standard string.c

Ilia Alshanetsky Thu, 10 Aug 2006 12:22:42 -0700

iliaa           Thu Aug 10 19:02:32 2006 UTC

  Modified files:              
    /php-src/ext/standard       string.c 
    /php-src/ext/curl   interface.c streams.c 
  Log:
  MFB: Various security fixes
  
  
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.574&r2=1.575&diff_format=u
Index: php-src/ext/standard/string.c
diff -u php-src/ext/standard/string.c:1.574 php-src/ext/standard/string.c:1.575
--- php-src/ext/standard/string.c:1.574 Thu Aug 10 09:31:24 2006
+++ php-src/ext/standard/string.c       Thu Aug 10 19:02:32 2006
@@ -18,7 +18,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: string.c,v 1.574 2006/08/10 09:31:24 tony2001 Exp $ */
+/* $Id: string.c,v 1.575 2006/08/10 19:02:32 iliaa Exp $ */
 
 /* Synced with php 3.0 revision 1.193 1999-06-16 [ssb] */
 
@@ -834,7 +834,8 @@
 {
        const char *text, *breakchar = "\n";
        char *newtext;
-       int textlen, breakcharlen = 1, newtextlen, alloced, chk;
+       int textlen, breakcharlen = 1, newtextlen, chk;
+       size_t alloced;
        long current = 0, laststart = 0, lastspace = 0;
        long linelength = 75;
        zend_bool docut = 0;
@@ -6246,8 +6247,8 @@
        zend_uchar      input_str_type;
        long            mult;                   /* Multiplier */
        void            *result;                /* Resulting string */
-       int                     result_len;             /* Length of the 
resulting string, in bytes */
-       int                     result_chars;   /* Chars/UChars in resulting 
string */
+       size_t                  result_len;             /* Length of the 
resulting string, in bytes */
+       size_t                  result_chars;   /* Chars/UChars in resulting 
string */
 
        if ( zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "tl", &input_str,
                                                           &input_str_chars, 
&input_str_type, &mult) == FAILURE ) {
@@ -6273,23 +6274,12 @@
        if ( input_str_type == IS_UNICODE ) {
                input_str_len = UBYTES(input_str_chars);
                result_len = UBYTES(result_chars);
-               if ( result_chars < 1 || result_chars > (2147483647/UBYTES(1)) 
) {
-                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "You may 
not create strings longer than %ld characters", 2147483647/UBYTES(1));
-                       RETURN_FALSE;
-               }
+               result = (char *)safe_emalloc(UBYTES(input_str_chars), 
UBYTES(mult), UBYTES(1));
        } else {
                input_str_len = input_str_chars;
                result_len = result_chars;
-               if ( result_chars < 1 || result_chars > 2147483647 ) {
-                       if ( input_str_type == IS_STRING ) {
-                               php_error_docref(NULL TSRMLS_CC, E_WARNING, 
"You may not create strings longer than 2147483647 characters");
-                       } else {
-                               php_error_docref(NULL TSRMLS_CC, E_WARNING, 
"You may not create strings longer than 2147483647 bytes");
-                       }
-                       RETURN_FALSE;
-               }
+               result = (char *)safe_emalloc(input_str_chars, mult, 1);
        }
-       result = emalloc(result_len);
 
        /* Heavy optimization for situations where input string is 1 byte long 
*/
        if ( input_str_len == 1 ) {
http://cvs.php.net/viewvc.cgi/php-src/ext/curl/interface.c?r1=1.86&r2=1.87&diff_format=u
Index: php-src/ext/curl/interface.c
diff -u php-src/ext/curl/interface.c:1.86 php-src/ext/curl/interface.c:1.87
--- php-src/ext/curl/interface.c:1.86   Tue Jul  4 20:13:40 2006
+++ php-src/ext/curl/interface.c        Thu Aug 10 19:02:32 2006
@@ -16,7 +16,7 @@
    +----------------------------------------------------------------------+
 */
 
