php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #47188 Zip::extractTo segfault on '..' paths
Submitted: 2009-01-22 06:53 UTC Modified: 2009-05-03 01:00 UTC
From: seanius at debian dot org Assigned:
Status: No Feedback Package: Zip Related
PHP Version: 5.2.8 OS: Debian
Private report: No CVE-ID: None
 [2009-01-22 06:53 UTC] seanius at debian dot org
Description:
------------
originally reported to php-internals here:

http://news.php.net/php.internals/42758

pierre has backported a couple functions from 5.3 as a first attempt at patching 5.2.8 here:

http://news.php.net/php.internals/42762

i have not yet tested this patch, but am reporting here first as requested :)

Reproduce code:
---------------
http://people.debian.org/~seanius/php/security/ziptest.tgz


Expected result:
----------------
rangda[/home/sean/ziptest] php ziptest.php                                   :)
opening 'normal' zipfile...ok.
extracted.
opening 'bad' zipfile...ok.
extracted.

(and then two extracted directories should exist)


Actual result:
--------------
rangda[/home/sean/ziptest] php ziptest.php                                   :)
opening 'normal' zipfile...ok.
extracted.
opening 'bad' zipfile...ok.
zsh: segmentation fault  php ziptest.php


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-04-25 16:12 UTC] jani@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/

I can not reproduce this with latest CVS checkout of PHP_5_2.
 [2009-05-03 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Dec 22 06:01:30 2024 UTC