[wp-trac] [WordPress Trac] #26626: WP_Upgrader::unpack_package() can overflow path name length limits (patch attached)

WordPress Trac noreply at wordpress.org
Tue Feb 25 00:25:16 UTC 2014 

#26626: WP_Upgrader::unpack_package() can overflow path name length limits (patch
attached)
------------------------------------+------------------------------
 Reporter:  DavidAnderson           |       Owner:
     Type:  defect (bug)            |      Status:  new
 Priority:  normal                  |   Milestone:  Awaiting Review
Component:  Upgrade/Install         |     Version:  trunk
 Severity:  normal                  |  Resolution:
 Keywords:  has-patch dev-feedback  |     Focuses:
------------------------------------+------------------------------

Comment (by DavidAnderson):

 Hi Adam,

 I chose a substring of md5() out of an abundance of caution - it has only
 alphanumeric output. I assume it's rather unlikely that $package could
 contain weird characters that are going to cause problems on primitive
 filesystems, but, rather than research the possibilities of that, I
 thought it more efficient to just use md5() to side-step them. (The reason
 I posted the original bug was because of the unanticipated surprise that
 256-character pathname limits still exist in the wild - so, it seemed most
 efficient to prevent any future surprises in this area).

 Here's how to see the original issue in action. Run this from within a
 default WP install (or similar):

 {{{
 $ echo wp-includes/version.php | zip -@ /tmp/testing1234567890abcdefg.zip
 adding: wp-includes/version.php (deflated 59%)
 $ php -r 'require("wp-load.php"); require("wp-admin/includes/file.php");
 require("wp-admin/includes/class-wp-filesystem-base.php"); require("wp-
 admin/includes/class-wp-filesystem-direct.php"); $wp_filesystem = new
 WP_Filesystem_Direct(true); require("wp-admin/includes/misc.php"); require
 ("wp-admin/includes/class-wp-upgrader.php"); $u = new WP_Upgrader(new
 WP_Upgrader_Skin);
 $u->unpack_package("/tmp/testing1234567890abcdefg.zip");'
 $ ls -l wp-content/upgrade/
 }}}

 Results:

 {{{
 total 4
 drwxrwxr-x. 3 david david 4096 Feb 25 00:22 testing1234567890abcdefg
 }}}

 i.e. as expected, the directory created is based on basename($zipfile),
 and thus uses as many characters up as the zipfile name has.

 David

--
Ticket URL: <https://core.trac.wordpress.org/ticket/26626#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list