From 837454ba7e3afc8e7279b36821650bec5c96d69e Mon Sep 17 00:00:00 2001 From: wapplay Date: Sun, 21 Oct 2018 19:25:13 +0300 Subject: [PATCH 1/2] Added additional check for correct decompression --- .../TraditionalPkwareEncryptionEngine.php | 5 ++++- src/PhpZip/Stream/ZipInputStream.php | 18 +++++++++++++++--- src/PhpZip/Stream/ZipInputStreamInterface.php | 2 ++ tests/PhpZip/PhpZipExtResourceTest.php | 2 +- tests/PhpZip/ZipPasswordTest.php | 2 +- 5 files changed, 23 insertions(+), 6 deletions(-) diff --git a/src/PhpZip/Crypto/TraditionalPkwareEncryptionEngine.php b/src/PhpZip/Crypto/TraditionalPkwareEncryptionEngine.php index 45881e0..8a5978b 100644 --- a/src/PhpZip/Crypto/TraditionalPkwareEncryptionEngine.php +++ b/src/PhpZip/Crypto/TraditionalPkwareEncryptionEngine.php @@ -148,7 +148,10 @@ class TraditionalPkwareEncryptionEngine implements ZipEncryptionEngine $checkByte = ($this->entry->getCrc() >> 24) & 0xff; } if ($byte !== $checkByte) { - throw new ZipAuthenticationException("Bad password for entry " . $this->entry->getName()); + throw new ZipAuthenticationException(sprintf( + 'Invalid password for zip entry "%s"', + $this->entry->getName() + )); } $outputContent = ""; diff --git a/src/PhpZip/Stream/ZipInputStream.php b/src/PhpZip/Stream/ZipInputStream.php index b14fd9c..dbbbd3e 100644 --- a/src/PhpZip/Stream/ZipInputStream.php +++ b/src/PhpZip/Stream/ZipInputStream.php @@ -7,7 +7,7 @@ use PhpZip\Crypto\WinZipAesEngine; use PhpZip\Exception\Crc32Exception; use PhpZip\Exception\InvalidArgumentException; use PhpZip\Exception\RuntimeException; -use PhpZip\Exception\ZipCryptoException; +use PhpZip\Exception\ZipAuthenticationException; use PhpZip\Exception\ZipException; use PhpZip\Exception\ZipUnsupportMethodException; use PhpZip\Extra\ExtraFieldsCollection; @@ -470,7 +470,7 @@ class ZipInputStream implements ZipInputStreamInterface case ZipFileInterface::METHOD_STORED: break; case ZipFileInterface::METHOD_DEFLATED: - $content = gzinflate($content); + $content = @gzinflate($content); break; case ZipFileInterface::METHOD_BZIP2: if (!extension_loaded('bz2')) { @@ -478,6 +478,9 @@ class ZipInputStream implements ZipInputStreamInterface } /** @noinspection PhpComposerExtensionStubsInspection */ $content = bzdecompress($content); + if (is_int($content)) { // decompress error + $content = false; + } break; default: throw new ZipUnsupportMethodException($entry->getName() . @@ -485,6 +488,12 @@ class ZipInputStream implements ZipInputStreamInterface } if ($content === false) { + if ($isEncrypted) { + throw new ZipAuthenticationException(sprintf( + 'Invalid password for zip entry "%s"', + $entry->getName() + )); + } throw new ZipException(sprintf( 'Failed to get the contents of the zip entry "%s"', $entry->getName() @@ -497,7 +506,10 @@ class ZipInputStream implements ZipInputStreamInterface $crc = PHP_INT_SIZE === 4 ? sprintf('%u', $entry->getCrc()) : $entry->getCrc(); if ($crc != $localCrc) { if ($isEncrypted) { - throw new ZipCryptoException("Wrong password"); + throw new ZipAuthenticationException(sprintf( + 'Invalid password for zip entry "%s"', + $entry->getName() + )); } throw new Crc32Exception($entry->getName(), $crc, $localCrc); } diff --git