1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
|
From 746f8a1b4501ae6c364fc531f46fbab3bfd51d1d Mon Sep 17 00:00:00 2001
From: Remi Collet <fedora@famillecollet.com>
Date: Wed, 23 Oct 2013 11:12:52 +0200
Subject: [PATCH] clean 1 use of private lilbzip structure (stay 1)
add a "doubleclose" test to check than nothing wrong occurs
zip_discard already test is zp is open
---
php_zip.c | 10 ++--------
tests/doubleclose.phpt | 43 +++++++++++++++++++++++++++++++++++++++++++
3 files changed, 47 insertions(+), 9 deletions(-)
create mode 100644 tests/doubleclose.phpt
diff --git a/php_zip.c b/php_zip.c
index 8943d32..280ef3e 100644
--- a/php_zip.c
+++ b/php_zip.c
@@ -1609,7 +1609,7 @@ static ZIPARCHIVE_METHOD(close)
ze_zip_object *ze_obj;
if (!this) {
- RETURN_FALSE;
+ RETURN_FALSE;
}
ZIP_FROM_OBJECT(intern, this);
@@ -1617,13 +1617,7 @@ static ZIPARCHIVE_METHOD(close)
ze_obj = (ze_zip_object*) zend_object_store_get_object(this TSRMLS_CC);
if (zip_close(intern)) {
- /* archive already closed*/
- if (intern->zp != NULL) {
- zip_discard(intern);
- RETVAL_TRUE;
- } else {
- RETURN_FALSE;
- }
+ zip_discard(intern);
}
efree(ze_obj->filename);
diff --git a/tests/doubleclose.phpt b/tests/doubleclose.phpt
new file mode 100644
index 0000000..abc62c8
--- /dev/null
+++ b/tests/doubleclose.phpt
@@ -0,0 +1,43 @@
+--TEST--
+close() called twice
+--SKIPIF--
+<?php
+if(!extension_loaded('zip')) die('skip');
+?>
+--FILE--
+<?php
+
+echo "Procedural\n";
+$zip = zip_open(dirname(__FILE__) . '/test.zip');
+if (!is_resource($zip)) {
+ die("Failure");
+ }
+var_dump(zip_close($zip));
+var_dump(zip_close($zip));
+
+echo "Object\n";
+$zip = new ZipArchive();
+if (!$zip->open(dirname(__FILE__) . '/test.zip')) {
+ die('Failure');
+}
+if ($zip->status == ZIPARCHIVE::ER_OK) {
+ var_dump($zip->close());
+ var_dump($zip->close());
+} else {
+ die("Failure");
+}
+
+?>
+Done
+--EXPECTF--
+Procedural
+NULL
+
+Warning: zip_close(): %i is not a valid Zip Directory resource in %s
+bool(false)
+Object
+bool(true)
+
+Warning: ZipArchive::close(): Invalid or uninitialized Zip object in %s
+bool(false)
+Done
--
1.8.4
From 5175272e369ba7b781682dfb1a32f4e41c5a28a1 Mon Sep 17 00:00:00 2001
From: Remi Collet <fedora@famillecollet.com>
Date: Wed, 23 Oct 2013 13:54:10 +0200
Subject: [PATCH] add a test to check double call to zip_entry_close
---
tests/zip_entry_close.phpt | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
create mode 100644 tests/zip_entry_close.phpt
diff --git a/tests/zip_entry_close.phpt b/tests/zip_entry_close.phpt
new file mode 100644
index 0000000..82b7819
--- /dev/null
+++ b/tests/zip_entry_close.phpt
@@ -0,0 +1,24 @@
+--TEST--
+zip_entry_close() function: simple and double call
+--SKIPIF--
+<?php
+/* $Id$ */
+if(!extension_loaded('zip')) die('skip');
+?>
+--FILE--
+<?php
+$zip = zip_open(dirname(__FILE__)."/test_procedural.zip");
+$entry = zip_read($zip);
+echo "entry_open: "; var_dump(zip_entry_open($zip, $entry, "r"));
+echo "entry_close: "; var_dump(zip_entry_close($entry));
+echo "entry_close: "; var_dump(zip_entry_close($entry));
+zip_close($zip);
+?>
+Done
+--EXPECTF--
+entry_open: bool(true)
+entry_close: bool(true)
+entry_close:
+Warning: zip_entry_close(): %d is not a valid Zip Entry resource in %s
+bool(false)
+Done
--
1.8.4
From 229d87088b5cdd471bcd63d132c7a6af55013b2f Mon Sep 17 00:00:00 2001
From: Remi Collet <fedora@famillecollet.com>
Date: Thu, 24 Oct 2013 11:46:44 +0200
Subject: [PATCH] clean all uses of private libzip structure move check from
NULL deref from php ext to in libzip
libzip patch is from upstream
http://hg.nih.at/libzip?cs=a2f3bb7896c0
---
lib/zip_fclose.c | 14 ++++++++------
php_zip.c | 10 +---------
3 files changed, 10 insertions(+), 16 deletions(-)
diff --git a/lib/zip_fclose.c b/lib/zip_fclose.c
index 611db80..093c30e 100644
--- a/lib/zip_fclose.c
+++ b/lib/zip_fclose.c
@@ -48,12 +48,14 @@
if (zf->src)
zip_source_free(zf->src);
- for (i=0; i<zf->za->nfile; i++) {
- if (zf->za->file[i] == zf) {
- zf->za->file[i] = zf->za->file[zf->za->nfile-1];
- zf->za->nfile--;
- break;
- }
+ if (zf->za) {
+ for (i=0; i<zf->za->nfile; i++) {
+ if (zf->za->file[i] == zf) {
+ zf->za->file[i] = zf->za->file[zf->za->nfile-1];
+ zf->za->nfile--;
+ break;
+ }
+ }
}
ret = 0;
diff --git a/php_zip.c b/php_zip.c
index 280ef3e..c6591c9 100644
--- a/php_zip.c
+++ b/php_zip.c
@@ -30,8 +30,6 @@
#include "ext/pcre/php_pcre.h"
#include "ext/standard/php_filestat.h"
#include "php_zip.h"
-/* Private struct definition, always use bundled copy */
-#include "lib/zipint.h"
/* zip_open is a macro for renaming libzip zipopen, so we need to use PHP_NAMED_FUNCTION */
static PHP_NAMED_FUNCTION(zif_zip_open);
@@ -1183,13 +1181,7 @@ static void php_zip_free_entry(zend_rsrc_list_entry *rsrc TSRMLS_DC)
if (zr_rsrc) {
if (zr_rsrc->zf) {
- if (zr_rsrc->zf->za) {
- zip_fclose(zr_rsrc->zf);
- } else {
- if (zr_rsrc->zf->src)
- zip_source_free(zr_rsrc->zf->src);
- free(zr_rsrc->zf);
- }
+ zip_fclose(zr_rsrc->zf);
zr_rsrc->zf = NULL;
}
efree(zr_rsrc);
--
1.8.4
|
