From 3c46289a55b0a08c2065acb44170f94be2e4c922 Mon Sep 17 00:00:00 2001
From: Lance McNearney <lance@mcnearney.net>
Date: Tue, 5 Jan 2021 11:31:25 -0800
Subject: [PATCH 1/2] Backport of fix for CVE-2021-3007 in
 Zend_Http_Response_Stream

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3007
- https://github.com/laminas/laminas-http/commit/eab608e10896270416aae7ffce36cc48072aa796

Only the actual fix was brought over as I didn't see an applicable unit test to extend for ZF1.
---
 packages/zend-http/library/Zend/Http/Response/Stream.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/zend-http/library/Zend/Http/Response/Stream.php b/packages/zend-http/library/Zend/Http/Response/Stream.php
index 0a154c4ee..795ae1467 100644
--- a/packages/zend-http/library/Zend/Http/Response/Stream.php
+++ b/packages/zend-http/library/Zend/Http/Response/Stream.php
@@ -227,7 +227,7 @@ public function __destruct()
             fclose($this->stream);
             $this->stream = null;
         }
-        if($this->_cleanup) {
+        if($this->_cleanup && is_string($this->stream_name) && file_exists($this->stream_name)) {
             @unlink($this->stream_name);
         }
     }

From 5ed35fb87c98563c900bcd9ead71841a02fc9fc8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Elan=20Ruusam=C3=A4e?= <glen@pld-linux.org>
Date: Wed, 6 Jan 2021 12:23:59 +0200
Subject: [PATCH 2/2] Backport test for CVE-2021-3007

---
 tests/Zend/Http/ResponseTest.php | 31 +++++++++++++++++++++++++++++++
 tests/Zend/Http/StreamObject.php | 18 ++++++++++++++++++
 2 files changed, 49 insertions(+)
 create mode 100644 tests/Zend/Http/StreamObject.php

diff --git a/tests/Zend/Http/ResponseTest.php b/tests/Zend/Http/ResponseTest.php
index 85918a2a8..19f34db12 100644
--- a/tests/Zend/Http/ResponseTest.php
+++ b/tests/Zend/Http/ResponseTest.php
@@ -20,11 +20,15 @@
  * @version    $Id$
  */
 
+use Zend\Http\StreamObject;
+
 /**
  * Zend_Http_Response
  */
 // require_once 'Zend/Http/Response.php';
 
+require_once __DIR__ . '/StreamObject.php';
+
 /**
  * Zend_Http_Response unit tests
  *
@@ -38,9 +42,19 @@
  */
 class Zend_Http_ResponseTest extends PHPUnit_Framework_TestCase
 {
+    /** @var null|string */
+    private $tempFile;
+
     public function setUp()
     { }
 
+    public function tearDown()
+    {
+        if ($this->tempFile !== null && file_exists($this->tempFile)) {
+            unlink($this->tempFile);
+        }
+    }
+
     public function testGzipResponse ()
     {
         $response_text = file_get_contents(dirname(__FILE__) . '/_files/response_gzip');
@@ -173,6 +187,23 @@ public function test300isRedirect()
         $this->assertFalse($response->isSuccessful(), 'Response is a redirection, but isSuccessful() returned true');
     }
 
+    /**
+     * @see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3007
+     */
+    public function testDestructionDoesNothingIfStreamIsNotAResourceAndStreamNameIsNotAString()
+    {
+        $this->tempFile = tempnam(sys_get_temp_dir(), 'lhrs');
+        $streamObject = new StreamObject($this->tempFile);
+
+        $response = new Zend_Http_Response_Stream(200, array());
+        $response->setCleanup(true);
+        $response->setStreamName($streamObject);
+
+        unset($response);
+
+        $this->assertFileExists($this->tempFile);
+    }
+
     public function test200Ok()
     {
         $response = Zend_Http_Response::fromString($this->readResponse('response_deflate'));
diff --git a/tests/Zend/Http/StreamObject.php b/tests/Zend/Http/StreamObject.php
new file mode 100644
index 000000000..1d7a42430
--- /dev/null
+++ b/tests/Zend/Http/StreamObject.php
@@ -0,0 +1,18 @@
+<?php
+
+namespace Zend\Http;
+
+class StreamObject
+{
+    private $tempFile;
+
+    public function __construct($tempFile)
+    {
+        $this->tempFile = $tempFile;
+    }
+
+    public function __toString()
+    {
+        return $this->tempFile;
+    }
+}