From df2ceac25a43d72a0c25d3b415ae9eecc1ea195c Mon Sep 17 00:00:00 2001 From: "Christoph M. Becker" Date: Mon, 6 Sep 2021 17:42:46 +0200 Subject: [PATCH] Fix #81420: ZipArchive::extractTo extracts outside of destination We need to properly detect and handle absolute paths in a portable way. --- ext/zip/php_zip.c | 4 ++-- ext/zip/tests/bug81420.phpt | 24 ++++++++++++++++++++++++ ext/zip/tests/bug81420.zip | Bin 0 -> 218 bytes 3 files changed, 26 insertions(+), 2 deletions(-) create mode 100644 ext/zip/tests/bug81420.phpt create mode 100644 ext/zip/tests/bug81420.zip diff --git a/ext/zip/php_zip.c b/ext/zip/php_zip.c index 9cbef052853..6ed21a1ba68 100644 --- a/ext/zip/php_zip.c +++ b/ext/zip/php_zip.c @@ -106,8 +106,8 @@ static char * php_zip_make_relative_path(char *path, size_t path_len) /* {{{ */ return NULL; } - if (IS_SLASH(path[0])) { - return path + 1; + if (IS_ABSOLUTE_PATH(path, path_len)) { + return path + COPY_WHEN_ABSOLUTE(path) + 1; } i = path_len; diff --git a/ext/zip/tests/bug81420.phpt b/ext/zip/tests/bug81420.phpt new file mode 100644 index 00000000000..9eec0ee7e99 --- /dev/null +++ b/ext/zip/tests/bug81420.phpt @@ -0,0 +1,24 @@ +--TEST-- +Bug #81420 (ZipArchive::extractTo extracts outside of destination) +--SKIPIF-- + +--FILE-- +open(__DIR__ . "/bug81420.zip"); +$destination = __DIR__ . "/bug81420"; +mkdir($destination); +$zip->extractTo($destination); +var_dump(file_exists("$destination/nt1/zzr_noharm.php")); +?> +--CLEAN-- + +--EXPECT-- +bool(true) diff --git a/ext/zip/tests/bug81420.zip b/ext/zip/tests/bug81420.zip new file mode 100644 index 0000000000000000000000000000000000000000..2e9686cb98ab15e5703d48bf52c4b9982b7bb05d GIT binary patch literal 218 zcmWIWW@Zs#U|`^2n7vFnxPkd=j|Pxu1jJ%Mtgol1pI2h2UsY8UpO>GJSd^<*kWp}Y z?HTVgzGrpTt!Yz= w`5>SGCUM!t1(j!HkYET}w`}&I1=ks$?*BU(nGWz~Wdj+)2!t6xItFYa0HHoW;{X5v literal 0 HcmV?d00001