re,
I ran a quick test to solve this problem sooner rather than later
(using only the crash.zip part):
pie...@ubuntu:~/cvs/php53/bld$ ./sapi/cli/php ./ziptest.php
opening 'bad' zipfile...ok.
extracted.
C:\Users\pierre\Documents\php-sdk\php53\vc9\x86\php53clean>Debug\php.exe
ziptest.php
opening 'bad' zipfile...ok.
extracted.
But it crashes in 5.2, it seems to be a problem in virtual_file_ex, it
return an empty string instead of the expected path.
Can you try the attached patch please? against 5.2. I backported the
necessary functions from TSRM and removed what we do not use. It
should fix the problem.
Cheers,
On Wed, Jan 21, 2009 at 11:25 PM, Pierre Joye <pierre....@gmail.com> wrote:
> hi,
>
> On Wed, Jan 21, 2009 at 10:57 PM, sean finney <sean...@debian.org> wrote:
>> hi everyone,
>>
>> i'm looking for a sanity check here, as i've already lost more time than
>> i'd like chasing ghosts on my treasure hunt through {bugs,lists,cvs}.php.net
>> :(
>>
>> afaict, CVE-2008-5658[1] is only half-fixed on 5.2.8, while it was supposed
>> to be fixed in 5.2.7.
>
> it is fixed in 5.2.7RC2 or RC3, see:
> http://cvs.php.net/viewvc.cgi/php-src/ext/zip/php_zip.c?r1=1.1.2.43&r2=1.1.2.44
>
>> while the zip library no longer blindly extracts files such as
>> "../../../var/www/index.php", it now seems to segfault on any files
>> that have a leading "..". I've put some sample code illustrating my
>> problem at[2]. am i on crack?
>
> No idea, can you open a bug and post the backtrace, a zip data to
> reproduce the problem and a simple script please? Simply post the
> links you gave here. I will take a look at them as soon as possible.
>
> Thanks for the report!
>
> Cheers,
> --
> Pierre
>
> http://blog.thepimp.net | http://www.libgd.org
>
--
Pierre
http://blog.thepimp.net | http://www.libgd.org
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
