mirror/php-zip
1
0
Fork 0
mirror of https://github.com/Ne-Lexa/php-zip.git synced 2025-08-04 06:27:23 +02:00
Code Issues Releases Wiki Activity

Added additional check for correct decompression

Browse Source
This commit is contained in:
wapplay
2018-10-21 19:25:13 +03:00
parent 04a92e7904
commit 837454ba7e
5 changed files with 23 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/PhpZip/Crypto/TraditionalPkwareEncryptionEngine.php
View File

@@ -148,7 +148,10 @@ class TraditionalPkwareEncryptionEngine implements ZipEncryptionEngine
$checkByte = ($this->entry->getCrc() >> 24) & 0xff; $checkByte = ($this->entry->getCrc() >> 24) & 0xff;
} }
if ($byte !== $checkByte) { if ($byte !== $checkByte) {
throw new ZipAuthenticationException("Bad password for entry " . $this->entry->getName()); throw new ZipAuthenticationException(sprintf(
'Invalid password for zip entry "%s"',
$this->entry->getName()
));
} }
$outputContent = ""; $outputContent = "";

18
src/PhpZip/Stream/ZipInputStream.php
View File

@@ -7,7 +7,7 @@ use PhpZip\Crypto\WinZipAesEngine;
use PhpZip\Exception\Crc32Exception; use PhpZip\Exception\Crc32Exception;
use PhpZip\Exception\InvalidArgumentException; use PhpZip\Exception\InvalidArgumentException;
use PhpZip\Exception\RuntimeException; use PhpZip\Exception\RuntimeException;
use PhpZip\Exception\ZipCryptoException; use PhpZip\Exception\ZipAuthenticationException;
use PhpZip\Exception\ZipException; use PhpZip\Exception\ZipException;
use PhpZip\Exception\ZipUnsupportMethodException; use PhpZip\Exception\ZipUnsupportMethodException;
use PhpZip\Extra\ExtraFieldsCollection; use PhpZip\Extra\ExtraFieldsCollection;
@@ -470,7 +470,7 @@ class ZipInputStream implements ZipInputStreamInterface
case ZipFileInterface::METHOD_STORED: case ZipFileInterface::METHOD_STORED:
break; break;
case ZipFileInterface::METHOD_DEFLATED: case ZipFileInterface::METHOD_DEFLATED:
$content = gzinflate($content); $content = @gzinflate($content);
break; break;
case ZipFileInterface::METHOD_BZIP2: case ZipFileInterface::METHOD_BZIP2:
if (!extension_loaded('bz2')) { if (!extension_loaded('bz2')) {
@@ -478,6 +478,9 @@ class ZipInputStream implements ZipInputStreamInterface
} }
/** @noinspection PhpComposerExtensionStubsInspection */ /** @noinspection PhpComposerExtensionStubsInspection */
$content = bzdecompress($content); $content = bzdecompress($content);
if (is_int($content)) { // decompress error
$content = false;
}
break; break;
default: default:
throw new ZipUnsupportMethodException($entry->getName() . throw new ZipUnsupportMethodException($entry->getName() .
@@ -485,6 +488,12 @@ class ZipInputStream implements ZipInputStreamInterface
} }
if ($content === false) { if ($content === false) {
if ($isEncrypted) {
throw new ZipAuthenticationException(sprintf(
'Invalid password for zip entry "%s"',
$entry->getName()
));
}
throw new ZipException(sprintf( throw new ZipException(sprintf(
'Failed to get the contents of the zip entry "%s"', 'Failed to get the contents of the zip entry "%s"',
$entry->getName() $entry->getName()
@@ -497,7 +506,10 @@ class ZipInputStream implements ZipInputStreamInterface
$crc = PHP_INT_SIZE === 4 ? sprintf('%u', $entry->getCrc()) : $entry->getCrc(); $crc = PHP_INT_SIZE === 4 ? sprintf('%u', $entry->getCrc()) : $entry->getCrc();
if ($crc != $localCrc) { if ($crc != $localCrc) {
if ($isEncrypted) { if ($isEncrypted) {
throw new ZipCryptoException("Wrong password"); throw new ZipAuthenticationException(sprintf(
'Invalid password for zip entry "%s"',
$entry->getName()
));
} }
throw new Crc32Exception($entry->getName(), $crc, $localCrc); throw new Crc32Exception($entry->getName(), $crc, $localCrc);
} }

2
src/PhpZip/Stream/ZipInputStreamInterface.php
View File

@@ -2,6 +2,7 @@
namespace PhpZip\Stream; namespace PhpZip\Stream;
use PhpZip\Exception\ZipException;
use PhpZip\Model\ZipEntry; use PhpZip\Model\ZipEntry;
use PhpZip\Model\ZipModel; use PhpZip\Model\ZipModel;
@@ -26,6 +27,7 @@ interface ZipInputStreamInterface
/** /**
* @param ZipEntry $entry * @param ZipEntry $entry
* @return string * @return string
* @throws ZipException
*/ */
public function readEntryContent(ZipEntry $entry); public function readEntryContent(ZipEntry $entry);

2
tests/PhpZip/PhpZipExtResourceTest.php
View File

@@ -101,7 +101,7 @@ class PhpZipExtResourceTest extends ZipTestCase
* Bug #70752 (Depacking with wrong password leaves 0 length files) * Bug #70752 (Depacking with wrong password leaves 0 length files)
* @see https://github.com/php/php-src/blob/master/ext/zip/tests/bug70752.phpt * @see https://github.com/php/php-src/blob/master/ext/zip/tests/bug70752.phpt
* @expectedException \PhpZip\Exception\ZipAuthenticationException * @expectedException \PhpZip\Exception\ZipAuthenticationException
* @expectedExceptionMessage Bad password for entry bug70752.txt * @expectedExceptionMessage nvalid password for zip entry "bug70752.txt"
* @throws ZipException * @throws ZipException
*/ */
public function testBug70752() public function testBug70752()

2
tests/PhpZip/ZipPasswordTest.php
View File

@@ -43,7 +43,7 @@ class ZipPasswordTest extends ZipFileAddDirTest
$zipFile[$entryName]; $zipFile[$entryName];
$this->fail("Expected Exception has not been raised."); $this->fail("Expected Exception has not been raised.");
} catch (ZipAuthenticationException $ae) { } catch (ZipAuthenticationException $ae) {
$this->assertContains('Bad password for entry', $ae->getMessage()); $this->assertContains('Invalid password for zip entry', $ae->getMessage());
} }
} }