#40600 [Opn]: [PATCH]:getgrgid_r, getgrnam_r etc functions regression(crash)

Thu, 22 Feb 2007 15:35:04 -0800 

 ID:               40600
 User updated by:  stas at FreeBSD dot org
 Reported By:      stas at FreeBSD dot org
 Status:           Open
 Bug Type:         POSIX related
 Operating System: FreeBSD
 PHP Version:      5.2.1
 New Comment:

The patch itself:
----------------------------------------------------------------
--- posix.c.orig        Fri Jan 12 04:46:11 2007
+++ posix.c     Thu Feb 22 14:56:56 2007
@@ -837,9 +837,8 @@

 #if defined(ZTS) && defined(HAVE_GETGRNAM_R) &&
defined(_SC_GETGR_R_SIZE_MAX)
        buflen = sysconf(_SC_GETGR_R_SIZE_MAX);
-       if (buflen < 1) {
-               RETURN_FALSE;
-       }
+       if (buflen < 0)
+               buflen = 1024;
        buf = emalloc(buflen);
        g = &gbuf;

@@ -887,6 +886,8 @@
 #ifdef HAVE_GETGRGID_R

        grbuflen = sysconf(_SC_GETGR_R_SIZE_MAX);
+       if (grbuflen < 0)
+               grbuflen = 1024;
        grbuf = emalloc(grbuflen);

        ret = getgrgid_r(gid, &_g, grbuf, grbuflen, &retgrptr);
@@ -950,9 +951,9 @@

 #if defined(ZTS) && defined(_SC_GETPW_R_SIZE_MAX) &&
defined(HAVE_GETPWNAM_R)
        buflen = sysconf(_SC_GETPW_R_SIZE_MAX);
-       if (buflen < 1) {
-               RETURN_FALSE;
-       }
+       if (buflen < 0)
+               buflen = 1024;
+
        buf = emalloc(buflen);
        pw = &pwbuf;

@@ -999,9 +1000,8 @@
        }
 #if defined(ZTS) && defined(_SC_GETPW_R_SIZE_MAX) &&
defined(HAVE_GETPWUID_R)
        pwbuflen = sysconf(_SC_GETPW_R_SIZE_MAX);
-       if (pwbuflen < 1) {
-               RETURN_FALSE;
-       }
+       if (pwbuflen < 0)
+               pwbuflen = 1024;
        pwbuf = emalloc(pwbuflen);

        ret = getpwuid_r(uid, &_pw, pwbuf, pwbuflen, &retpwptr);
--------------------------------------------------------------


Previous Comments:
------------------------------------------------------------------------

[2007-02-22 23:32:39] stas at FreeBSD dot org

Description:
------------
This module has problems with functions like getgrgid_r etc. It tries
to find out limits using sysconf, but FreeBSD doesn't have, e.g.
_SC_GETPW_R_SIZE_MAX. Since it does't try to check the return value it
effectively leads to attempt to allocate (size_t)-1 bytes, which
obviously fails, since trying to allocate (size_t)-1 bytes exceeds any
limits.

Reproduce code:
---------------
$groupinfo = posix_getgrgid(0);
print_r($groupinfo);

Expected result:
----------------
something meaningful



------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=40600&edit=1

Reply via email to