Hi Pierre, Thank you for feedback. I already noticed the missing FindClose() and several other issues. I'll send updated patch on weekend, but the sooner I get info if bug is fixed on FreeBSD the better.
Thanks. Dmitry. Pierre Joye wrote: > Hi Dmitry, > > On Fri, Aug 8, 2008 at 5:52 PM, Dmitry Stogov <[EMAIL PROTECTED]> wrote: >> Hi, >> >> The attached patch is going to fix the problem. >> It implements its own realpath() function, so we won't depend on system >> anymore. It also improve realpath cache usage by caching intermediate >> results. >> >> I tested it on Linux and Windows only and it seems to work without >> problems. It breaks one test related to clearstatcache() function, but >> this break is expected. >> >> Could you please test it. > > I can test it asap on various windows, probably on Monday. > > After a quick review, it seems that FindClose is missing in the two > buffer overflow check. > >> - state->cwd_length += ptr_length; >> +#ifdef TSRM_WIN32 >> + if ((hFind = FindFirstFile(to, &data)) != >> INVALID_HANDLE_VALUE) { >> +fprintf(stderr, "1 %s (%d)\n", to, len); >> + j = strlen(data.cFileName); >> + >> + i = len; >> + while (!IS_SLASH(to[i-1])) { >> + i--; >> + } >> + if (i + j >= MAXPATHLEN-1) { >> + /*buffer overflow */ > > FindClose(hFind); > >> + return NULL; >> + } >> + if (CWDG(realpath_cache_size_limit)) { >> + memcpy(tmp, to, i); >> + memcpy(tmp + i, data.cFileName, j + 1); >> + realpath_cache_add(to, len, tmp, i + j, t >> TSRMLS_CC); >> + } >> + ret -= (j + 1); >> + if (ret < buf) { >> + /* buffer overflow */ > > FindClose(hFind); > >> + return NULL; >> + } >> + *ret = DEFAULT_SLASH; >> + memcpy(ret+1, data.cFileName, j); >> + FindClose(hFind); >> + len = i - 1; >> + to[len] = 0; >> +fprintf(stderr, "2 %s - %s\n", to, ret); >> + continue; >> + } else { >> + if (use_realpath == CWD_REALPATH) { >> + return NULL; >> + } else { >> + goto next_dir; >> } >> - ptr = tsrm_strtok_r(NULL, TOKENIZER_STRING, &tok); >> } > > Thanks for your work! -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php