tony2001 Wed Jun 21 12:42:50 2006 UTC
Modified files:
/php-src/ext/bz2 bz2.c
Log:
fix invalid read with bzopen("","") and prevent filename from being empty
(which causes endless loop somewhere is libbz2)
tests will follow
http://cvs.php.net/viewvc.cgi/php-src/ext/bz2/bz2.c?r1=1.20&r2=1.21&diff_format=u
Index: php-src/ext/bz2/bz2.c
diff -u php-src/ext/bz2/bz2.c:1.20 php-src/ext/bz2/bz2.c:1.21
--- php-src/ext/bz2/bz2.c:1.20 Sat Jun 10 22:59:39 2006
+++ php-src/ext/bz2/bz2.c Wed Jun 21 12:42:50 2006
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: bz2.c,v 1.20 2006/06/10 22:59:39 bjori Exp $ */
+/* $Id: bz2.c,v 1.21 2006/06/21 12:42:50 tony2001 Exp $ */
#ifdef HAVE_CONFIG_H
#include "config.h"
@@ -353,7 +353,7 @@
}
convert_to_string_ex(mode);
- if (Z_STRVAL_PP(mode)[0] != 'r' && Z_STRVAL_PP(mode)[0] != 'w' &&
Z_STRVAL_PP(mode)[1] != '\0') {
+ if (Z_STRLEN_PP(mode) != 1 || (Z_STRVAL_PP(mode)[0] != 'r' &&
Z_STRVAL_PP(mode)[0] != 'w')) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "'%s' is not a
valid mode for bzopen(). Only 'w' and 'r' are supported.", Z_STRVAL_PP(mode));
RETURN_FALSE;
}
@@ -361,6 +361,12 @@
/* If it's not a resource its a string containing the filename to open
*/
if (Z_TYPE_PP(file) != IS_RESOURCE) {
convert_to_string_ex(file);
+
+ if (Z_STRLEN_PP(file) == 0) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "filename
cannot be empty");
+ RETURN_FALSE;
+ }
+
stream = php_stream_bz2open(NULL,
Z_STRVAL_PP(file),
Z_STRVAL_PP(mode),
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
