i am implementing a service where i have to extract a zip file which was uploaded by a user.
in order to avoid disk overflow, i have to limit BOTH zip file size AND unzipped files size.
is there anyway to do that (check unzipped files size) BEFORE unzipping? (for security reasons).
i am using unix, called from a PHP script.
Since you're working in PHP, use its ZipArchive library.
$zip = zip_open($file);
$extracted_size = 0;
while (($zip_entry = zip_read($zip))) {
$extracted_size += zip_entry_filesize($zip_entry);
if ($extracted_size > $max_extracted_size) {
// abort
}
}
// do the actual unzipping
You might want to put a limit on the number of files as well, or add a constant amount per file, to take into account the size of the metadata for each file. While you can't easily get a precise figure for that, adding a few hundred bytes to a couple of kilobytes per file is a reasonable estimate.