a/src/PhpZip/Stream/ZipInputStreamInterface.php b/src/PhpZip/Stream/ZipInputStreamInterface.php index 2093c03..cf8e122 100644 --- a/src/PhpZip/Stream/ZipInputStreamInterface.php +++ b/src/PhpZip/Stream/ZipInputStreamInterface.php @@ -2,6 +2,7 @@ namespace PhpZip\Stream; +use PhpZip\Exception\ZipException; use PhpZip\Model\ZipEntry; use PhpZip\Model\ZipModel; @@ -26,6 +27,7 @@ interface ZipInputStreamInterface /** * @param ZipEntry $entry * @return string + * @throws ZipException */ public function readEntryContent(ZipEntry $entry); diff --git a/tests/PhpZip/PhpZipExtResourceTest.php b/tests/PhpZip/PhpZipExtResourceTest.php index 595b1fb..0c4dba7 100644 --- a/tests/PhpZip/PhpZipExtResourceTest.php +++ b/tests/PhpZip/PhpZipExtResourceTest.php @@ -101,7 +101,7 @@ class PhpZipExtResourceTest extends ZipTestCase * Bug #70752 (Depacking with wrong password leaves 0 length files) * @see https://github.com/php/php-src/blob/master/ext/zip/tests/bug70752.phpt * @expectedException \PhpZip\Exception\ZipAuthenticationException - * @expectedExceptionMessage Bad password for entry bug70752.txt + * @expectedExceptionMessage nvalid password for zip entry "bug70752.txt" * @throws ZipException */ public function testBug70752() diff --git a/tests/PhpZip/ZipPasswordTest.php b/tests/PhpZip/ZipPasswordTest.php index bfed2e9..a887126 100644 --- a/tests/PhpZip/ZipPasswordTest.php +++ b/tests/PhpZip/ZipPasswordTest.php @@ -43,7 +43,7 @@ class ZipPasswordTest extends ZipFileAddDirTest $zipFile[$entryName]; $this->fail("Expected Exception has not been raised."); } catch (ZipAuthenticationException $ae) { - $this->assertContains('Bad password for entry', $ae->getMessage()); + $this->assertContains('Invalid password for zip entry', $ae->getMessage()); } } From c9f597308ef908b81a743aa99b5d1fa0a314dfd5 Mon Sep 17 00:00:00 2001 From: wapplay Date: Sun, 21 Oct 2018 19:30:45 +0300 Subject: [PATCH 2/2] cs fix --- src/PhpZip/Model/Entry/ZipNewFileEntry.php | 10 +++++----- src/PhpZip/ZipFile.php | 8 ++++---- tests/PhpZip/Issue24Test.php | 14 +++++++------- 3 files changed, 16 insertions(+), 16 deletions(-) diff --git a/src/PhpZip/Model/Entry/ZipNewFileEntry.php b/src/PhpZip/Model/Entry/ZipNewFileEntry.php index f8d1cd0..3c1335c 100644 --- a/src/PhpZip/Model/Entry/ZipNewFileEntry.php +++ b/src/PhpZip/Model/Entry/ZipNewFileEntry.php @@ -25,14 +25,14 @@ class ZipNewFileEntry extends ZipAbstractEntry public function __construct($file) { parent::__construct(); - if ($file === null){ + if ($file === null) { throw new InvalidArgumentException("file is null"); } $file = (string)$file; - if (!is_file($file)){ + if (!is_file($file)) { throw new ZipException("File $file does not exist."); } - if (!is_readable($file)){ + if (!is_readable($file)) { throw new ZipException("The '$file' file could not be read. Check permissions."); } $this->file = $file; @@ -45,9 +45,9 @@ class ZipNewFileEntry extends ZipAbstractEntry */ public function getEntryContent() { - if (!is_file($this->file)){ + if (!is_file($this->file)) { throw new RuntimeException("File {$this->file} does not exist."); } return file_get_contents($this->file); } -} \ No newline at end of file +} diff --git a/src/PhpZip/ZipFile.php