Skip to content

Commit 493b59a

Browse files
committed
Merge branch 'PHP-8.4' into PHP-8.5
* PHP-8.4: Fix phpGH-21698: memory leak in ZipArchive::addGlob on early returns.
2 parents 91842e0 + 391ec27 commit 493b59a

2 files changed

Lines changed: 23 additions & 0 deletions

File tree

ext/zip/php_zip.c

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -636,12 +636,14 @@ int php_zip_glob(char *pattern, int pattern_len, zend_long flags, zval *return_v
636636

637637
/* now catch the FreeBSD style of "no matches" */
638638
if (!globbuf.gl_pathc || !globbuf.gl_pathv) {
639+
globfree(&globbuf);
639640
return 0;
640641
}
641642

642643
/* we assume that any glob pattern will match files from one directory only
643644
so checking the dirname of the first match should be sufficient */
644645
if (ZIP_OPENBASEDIR_CHECKPATH(globbuf.gl_pathv[0])) {
646+
globfree(&globbuf);
645647
return -1;
646648
}
647649

ext/zip/tests/gh21698.phpt

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
--TEST--
2+
GH-21698 (ZipArchive::addGlob memory leak when open_basedir rejects the match)
3+
--EXTENSIONS--
4+
zip
5+
--FILE--
6+
<?php
7+
$zipfile = __DIR__ . '/gh21698.zip';
8+
$zip = new ZipArchive();
9+
$zip->open($zipfile, ZipArchive::CREATE | ZipArchive::OVERWRITE);
10+
11+
ini_set('open_basedir', '/nonexistent_dir_for_gh21698');
12+
var_dump($zip->addGlob(__FILE__, 0, []));
13+
$zip->close();
14+
?>
15+
--CLEAN--
16+
<?php
17+
@unlink(__DIR__ . '/gh21698.zip');
18+
?>
19+
--EXPECTF--
20+
Warning: ZipArchive::addGlob(): open_basedir restriction in effect. File(%s) is not within the allowed path(s): (%s) in %s on line %d
21+
bool(false)

0 commit comments

Comments
 (0)