standard dir.c file.c

Ilia Alshanetsky Tue, 04 Sep 2007 05:52:04 -0700

iliaa           Tue Sep  4 12:51:49 2007 UTC

  Modified files:              (Branch: PHP_5_2)
    /php-src/ext/standard       file.c dir.c 
    /php-src    NEWS 
  Log:
  
  Fixed possible buffer overflows inside the fnmatch() and glob() functions
  
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/file.c?r1=1.409.2.6.2.27&r2=1.409.2.6.2.28&diff_format=u
Index: php-src/ext/standard/file.c
diff -u php-src/ext/standard/file.c:1.409.2.6.2.27 
php-src/ext/standard/file.c:1.409.2.6.2.28
--- php-src/ext/standard/file.c:1.409.2.6.2.27  Mon Sep  3 02:53:56 2007
+++ php-src/ext/standard/file.c Tue Sep  4 12:51:49 2007
@@ -21,7 +21,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: file.c,v 1.409.2.6.2.27 2007/09/03 02:53:56 iliaa Exp $ */
+/* $Id: file.c,v 1.409.2.6.2.28 2007/09/04 12:51:49 iliaa Exp $ */
 
 /* Synced with php 3.0 revision 1.218 1999-06-16 [ssb] */
 
@@ -2518,6 +2518,11 @@
                == FAILURE) 
                return;
        
+       if (filename_len >= MAXPATHLEN) {
+               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Filename exceeds 
the maximum allowed length of %d characters", MAXPATHLEN);
+               RETURN_FALSE;
+       }
+
        RETURN_BOOL( ! fnmatch( pattern, filename, flags ));
 }
 /* }}} */
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dir.c?r1=1.147.2.3.2.10&r2=1.147.2.3.2.11&diff_format=u
Index: php-src/ext/standard/dir.c
diff -u php-src/ext/standard/dir.c:1.147.2.3.2.10 
php-src/ext/standard/dir.c:1.147.2.3.2.11
--- php-src/ext/standard/dir.c:1.147.2.3.2.10   Wed Aug 22 14:59:44 2007
+++ php-src/ext/standard/dir.c  Tue Sep  4 12:51:49 2007
@@ -16,7 +16,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: dir.c,v 1.147.2.3.2.10 2007/08/22 14:59:44 jani Exp $ */
+/* $Id: dir.c,v 1.147.2.3.2.11 2007/09/04 12:51:49 iliaa Exp $ */
 
 /* {{{ includes/startup/misc */
 
@@ -401,6 +401,11 @@
                return;
        }
 
+       if (pattern_len >= MAXPATHLEN) {
+               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Pattern exceeds 
the maximum allowed length of %d characters", MAXPATHLEN);
+               RETURN_FALSE;
+       }
+
        if ((GLOB_AVAILABLE_FLAGS & flags) != flags) {
                php_error_docref(NULL TSRMLS_CC, E_WARNING, "At least one of 
the passed flags is invalid or not supported on this platform");
                RETURN_FALSE;
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.925&r2=1.2027.2.547.2.926&diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.2027.2.547.2.925 php-src/NEWS:1.2027.2.547.2.926
--- php-src/NEWS:1.2027.2.547.2.925     Mon Sep  3 15:36:04 2007
+++ php-src/NEWS        Tue Sep  4 12:51:49 2007
@@ -1,6 +1,9 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? 20??, PHP 5.2.5
+- Fixed possible buffer overflows inside the fnmatch() and glob() functions 
+  reported by Laurent gaffie (Ilia)
+
 - Upgraded PCRE to version 7.3 (Nuno)
 - Added optional parameter $provide_object to debug_backtrace(). (Sebastian)


-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-CVS] cvs: php-src(PHP_5_2) / NEWS /ext/standard dir.c file.c

Reply via email to