diff options
| -rw-r--r-- | NEWS | 2 | ||||
| -rw-r--r-- | ext/zip/php_zip.c | 3 |
2 files changed, 5 insertions, 0 deletions
@@ -5,6 +5,8 @@ EXTR_OVERWRITE. (jorto at redhat dot com) 18 Nov 2010, PHP 5.2.15RC1 +- Fixed crash in zip extract method (possible CWE-170). + (Maksymilian Arciemowicz, Pierre) - Fixed a possible double free in imap extension (Identified by Mateusz Kocielski). (CVE-2010-4150). (Ilia) - Fixed possible flaw in open_basedir (CVE-2010-3436). (Pierre) diff --git a/ext/zip/php_zip.c b/ext/zip/php_zip.c index a6d317de0f..eb75ef1af5 100644 --- a/ext/zip/php_zip.c +++ b/ext/zip/php_zip.c @@ -413,6 +413,9 @@ static int php_zip_extract_file(struct zip * za, char *dest, char *file, int fil return 0; } path_cleaned = php_zip_make_relative_path(new_state.cwd, new_state.cwd_length); + if(!path_cleaned) { + return 0; + } path_cleaned_len = strlen(path_cleaned); if (path_cleaned_len >= MAXPATHLEN || zip_stat(za, file, 0, &sb) != 0) { |