-/* $Id: interface.c,v 1.86 2006/07/04 20:13:40 iliaa Exp $ */
+/* $Id: interface.c,v 1.87 2006/08/10 19:02:32 iliaa Exp $ */
 
 #define ZEND_INCLUDE_FULL_WINDOWS_HEADERS
 
@@ -1166,7 +1166,6 @@
                case CURLOPT_FTPLISTONLY:
                case CURLOPT_FTPAPPEND:
                case CURLOPT_NETRC:
-               case CURLOPT_FOLLOWLOCATION:
                case CURLOPT_PUT:
 #if CURLOPT_MUTE != 0
                 case CURLOPT_MUTE:
@@ -1217,6 +1216,16 @@
                        convert_to_long_ex(zvalue);
                        error = curl_easy_setopt(ch->cp, option, 
Z_LVAL_PP(zvalue));
                        break;
+               case CURLOPT_FOLLOWLOCATION:
+                       convert_to_long_ex(zvalue);
+                       if (PG(open_basedir) && *PG(open_basedir)) {
+                               if (Z_LVAL_PP(zvalue) != 0) {
+                                       php_error_docref(NULL TSRMLS_CC, 
E_WARNING, "CURLOPT_FOLLOWLOCATION cannot be activated when open_basedir is 
set");
+                                       RETURN_FALSE;
+                               }
+                       }
+                       error = curl_easy_setopt(ch->cp, option, 
Z_LVAL_PP(zvalue));
+                       break;
                case CURLOPT_URL:
                case CURLOPT_PROXY:
                case CURLOPT_USERPWD:
http://cvs.php.net/viewvc.cgi/php-src/ext/curl/streams.c?r1=1.19&r2=1.20&diff_format=u
Index: php-src/ext/curl/streams.c
diff -u php-src/ext/curl/streams.c:1.19 php-src/ext/curl/streams.c:1.20
--- php-src/ext/curl/streams.c:1.19     Tue Aug  1 13:26:56 2006
+++ php-src/ext/curl/streams.c  Thu Aug 10 19:02:32 2006
@@ -16,7 +16,7 @@
    +----------------------------------------------------------------------+
 */
 
-/* $Id: streams.c,v 1.19 2006/08/01 13:26:56 tony2001 Exp $ */
+/* $Id: streams.c,v 1.20 2006/08/10 19:02:32 iliaa Exp $ */
 
 /* This file implements cURL based wrappers.
  * NOTE: If you are implementing your own streams that are intended to
@@ -349,11 +349,19 @@
                                }
                        }
                        if (mr > 1) {
-                               curl_easy_setopt(curlstream->curl, 
CURLOPT_FOLLOWLOCATION, 1L);
+                               if (PG(open_basedir) && *PG(open_basedir)) {
+                                       curl_easy_setopt(curlstream->curl, 
CURLOPT_FOLLOWLOCATION, 0);
+                               } else {
+                                       curl_easy_setopt(curlstream->curl, 
CURLOPT_FOLLOWLOCATION, 1);
+                               }
                                curl_easy_setopt(curlstream->curl, 
CURLOPT_MAXREDIRS, mr);
                        }
                } else {
-                       curl_easy_setopt(curlstream->curl, 
CURLOPT_FOLLOWLOCATION, 1L);
+                       if (PG(open_basedir) && *PG(open_basedir)) {
+                               curl_easy_setopt(curlstream->curl, 
CURLOPT_FOLLOWLOCATION, 0);
+                       } else {
+                               curl_easy_setopt(curlstream->curl, 
CURLOPT_FOLLOWLOCATION, 1);
+                       }
                        curl_easy_setopt(curlstream->curl, CURLOPT_MAXREDIRS, 
20L);
                }
        }


-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-CVS] cvs: php-src /ext/curl interface.c streams.c /ext/standard string.c

Reply via email to