PHP :: Bug #80351 :: Incorrect detection of zip_*_method

Bug #80351

Incorrect detection of zip_*_method_supported() availability in libzip

Submitted:

2020-11-12 08:46 UTC

Modified:

2020-11-12 09:46 UTC

Votes:	4
Avg. Score:	3.2 ± 1.5
Reproduced:	3 of 3 (100.0%)
Same Version:	1 (33.3%)
Same OS:	2 (66.7%)

From:

nvizovitin at plesk dot com

Assigned:

remi (profile)

Status:

Assigned

Package:

Zip Related

PHP Version:

8.0.0RC3

OS:

Any with older libzip

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	nvizovitin at plesk dot com
New email:
PHP Version:		OS:

New Comment:

[2020-11-12 08:46 UTC] nvizovitin at plesk dot com

Description:
------------
HAVE_METHOD_SUPPORTED AC_DEFINE is set incorrectly during zip extension configuration for some libzip versions < 1.7.0, such as 1.3.2.

Detection of zip_compression_method_supported() and zip_encryption_method_supported() functions availability in libzip is incorrect. They are publicly available since libzip 1.7.0, however the first one was privately available before (at least in 1.3.2), so its detection via AC_CHECK_LIB was successful where it should not have been.

This results in runtime errors which happen on attempts to use ZipArchive::isEncryptionMethodSupported() or phpinfo().

See also:
* https://libzip.org/documentation/zip_compression_method_supported.html
* https://libzip.org/documentation/zip_encryption_method_supported.html

The issue was also reproduced on PHP 8.0.0RC4 (https://downloads.php.net/~carusogabriel/php-8.0.0RC4.tar.xz). We encountered this issue on CentOS 7 with non-system libzip build.

Test script:
---------------
php -r '$zip = new ZipArchive(); print($zip->isEncryptionMethodSupported(ZipArchive::EM_AES_256));'

OR

php -r 'phpinfo();'

Expected result:
----------------
Provided PHP was built against libzip < 1.7.0:

PHP Fatal error:  Uncaught Error: Call to undefined method ZipArchive::isEncryptionMethodSupported() in Command line code:1
Stack trace:
#0 {main}
  thrown in Command line code on line 1

AND

phpinfo() doesn't result in error

Actual result:
--------------
/opt/plesk/php/8.0/bin/php: symbol lookup error: /opt/plesk/php/8.0/lib64/php/modules/zip.so: undefined symbol: zip_encryption_method_supported

(in both cases)

Patches

libzip-fix-have-method-supported-detection.diff (last revision 2020-11-12 08:47 UTC by nvizovitin at plesk dot com)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2020-11-12 08:47 UTC] nvizovitin at plesk dot com

The following patch has been added/updated:

Patch Name: libzip-fix-have-method-supported-detection.diff
Revision:   1605170847
URL:        https://bugs.php.net/patch-display.php?bug=80351&patch=libzip-fix-have-method-supported-detection.diff&revision=1605170847

[2020-11-12 09:46 UTC] cmb@php.net

-Assigned To: +Assigned To: remi

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sun Nov 24 06:01:32 2024 UTC