1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
|
From c55973ad182906be1282257f1ba79b89ab9625a2 Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Wed, 27 Aug 2025 09:54:34 +0200
Subject: [PATCH 1/2] Fix leak when path is too long in ZipArchive::extractTo()
Upstream 09c223de00af9b312e49db7bbc915aefaca5dbf8
---
php5/php_zip.c | 1 +
php7/php_zip.c | 1 +
php73/php_zip.c | 1 +
php74/php_zip.c | 1 +
php8/php_zip.c | 1 +
php81/php_zip.c | 1 +
php85/php_zip.c | 1 +
7 files changed, 7 insertions(+)
diff --git a/php5/php_zip.c b/php5/php_zip.c
index 08b4963..5dda462 100644
--- a/php5/php_zip.c
+++ b/php5/php_zip.c
@@ -234,6 +234,7 @@ static int php_zip_extract_file(struct zip * za, char *dest, const char *file, i
return 0;
} else if (len > MAXPATHLEN) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Full extraction path exceed MAXPATHLEN (%i)", MAXPATHLEN);
+ efree(fullpath);
efree(file_dirname_fullpath);
efree(file_basename);
efree(new_state.cwd);
diff --git a/php7/php_zip.c b/php7/php_zip.c
index b660b33..bffed61 100644
--- a/php7/php_zip.c
+++ b/php7/php_zip.c
@@ -233,6 +233,7 @@ static int php_zip_extract_file(struct zip * za, char *dest, const char *file, s
return 0;
} else if (len > MAXPATHLEN) {
php_error_docref(NULL, E_WARNING, "Full extraction path exceed MAXPATHLEN (%i)", MAXPATHLEN);
+ efree(fullpath);
efree(file_dirname_fullpath);
zend_string_release(file_basename);
CWD_STATE_FREE(new_state.cwd);
diff --git a/php73/php_zip.c b/php73/php_zip.c
index 9dd4ac2..0635a84 100644
--- a/php73/php_zip.c
+++ b/php73/php_zip.c
@@ -233,6 +233,7 @@ static int php_zip_extract_file(struct zip * za, char *dest, const char *file, s
return 0;
} else if (len > MAXPATHLEN) {
php_error_docref(NULL, E_WARNING, "Full extraction path exceed MAXPATHLEN (%i)", MAXPATHLEN);
+ efree(fullpath);
efree(file_dirname_fullpath);
zend_string_release_ex(file_basename, 0);
CWD_STATE_FREE(new_state.cwd);
diff --git a/php74/php_zip.c b/php74/php_zip.c
index 5754dd9..0cd33ad 100644
--- a/php74/php_zip.c
+++ b/php74/php_zip.c
@@ -229,6 +229,7 @@ static int php_zip_extract_file(struct zip * za, char *dest, const char *file, s
return 0;
} else if (len > MAXPATHLEN) {
php_error_docref(NULL, E_WARNING, "Full extraction path exceed MAXPATHLEN (%i)", MAXPATHLEN);
+ efree(fullpath);
efree(file_dirname_fullpath);
zend_string_release_ex(file_basename, 0);
CWD_STATE_FREE(new_state.cwd);
diff --git a/php8/php_zip.c b/php8/php_zip.c
index dc5f539..5328c25 100644
--- a/php8/php_zip.c
+++ b/php8/php_zip.c
@@ -217,6 +217,7 @@ static int php_zip_extract_file(struct zip * za, char *dest, const char *file, s
return 0;
} else if (len > MAXPATHLEN) {
php_error_docref(NULL, E_WARNING, "Full extraction path exceed MAXPATHLEN (%i)", MAXPATHLEN);
+ efree(fullpath);
efree(file_dirname_fullpath);
zend_string_release_ex(file_basename, 0);
CWD_STATE_FREE(new_state.cwd);
diff --git a/php81/php_zip.c b/php81/php_zip.c
index 3746ff5..ddcf47f 100644
--- a/php81/php_zip.c
+++ b/php81/php_zip.c
@@ -226,6 +226,7 @@ static int php_zip_extract_file(struct zip * za, char *dest, const char *file, s
return 0;
} else if (len > MAXPATHLEN) {
php_error_docref(NULL, E_WARNING, "Full extraction path exceed MAXPATHLEN (%i)", MAXPATHLEN);
+ efree(fullpath);
efree(file_dirname_fullpath);
zend_string_release_ex(file_basename, 0);
CWD_STATE_FREE(new_state.cwd);
diff --git a/php85/php_zip.c b/php85/php_zip.c
index 450c297..d5f7b01 100644
--- a/php85/php_zip.c
+++ b/php85/php_zip.c
@@ -211,6 +211,7 @@ static int php_zip_extract_file(struct zip * za, char *dest, const char *file, s
return 0;
} else if (len > MAXPATHLEN) {
php_error_docref(NULL, E_WARNING, "Full extraction path exceed MAXPATHLEN (%i)", MAXPATHLEN);
+ efree(fullpath);
efree(file_dirname_fullpath);
zend_string_release_ex(file_basename, 0);
CWD_STATE_FREE(new_state.cwd);
--
2.51.0
|
