if (opts.remove_path && !memcmp(Z_STRVAL_P(zval_file), opts.remove_path, opts.remove_path_len)) {
} else if (opts.remove_path && Z_STRLEN_P(zval_file) > opts.remove_path_len && !memcmp(Z_STRVAL_P(zval_file), opts.remove_path, opts.remove_path_len)) {
if (IS_SLASH(Z_STRVAL_P(zval_file)[opts.remove_path_len])) {
file_stripped = Z_STRVAL_P(zval_file) + opts.remove_path_len + 1;
file_stripped_len = Z_STRLEN_P(zval_file) - opts.remove_path_len - 1;

21
ext/zip/tests/gh19688.phpt Normal file
View File

@@ -0,0 +1,21 @@
--TEST--
GH-19688 (Remove pattern overflow in zip addGlob())
--EXTENSIONS--
zip
--FILE--
<?php
$dir = __DIR__ . '/';
$testfile = $dir . '001.phpt';
$zip = new ZipArchive();
$filename = $dir . '/gh19688.zip';
$zip->open($filename, ZipArchive::CREATE | ZipArchive::OVERWRITE);
$options = array('remove_path' => $dir . 'a very long string here that will overrun');
$zip->addGlob($testfile, 0, $options);
var_dump($zip->getNameIndex(0));
?>
--CLEAN--
<?php
@unlink(__DIR__ . '/gh19688.zip');
?>
--EXPECTF--
string(%d) "%s001.phpt"