]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 20f5f21)
Fixed crash in zip extract method (possible CWE-170)
authorPierre Joye <pajoye@php.net>
Tue, 30 Nov 2010 11:04:06 +0000 (11:04 +0000)
committerPierre Joye <pajoye@php.net>
Tue, 30 Nov 2010 11:04:06 +0000 (11:04 +0000)
ext/zip/php_zip.c patch | blob | history

diff --git a/ext/zip/php_zip.c b/ext/zip/php_zip.c
index 522e92d34f4360e86b3a2a0031b50b7e895e69a9..e7c7014bb6863bd63825338b6ca0d083b7f1d5b9 100644 (file)
--- a/ext/zip/php_zip.c
+++ b/ext/zip/php_zip.c
@@ -162,6 +162,9 @@ static int php_zip_extract_file(struct zip * za, char *dest, char *file, int fil
         */
        virtual_file_ex(&new_state, file, NULL, CWD_EXPAND TSRMLS_CC);
        path_cleaned =  php_zip_make_relative_path(new_state.cwd, new_state.cwd_length);
+       if(!path_cleaned) {
+               return 0;
+       }
        path_cleaned_len = strlen(path_cleaned);
 
        if (path_cleaned_len >= MAXPATHLEN || zip_stat(za, file, 0, &sb) != 0) {
Unnamed repository; edit this file 'description' to name the repository.