pollita Mon Jan 27 14:51:51 2003 EDT Modified files: /php4/ext/ftp php_ftp.c ftp.h ftp.c Log: Fix potential buffer overflow. Index: php4/ext/ftp/php_ftp.c diff -u php4/ext/ftp/php_ftp.c:1.80 php4/ext/ftp/php_ftp.c:1.81 --- php4/ext/ftp/php_ftp.c:1.80 Sun Jan 26 21:54:12 2003 +++ php4/ext/ftp/php_ftp.c Mon Jan 27 14:51:50 2003 @@ -17,7 +17,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: php_ftp.c,v 1.80 2003/01/27 02:54:12 pollita Exp $ */ +/* $Id: php_ftp.c,v 1.81 2003/01/27 19:51:50 pollita Exp $ */ #ifdef HAVE_CONFIG_H #include "config.h" @@ -396,7 +396,7 @@ ZEND_FETCH_RESOURCE(ftp, ftpbuf_t*, &z_ftp, -1, le_ftpbuf_name, le_ftpbuf); - if (!ftp_chmod(ftp, mode, filename)) { + if (!ftp_chmod(ftp, mode, filename, filename_len)) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "%s", ftp->inbuf); RETURN_FALSE; } Index: php4/ext/ftp/ftp.h diff -u php4/ext/ftp/ftp.h:1.34 php4/ext/ftp/ftp.h:1.35 --- php4/ext/ftp/ftp.h:1.34 Sun Jan 26 21:54:12 2003 +++ php4/ext/ftp/ftp.h Mon Jan 27 14:51:50 2003 @@ -17,7 +17,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: ftp.h,v 1.34 2003/01/27 02:54:12 pollita Exp $ */ +/* $Id: ftp.h,v 1.35 2003/01/27 19:51:50 pollita Exp $ */ #ifndef FTP_H #define FTP_H @@ -136,7 +136,7 @@ int ftp_rmdir(ftpbuf_t *ftp, const char *dir); /* Set permissions on a file */ -int ftp_chmod(ftpbuf_t *ftp, const int mode, const char *filename); +int ftp_chmod(ftpbuf_t *ftp, const int mode, const char *filename, const +int filename_len); /* returns a NULL-terminated array of filenames in the given path * or NULL on error. the return array must be freed (but don't Index: php4/ext/ftp/ftp.c diff -u php4/ext/ftp/ftp.c:1.74 php4/ext/ftp/ftp.c:1.75 --- php4/ext/ftp/ftp.c:1.74 Sun Jan 26 21:54:12 2003 +++ php4/ext/ftp/ftp.c Mon Jan 27 14:51:50 2003 @@ -17,7 +17,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: ftp.c,v 1.74 2003/01/27 02:54:12 pollita Exp $ */ +/* $Id: ftp.c,v 1.75 2003/01/27 19:51:50 pollita Exp $ */ #include "php.h" @@ -538,23 +538,31 @@ /* {{{ ftp_chmod */ int -ftp_chmod(ftpbuf_t *ftp, const int mode, const char *filename) +ftp_chmod(ftpbuf_t *ftp, const int mode, const char *filename, const int filename_len) { - char buffer[1024]; + char *buffer; - if (ftp == NULL) { + if (ftp == NULL || filename_len <= 0) { + return 0; + } + + if (!(buffer = emalloc(32 + filename_len + 1))) { return 0; } sprintf(buffer, "CHMOD %o %s", mode, filename); if (!ftp_putcmd(ftp, "SITE", buffer)) { + efree(buffer); return 0; } + efree(buffer); + if (!ftp_getresp(ftp) || ftp->resp != 200) { return 0; } + return 1; } /* }}} */
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php