Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix GH-13037: PharData incorrectly extracts zip file #13045

Closed
wants to merge 1 commit into from
Closed

Fix GH-13037: PharData incorrectly extracts zip file #13045

wants to merge 1 commit into from

Conversation

nielsdos
Copy link
Member

The code currently assumes that the extra field length of the central directory entry and the local entry are the same, but that's not the case. For example, the "Extended Timestamp extra field" differs in size for local vs central directory entries. This causes the file contents offset to be incorrect because it is based on the central directory length instead of the local entry length. Fix it by reading the local entry and getting the size from there as well as checking consistency for the file name length.

@nielsdos
Fix phpGH-13037: PharData incorrectly extracts zip file
01ee194 
The code currently assumes that the extra field length of the central
directory entry and the local entry are the same, but that's not the
case. For example, the "Extended Timestamp extra field" differs in size
for local vs central directory entries. This causes the file contents
offset to be incorrect because it is based on the central directory
length instead of the local entry length. Fix it by reading the local
entry and getting the size from there as well as checking consistency
for the file name length.
@nielsdos nielsdos linked an issue Dec 28, 2023 that may be closed by this pull request
PharData incorrectly extracts zip file #13037
Closed
@Girgias
Copy link
Member

Girgias commented Dec 29, 2023

Had a very quick glance, and this seems ok. But pinging @remicollet as he maintains ext/zip and should know more than I do about ZIP :)

devnexen
devnexen approved these changes Jan 24, 2024
View reviewed changes
Copy link
Member

@devnexen devnexen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking good so far, too bad you could not do at least the crc32 checksum :)

@nielsdos
Copy link
Member Author

Looking good so far, too bad you could not do at least the crc32 checksum :)

Yeah... Although it doesn't look like we actually compute the crc32 and compare it against the one in the header so the consistency check doesn't add too much anyway...

@nielsdos nielsdos closed this in ba80372 Jan 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@devnexen devnexen devnexen approved these changes

@remicollet remicollet Awaiting requested review from remicollet

Assignees
No one assigned
Labels
Extension: phar
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

PharData incorrectly extracts zip file
3 participants
@nielsdos @Girgias @devnexen