1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
|
Subject: Fixed bug#53579 (stream_get_contents() segfaults on ziparchive streams)
Also added the filename being access to the stream_get_meta_data() array
Origin: http://svn.php.net/viewvc?view=revision&revision=306493
CVE-2011-1470
Patch differs from upstream commit in that it drops the added entry to
the NEWS file to reduce patch conflicts.
--- /dev/null
+++ b/ext/zip/tests/bug53579.phpt
@@ -0,0 +1,44 @@
+--TEST--
+Bug #53579 (stream_get_contents() segfaults on ziparchive streams)
+--SKIPIF--
+<?php
+/* $Id: oo_stream.phpt 260091 2008-05-21 09:27:41Z pajoye $ */
+if(!extension_loaded('zip')) die('skip');
+?>
+--FILE--
+<?php
+$dirname = dirname(__FILE__) . '/';
+$file = $dirname . 'test_with_comment.zip';
+include $dirname . 'utils.inc';
+$zip = new ZipArchive;
+if (!$zip->open($file)) {
+ exit('failed');
+}
+$fp = $zip->getStream('foo');
+
+var_dump($fp);
+if(!$fp) exit("\n");
+$contents = stream_get_contents($fp);
+
+fclose($fp);
+$zip->close();
+var_dump($contents);
+
+
+$fp = fopen('zip://' . dirname(__FILE__) . '/test_with_comment.zip#foo', 'rb');
+if (!$fp) {
+ exit("cannot open\n");
+}
+$contents = stream_get_contents($fp);
+var_dump($contents);
+fclose($fp);
+
+?>
+--EXPECTF--
+resource(%d) of type (stream)
+string(5) "foo
+
+"
+string(5) "foo
+
+"
--- a/ext/zip/zip_stream.c
+++ b/ext/zip/zip_stream.c
@@ -141,6 +141,7 @@ php_stream *php_stream_zip_open(char *fi
self->stream = NULL;
self->cursor = 0;
stream = php_stream_alloc(&php_stream_zipio_ops, self, NULL, mode);
+ stream->orig_path = estrdup(path);
} else {
zip_close(stream_za);
}
|
