- pecl bug #11216, better fix, leak removed and improved test

- typo in news, better late than never (-d)

diff --git a/NEWS b/NEWS
index f7849cfa59478bbab1708ec1587e32b224968492..51765ef773d6df78ac38c7a7a39b0ed53c18c1b7 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -4,6 +4,8 @@ PHP                                                                        NEWS
 - Improved fix for MOPB-03-2007. (Ilia)
 - Corrected fix for CVE-2007-2872. (Ilia)
 - Added GD version constants GD_MAJOR_VERSION, GD_MINOR_VERSION
+- Fixed crash in ZipArchive::addEmptyDir when a directory already
+  exists (pecl bug #11216) (Pierre)
   GD_RELEASE_VERSION, GD_EXTRA_VERSION and GD_VERSION_STRING. (Pierre)
 - Fixed bug #41576 (configure failure when using --without-apxs or some
   other SAPIs disabling options). (Jani)
@@ -24,7 +26,7 @@ PHP                                                                        NEWS
 - Optimized digest generation in md5() and sha1() functions. (Ilia)
 - Upgraded bundled SQLite 3 to version 3.3.17. (Ilia)
 
-- Addded "max_input_nesting_level" php.ini option to limit nesting level of 
+- Added "max_input_nesting_level" php.ini option to limit nesting level of 
   input variables. Fix for MOPB-03-2007. (Stas)
 - Added a 4th parameter flag to htmlspecialchars() and htmlentities() that 
   makes the function not encode existing html entities. (Ilia)

diff --git a/ext/zip/php_zip.c b/ext/zip/php_zip.c
index 5f56478949327475095ad7c76334a8af978e60a1..662513a6c8a307175a2970adfd0e4b5f11865f08 100644 (file)
--- a/ext/zip/php_zip.c
+++ b/ext/zip/php_zip.c
@@ -120,7 +120,7 @@ static int php_zip_extract_file(struct zip * za, char *dest, char *file, int fil
                        len = spprintf(&file_dirname_fullpath, 0, "%s", dest);
                }
 
-               php_basename(file, file_len, NULL, 0, &file_basename, (unsigned int *)&file_basename_len TSRMLS_CC);
+               php_basename(file, file_len, NULL, 0, &file_basename, (size_t *)&file_basename_len TSRMLS_CC);
 
                if (OPENBASEDIR_CHECKPATH(file_dirname_fullpath)) {
                        efree(file_dirname_fullpath);
@@ -1005,7 +1005,6 @@ static ZIPARCHIVE_METHOD(addEmptyDir)
        }
 
     if (dirname[dirname_len-1] != '/') {
-
                s=(char *)emalloc(dirname_len+2);
                strcpy(s, dirname);
                s[dirname_len] = '/';
@@ -1016,14 +1015,23 @@ static ZIPARCHIVE_METHOD(addEmptyDir)
 
        idx = zip_stat(intern, s, 0, &sb);
        if (idx >= 0) {
-               RETURN_FALSE;
-       }
+               RETVAL_FALSE;
+       } else {
+               /* reset the error */
+               if (intern->error.str) {
+                       _zip_error_fini(&intern->error);
+               }
+               _zip_error_init(&intern->error);
 
-       if (zip_add_dir(intern, (const char *)s) == -1) {
-               RETURN_FALSE;
+               if (zip_add_dir(intern, (const char *)s) == -1) {
+                       RETVAL_FALSE;
+               }
+               RETVAL_TRUE;
        }
 
-       RETURN_TRUE;
+       if (s != dirname) {
+               efree(s);
+       }
 }
 /* }}} */
 

diff --git a/ext/zip/tests/bug11216.phpt b/ext/zip/tests/bug11216.phpt
index b5fa9b93bd73f9bc09371848f44b5121c6db154b..607217ad7233a6afe34965b40ac3863a62f57c6b 100644 (file)
--- a/ext/zip/tests/bug11216.phpt
+++ b/ext/zip/tests/bug11216.phpt
@@ -10,6 +10,7 @@ if(!extension_loaded('zip')) die('skip');
 $archive = new ZipArchive();
 $archive->open('__test.zip', ZIPARCHIVE::CREATE);
 var_dump($archive->addEmptyDir('test'));
+print_r($archive);
 var_dump($archive->addEmptyDir('test'));
 $archive->close();
 unlink('__test.zip');
@@ -21,7 +22,7 @@ ZipArchive Object
     [status] => 0
     [statusSys] => 0
     [numFiles] => 1
-    [filename] =>
-    [comment] =>
+    [filename] => 
+    [comment] => 
 )
 bool(false)