[wp-trac] [WordPress Trac] #25061: Plugin/Theme/Core Updates Fail When Curl Used and String Function Overloading Configured

WordPress Trac noreply at wordpress.org
Sat Aug 17 19:07:49 UTC 2013 

#25061: Plugin/Theme/Core Updates Fail When Curl Used and String Function
Overloading Configured
--------------------------+--------------------
 Reporter:  DrProtocols   |       Owner:
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  3.6.1
Component:  HTTP          |     Version:  3.6
 Severity:  major         |  Resolution:
 Keywords:                |
--------------------------+--------------------

Old description:

> When downloading an update in the form of a zip file the update
> consistently fails with a failure to find the end of central dir record
> when unpack is attempted. For example:
>
> Downloading update from
> http://downloads.wordpress.org/plugin/addthis.3.5.1.zip…
>
> Unpacking the update…
>
> The package could not be installed. PCLZIP_ERR_BAD_FORMAT (-10) : Unable
> to find End of Central Dir Record signature
>
> The download is using curl.
>
> To reproduce add the following to PHP configuration:
>
> mbstring.func_overload = 2;
>
> which enables str*() function overloading.
>
> The problem is caused by the new stream_body() function in wp-includes
> /class-http.php which uses the strlen() function to simply return the
> length of data written but when overloaded with the multi-byte function
> the count is almost certainly incorrect when the data is binary data such
> as part of a zip file download. Because for a chunk the function returns
> a count different from that expected by curl it terminates the transfer
> as "completed" at that point which appears as a successful outcome. But
> of course the downloaded file is incomplete so when pclzip tries to unzip
> it the above failure results.
>
> Attached are two files:
> stream_body_problem.txt shows a _working_ case where the "written" value
> is the value returned by fwrite() against the "string length" value which
> is the value according to strlen()
> stream_body_hack.txt shows a hacked function that handles the case where
> function overloading is enabled (not saying this is the way to do it but
> just to illustrate)

New description:

 When downloading an update in the form of a zip file the update
 consistently fails with a failure to find the end of central dir record
 when unpack is attempted. For example:
 {{{
 Downloading update from
 http://downloads.wordpress.org/plugin/addthis.3.5.1.zip…

 Unpacking the update…

 The package could not be installed. PCLZIP_ERR_BAD_FORMAT (-10) : Unable
 to find End of Central Dir Record signature
 }}}
 The download is using curl.

 To reproduce add the following to PHP configuration:
 {{{
 mbstring.func_overload = 2;
 }}}
 which enables str*() function overloading.

 The problem is caused by the new stream_body() function in wp-includes
 /class-http.php which uses the strlen() function to simply return the
 length of data written but when overloaded with the multi-byte function
 the count is almost certainly incorrect when the data is binary data such
 as part of a zip file download. Because for a chunk the function returns a
 count different from that expected by curl it terminates the transfer as
 "completed" at that point which appears as a successful outcome. But of
 course the downloaded file is incomplete so when pclzip tries to unzip it
 the above failure results.

 Attached are two files:
 stream_body_problem.txt shows a _working_ case where the "written" value
 is the value returned by fwrite() against the "string length" value which
 is the value according to strlen()
 stream_body_hack.txt shows a hacked function that handles the case where
 function overloading is enabled (not saying this is the way to do it but
 just to illustrate)

--

Comment (by SergeyBiryukov):

 Turned [attachment:stream_body_hack.txt] into a patch:
 [attachment:25061.patch].

 We have a similar check in `_unzip_file_pclzip()`: [source:tags/3.6/wp-
 admin/includes/file.php#L669] (introduced in [17592]).

 Related: #18007 (explores other options to deal with
 `mbstring.func_overload`).

--
Ticket URL: <http://core.trac.wordpress.org/ticket/25061#comment:2>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list