Re: [PHP-DEV] include bug in 5.3

Fri, 08 Aug 2008 10:29:25 -0700 

Hi Pierre,

Thank you for feedback.
I already noticed the missing FindClose() and several other issues.
I'll send updated patch on weekend, but the sooner I get info if bug is
fixed on FreeBSD the better.

Thanks. Dmitry.

Pierre Joye wrote:
> Hi Dmitry,
> 
> On Fri, Aug 8, 2008 at 5:52 PM, Dmitry Stogov <[EMAIL PROTECTED]> wrote:
>> Hi,
>>
>> The attached patch is going to fix the problem.
>> It implements its own realpath() function, so we won't depend on system
>> anymore. It also improve realpath cache usage by caching intermediate
>> results.
>>
>> I tested it on Linux and Windows only and it seems to work without
>> problems. It breaks one test related to clearstatcache() function, but
>> this break is expected.
>>
>> Could you please test it.
> 
> I can test it asap on various windows, probably on Monday.
> 
> After a quick review, it seems that FindClose is missing in the two
> buffer overflow check.
> 
>> -                               state->cwd_length += ptr_length;
>> +#ifdef TSRM_WIN32
>> +               if ((hFind = FindFirstFile(to, &data)) != 
>> INVALID_HANDLE_VALUE) {
>> +fprintf(stderr, "1 %s (%d)\n", to, len);
>> +                       j = strlen(data.cFileName);
>> +
>> +                       i = len;
>> +                       while (!IS_SLASH(to[i-1])) {
>> +                               i--;
>> +                       }
>> +                       if (i + j >= MAXPATHLEN-1) {
>> +                               /*buffer overflow */
> 
> FindClose(hFind);
> 
>> +                               return NULL;
>> +                       }
>> +                       if (CWDG(realpath_cache_size_limit)) {
>> +                               memcpy(tmp, to, i);
>> +                               memcpy(tmp + i, data.cFileName, j + 1);
>> +                               realpath_cache_add(to, len, tmp, i + j, t 
>> TSRMLS_CC);
>> +                       }
>> +                       ret -= (j + 1);
>> +                       if (ret < buf) {
>> +                               /* buffer overflow */
> 
> FindClose(hFind);
> 
>> +                               return NULL;
>> +                       }
>> +                       *ret = DEFAULT_SLASH;
>> +                       memcpy(ret+1, data.cFileName, j);
>> +                       FindClose(hFind);
>> +                       len = i - 1;
>> +                       to[len] = 0;
>> +fprintf(stderr, "2 %s - %s\n", to, ret);
>> +                       continue;
>> +               } else {
>> +                       if (use_realpath == CWD_REALPATH) {
>> +                               return NULL;
>> +                       } else {
>> +                               goto next_dir;
>>                        }
>> -                       ptr = tsrm_strtok_r(NULL, TOKENIZER_STRING, &tok);
>>                }
> 
> Thanks for your work!

-- 
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to