b/src/PhpZip/ZipFile.php index 68dcc2f..5dce7f5 100644 --- a/src/PhpZip/ZipFile.php +++ b/src/PhpZip/ZipFile.php @@ -562,7 +562,7 @@ class ZipFile implements ZipFileInterface throw new InvalidArgumentException('The input directory is not specified'); } if (!is_dir($inputDir)) { - throw new InvalidArgumentException(sprintf('The "%s" directory does not exist.', $inputDir)); + throw new InvalidArgumentException(sprintf('The "%s" directory does not exist.', $inputDir)); } $inputDir = rtrim($inputDir, '/\\') . DIRECTORY_SEPARATOR; @@ -594,7 +594,7 @@ class ZipFile implements ZipFileInterface throw new InvalidArgumentException('The input directory is not specified'); } if (!is_dir($inputDir)) { - throw new InvalidArgumentException(sprintf('The "%s" directory does not exist.', $inputDir)); + throw new InvalidArgumentException(sprintf('The "%s" directory does not exist.', $inputDir)); } $inputDir = rtrim($inputDir, '/\\') . DIRECTORY_SEPARATOR; @@ -713,7 +713,7 @@ class ZipFile implements ZipFileInterface throw new InvalidArgumentException('The input directory is not specified'); } if (!is_dir($inputDir)) { - throw new InvalidArgumentException(sprintf('The "%s" directory does not exist.', $inputDir)); + throw new InvalidArgumentException(sprintf('The "%s" directory does not exist.', $inputDir)); } $globPattern = (string)$globPattern; if (empty($globPattern)) { @@ -813,7 +813,7 @@ class ZipFile implements ZipFileInterface throw new InvalidArgumentException('The input directory is not specified'); } if (!is_dir($inputDir)) { - throw new InvalidArgumentException(sprintf('The "%s" directory does not exist.', $inputDir)); + throw new InvalidArgumentException(sprintf('The "%s" directory does not exist.', $inputDir)); } $inputDir = rtrim($inputDir, '/\\') . DIRECTORY_SEPARATOR; diff --git a/tests/PhpZip/Issue24Test.php b/tests/PhpZip/Issue24Test.php index ddf040e..e3ed10c 100644 --- a/tests/PhpZip/Issue24Test.php +++ b/tests/PhpZip/Issue24Test.php @@ -53,7 +53,7 @@ class DummyFileSystemStream */ private $fp; - function stream_open($path, $mode, $options, &$opened_path) + public function stream_open($path, $mode, $options, &$opened_path) { // echo "DummyFileSystemStream->stream_open($path, $mode, $options)" . PHP_EOL; @@ -64,7 +64,7 @@ class DummyFileSystemStream return true; } - function stream_read($count) + public function stream_read($count) { // echo "DummyFileSystemStream->stream_read($count)" . PHP_EOL; $position = ftell($this->fp); @@ -77,28 +77,28 @@ class DummyFileSystemStream return $ret; } - function stream_tell() + public function stream_tell() { // echo "DummyFileSystemStream->stream_tell()" . PHP_EOL; return ftell($this->fp); } - function stream_eof() + public function stream_eof() { // echo "DummyFileSystemStream->stream_eof()" . PHP_EOL; $isfeof = feof($this->fp); return $isfeof; } - function stream_seek($offset, $whence) + public function stream_seek($offset, $whence) { // echo "DummyFileSystemStream->stream_seek($offset, $whence)" . PHP_EOL; fseek($this->fp, $offset, $whence); } - function stream_stat() + public function stream_stat() { // echo "DummyFileSystemStream->stream_stat()" . PHP_EOL; return fstat($this->fp); } -} \ No newline at end of file +}