- Upgraded bundled PCRE to version 8.10. (Ilia)
- Security enhancements:
+ . Fixed crash in zip extract method (possible CWE-170).
+ (Maksymilian Arciemowicz, Pierre)
. Paths with NULL in them (foo\0bar.txt) are now considered as invalid. (Rasmus)
. Fixed a possible double free in imap extension (Identified by Mateusz
Kocielski). (CVE-2010-4150). (Ilia)
*/
virtual_file_ex(&new_state, file, NULL, CWD_EXPAND);
path_cleaned = php_zip_make_relative_path(new_state.cwd, new_state.cwd_length);
+ if(!path_cleaned) {
+ return 0;
+ }
path_cleaned_len = strlen(path_cleaned);
if (path_cleaned_len >= MAXPATHLEN || zip_stat(za, file, 0, &sb) != 0) {