[PHP-CVS] cvs: php-src /ext/standard dir.c file.c

[Ilia Alshanetsky]

iliaa           Wed Sep  5 12:55:37 2007 UTC

  Modified files:              
    /php-src/ext/standard       dir.c file.c 
  Log:
  
  MFB: Fixed possible buffer overflows inside the fnmatch() and glob()
  functions
  
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dir.c?r1=1.168&r2=1.169&diff_format=u
Index: php-src/ext/standard/dir.c
diff -u php-src/ext/standard/dir.c:1.168 php-src/ext/standard/dir.c:1.169
--- php-src/ext/standard/dir.c:1.168    Wed Aug 22 14:58:30 2007
+++ php-src/ext/standard/dir.c  Wed Sep  5 12:55:36 2007
@@ -16,7 +16,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: dir.c,v 1.168 2007/08/22 14:58:30 jani Exp $ */
+/* $Id: dir.c,v 1.169 2007/09/05 12:55:36 iliaa Exp $ */
 
 /* {{{ includes/startup/misc */
 
@@ -427,6 +427,11 @@
                return;
        }
 
+       if (pattern_len >= MAXPATHLEN) {
+               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Pattern exceeds 
the maximum allowed length of %d characters", MAXPATHLEN);
+               RETURN_FALSE;
+       }
+
        if ((GLOB_AVAILABLE_FLAGS & flags) != flags) {
                php_error_docref(NULL TSRMLS_CC, E_WARNING, "At least one of 
the passed flags is invalid or not supported on this platform");
                RETURN_FALSE;
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/file.c?r1=1.499&r2=1.500&diff_format=u
Index: php-src/ext/standard/file.c
diff -u php-src/ext/standard/file.c:1.499 php-src/ext/standard/file.c:1.500
--- php-src/ext/standard/file.c:1.499   Mon Sep  3 11:53:43 2007
+++ php-src/ext/standard/file.c Wed Sep  5 12:55:36 2007
@@ -21,7 +21,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: file.c,v 1.499 2007/09/03 11:53:43 jani Exp $ */
+/* $Id: file.c,v 1.500 2007/09/05 12:55:36 iliaa Exp $ */
 
 /* Synced with php 3.0 revision 1.218 1999-06-16 [ssb] */
 
@@ -2894,6 +2894,11 @@
                zend_unicode_to_string_ex(UG(utf8_conv), &filename_utf8, 
&filename_utf8_len, filename.u, filename_len, &status);
                pattern.s = pattern_utf8;
                filename.s = filename_utf8;
+               filename_len = filename_utf8_len;
+       }
+       if (filename_len >= MAXPATHLEN) {
+               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Filename exceeds 
the maximum allowed length of %d characters", MAXPATHLEN);
+               RETURN_FALSE;
        }
 
        RETVAL_BOOL( ! fnmatch( pattern.s, filename.s, flags ));

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php