- fix Fixed NULL pointer dereference in ZipArchive::getArchiveComment, (CVE-2010-3709), report&patch from Maksymilian Arciemowicz

pierrejoye · pierrejoye · commit defd00ab01e6 · 2010-10-19T09:56:11.000Z
diff --git a/ext/zip/php_zip.c b/ext/zip/php_zip.c
@@ -1974,6 +1974,9 @@ static ZIPARCHIVE_METHOD(getArchiveComment)
 	}
 
 	comment = zip_get_archive_comment(intern, &comment_len, (int)flags);
+	if(comment==NULL) {
+		RETURN_FALSE;
+	}
 	RETURN_STRINGL((char *)comment, (long)comment_len, 1);
 }
 /* }}} */

Original file line number	Diff line number	Diff line change
`@@ -1974,6 +1974,9 @@ static ZIPARCHIVE_METHOD(getArchiveComment)`
`1974`	`1974`	`}`
`1975`	`1975`
`1976`	`1976`	`comment = zip_get_archive_comment(intern, &comment_len, (int)flags);`
	`1977`	`+ if(comment==NULL) {`
	`1978`	`+ RETURN_FALSE;`
	`1979`	`+ }`
`1977`	`1980`	`RETURN_STRINGL((char *)comment, (long)comment_len, 1);`
`1978`	`1981`	`}`
`1979`	`1982`	`/* }}} */`