Project

General

Profile

CVE-2016-431.patch

Chris Lamb, 08/09/2016 08:44 PM

Download (1.3 KB)

View differences:

libraries/Archive/adapter/zip.php
187 187
			if( substr( $this->_metadata[$i]['name'], - 1, 1 ) != '/' && substr( $this->_metadata[$i]['name'], - 1, 1 ) != '\\' ) {
188 188
				$buffer = $this->_getFileData( $i ) ;
189 189
				$path = extPath::clean( $destination . DS . $this->_metadata[$i]['name'] ) ;
190
				if( strpos($path, '..') !== false ) {
191
					return PEAR::raiseError( 'Use of relative paths not permitted' ) ;
192
				}
190 193
				// Make sure the destination folder exists
191 194
				if( ! extMkdirR( dirname( $path ) ) ) {
192 195
					return PEAR::raiseError( 'Unable to create destination' ) ;
......
222 225
				if( zip_entry_open( $zip, $file, "r" ) ) {
223 226
					if( substr( zip_entry_name( $file ), strlen( zip_entry_name( $file ) ) - 1 ) != "/" ) {
224 227
						$buffer = zip_entry_read( $file, zip_entry_filesize( $file ) ) ;
228
						if( strpos($destination . DS . zip_entry_name( $file ), '..') !== false ) {
229
							return PEAR::raiseError( 'Use of relative paths not permitted' ) ;
230
						}
225 231
						if( !extMkdirR(dirname($destination . DS . zip_entry_name( $file ))) || file_put_contents( $destination . DS . zip_entry_name( $file ), $buffer ) === false ) {
226 232
							return PEAR::raiseError( 'Unable to write entry: '.$destination . DS. zip_entry_name( $file ) ) ;
227 233
						}