summaryrefslogtreecommitdiffstats
path: root/0001-Fix-leak-when-path-is-too-long-in-ZipArchive-extract.patch
diff options
context:
space:
mode:
Diffstat (limited to '0001-Fix-leak-when-path-is-too-long-in-ZipArchive-extract.patch')
-rw-r--r--0001-Fix-leak-when-path-is-too-long-in-ZipArchive-extract.patch103
1 files changed, 103 insertions, 0 deletions
diff --git a/0001-Fix-leak-when-path-is-too-long-in-ZipArchive-extract.patch b/0001-Fix-leak-when-path-is-too-long-in-ZipArchive-extract.patch
new file mode 100644
index 0000000..0dd8ea1
--- /dev/null
+++ b/0001-Fix-leak-when-path-is-too-long-in-ZipArchive-extract.patch
@@ -0,0 +1,103 @@
+From c55973ad182906be1282257f1ba79b89ab9625a2 Mon Sep 17 00:00:00 2001
+From: Remi Collet <remi@remirepo.net>
+Date: Wed, 27 Aug 2025 09:54:34 +0200
+Subject: [PATCH 1/2] Fix leak when path is too long in ZipArchive::extractTo()
+
+Upstream 09c223de00af9b312e49db7bbc915aefaca5dbf8
+---
+ php5/php_zip.c | 1 +
+ php7/php_zip.c | 1 +
+ php73/php_zip.c | 1 +
+ php74/php_zip.c | 1 +
+ php8/php_zip.c | 1 +
+ php81/php_zip.c | 1 +
+ php85/php_zip.c | 1 +
+ 7 files changed, 7 insertions(+)
+
+diff --git a/php5/php_zip.c b/php5/php_zip.c
+index 08b4963..5dda462 100644
+--- a/php5/php_zip.c
++++ b/php5/php_zip.c
+@@ -234,6 +234,7 @@ static int php_zip_extract_file(struct zip * za, char *dest, const char *file, i
+ return 0;
+ } else if (len > MAXPATHLEN) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Full extraction path exceed MAXPATHLEN (%i)", MAXPATHLEN);
++ efree(fullpath);
+ efree(file_dirname_fullpath);
+ efree(file_basename);
+ efree(new_state.cwd);
+diff --git a/php7/php_zip.c b/php7/php_zip.c
+index b660b33..bffed61 100644
+--- a/php7/php_zip.c
++++ b/php7/php_zip.c
+@@ -233,6 +233,7 @@ static int php_zip_extract_file(struct zip * za, char *dest, const char *file, s
+ return 0;
+ } else if (len > MAXPATHLEN) {
+ php_error_docref(NULL, E_WARNING, "Full extraction path exceed MAXPATHLEN (%i)", MAXPATHLEN);
++ efree(fullpath);
+ efree(file_dirname_fullpath);
+ zend_string_release(file_basename);
+ CWD_STATE_FREE(new_state.cwd);
+diff --git a/php73/php_zip.c b/php73/php_zip.c
+index 9dd4ac2..0635a84 100644
+--- a/php73/php_zip.c
++++ b/php73/php_zip.c
+@@ -233,6 +233,7 @@ static int php_zip_extract_file(struct zip * za, char *dest, const char *file, s
+ return 0;
+ } else if (len > MAXPATHLEN) {
+ php_error_docref(NULL, E_WARNING, "Full extraction path exceed MAXPATHLEN (%i)", MAXPATHLEN);
++ efree(fullpath);
+ efree(file_dirname_fullpath);
+ zend_string_release_ex(file_basename, 0);
+ CWD_STATE_FREE(new_state.cwd);
+diff --git a/php74/php_zip.c b/php74/php_zip.c
+index 5754dd9..0cd33ad 100644
+--- a/php74/php_zip.c
++++ b/php74/php_zip.c
+@@ -229,6 +229,7 @@ static int php_zip_extract_file(struct zip * za, char *dest, const char *file, s
+ return 0;
+ } else if (len > MAXPATHLEN) {
+ php_error_docref(NULL, E_WARNING, "Full extraction path exceed MAXPATHLEN (%i)", MAXPATHLEN);
++ efree(fullpath);
+ efree(file_dirname_fullpath);
+ zend_string_release_ex(file_basename, 0);
+ CWD_STATE_FREE(new_state.cwd);
+diff --git a/php8/php_zip.c b/php8/php_zip.c
+index dc5f539..5328c25 100644
+--- a/php8/php_zip.c
++++ b/php8/php_zip.c
+@@ -217,6 +217,7 @@ static int php_zip_extract_file(struct zip * za, char *dest, const char *file, s
+ return 0;
+ } else if (len > MAXPATHLEN) {
+ php_error_docref(NULL, E_WARNING, "Full extraction path exceed MAXPATHLEN (%i)", MAXPATHLEN);
++ efree(fullpath);
+ efree(file_dirname_fullpath);
+ zend_string_release_ex(file_basename, 0);
+ CWD_STATE_FREE(new_state.cwd);
+diff --git a/php81/php_zip.c b/php81/php_zip.c
+index 3746ff5..ddcf47f 100644
+--- a/php81/php_zip.c
++++ b/php81/php_zip.c
+@@ -226,6 +226,7 @@ static int php_zip_extract_file(struct zip * za, char *dest, const char *file, s
+ return 0;
+ } else if (len > MAXPATHLEN) {
+ php_error_docref(NULL, E_WARNING, "Full extraction path exceed MAXPATHLEN (%i)", MAXPATHLEN);
++ efree(fullpath);
+ efree(file_dirname_fullpath);
+ zend_string_release_ex(file_basename, 0);
+ CWD_STATE_FREE(new_state.cwd);
+diff --git a/php85/php_zip.c b/php85/php_zip.c
+index 450c297..d5f7b01 100644
+--- a/php85/php_zip.c
++++ b/php85/php_zip.c
+@@ -211,6 +211,7 @@ static int php_zip_extract_file(struct zip * za, char *dest, const char *file, s
+ return 0;
+ } else if (len > MAXPATHLEN) {
+ php_error_docref(NULL, E_WARNING, "Full extraction path exceed MAXPATHLEN (%i)", MAXPATHLEN);
++ efree(fullpath);
+ efree(file_dirname_fullpath);
+ zend_string_release_ex(file_basename, 0);
+ CWD_STATE_FREE(new_state.cwd);
+--
+2.51.0
+
generated by cgit (git 2.34.1) at 2025-10-07 19:34:06 +0000