jani                                     Fri, 07 Aug 2009 15:44:37 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=286913

Log:
- Fixed bug #48719 parse_ini_*(): scanner mode is not checked for sanity)

Bug: http://bugs.php.net/48719 (Assigned) parse_ini_*(): scanner mode is not 
checked for sanity
      
Changed paths:
    U   php/php-src/branches/PHP_5_3/NEWS
    U   php/php-src/branches/PHP_5_3/Zend/zend_ini_scanner.l
    U   php/php-src/trunk/Zend/zend_ini_scanner.l

Modified: php/php-src/branches/PHP_5_3/NEWS
===================================================================
--- php/php-src/branches/PHP_5_3/NEWS   2009-08-07 15:03:08 UTC (rev 286912)
+++ php/php-src/branches/PHP_5_3/NEWS   2009-08-07 15:44:37 UTC (rev 286913)
@@ -78,6 +78,8 @@
   install location). (james dot cohen at digitalwindow dot com, Greg)
 - Fixed bug #48733 (CURLOPT_WRITEHEADER|CURLOPT_FILE|CURLOPT_STDERR warns on
   files that have been opened with r+). (Ilia)
+- Fixed bug #48719 (parse_ini_*(): scanner_mode parameter is not checked for
+  sanity). (Jani)
 - Fixed bug #48718 (FILTER_VALIDATE_EMAIL does not allow numbers in domain
   components). (Ilia)
 - Fixed bug #48681 (openssl signature verification for tar archives broken).

Modified: php/php-src/branches/PHP_5_3/Zend/zend_ini_scanner.l
===================================================================
--- php/php-src/branches/PHP_5_3/Zend/zend_ini_scanner.l        2009-08-07 
15:03:08 UTC (rev 286912)
+++ php/php-src/branches/PHP_5_3/Zend/zend_ini_scanner.l        2009-08-07 
15:44:37 UTC (rev 286913)
@@ -158,12 +158,28 @@

 /* {{{ init_ini_scanner()
 */
-static void init_ini_scanner(TSRMLS_D)
+static int init_ini_scanner(int scanner_mode, zend_file_handle *fh TSRMLS_DC)
 {
+       /* Sanity check */
+       if (scanner_mode != ZEND_INI_SCANNER_NORMAL && scanner_mode != 
ZEND_INI_SCANNER_RAW) {
+               zend_error(E_WARNING, "Invalid scanner mode");
+               return FAILURE;
+       }
+
        SCNG(lineno) = 1;
-       SCNG(scanner_mode) = ZEND_INI_SCANNER_NORMAL;
+       SCNG(scanner_mode) = scanner_mode;
+       SCNG(yy_in) = fh;
+
+       if (fh != NULL) {
+               ini_filename = zend_strndup(fh->filename, strlen(fh->filename));
+       } else {
+               ini_filename = NULL;
+       }
+
        zend_stack_init(&SCNG(state_stack));
        BEGIN(INITIAL);
+
+       return SUCCESS;
 }
 /* }}} */

@@ -201,15 +217,14 @@
        char *buf;
        size_t size;

-       if (zend_stream_fixup(fh, &buf, &size TSRMLS_CC) == FAILURE) {
+       if (zend_stream_fixup(fh, &buf, &size TSRMLS_CC) == FAILURE ||
+               init_ini_scanner(scanner_mode, fh TSRMLS_CC) == FAILURE
+       ) {
                return FAILURE;
        }

-       init_ini_scanner(TSRMLS_C);
-       SCNG(scanner_mode) = scanner_mode;
-       SCNG(yy_in) = fh;
        yy_scan_buffer(buf, size TSRMLS_CC);
-       ini_filename = zend_strndup(fh->filename, strlen(fh->filename));
+
        return SUCCESS;
 }
 /* }}} */
@@ -220,11 +235,12 @@
 {
        int len = strlen(str);

-       init_ini_scanner(TSRMLS_C);
-       SCNG(scanner_mode) = scanner_mode;
-       SCNG(yy_in) = NULL;
+       if (init_ini_scanner(scanner_mode, NULL TSRMLS_CC) == FAILURE) {
+               return FAILURE;
+       }
+
        yy_scan_buffer(str, len TSRMLS_CC);
-       ini_filename = NULL;
+
        return SUCCESS;
 }
 /* }}} */

Modified: php/php-src/trunk/Zend/zend_ini_scanner.l
===================================================================
--- php/php-src/trunk/Zend/zend_ini_scanner.l   2009-08-07 15:03:08 UTC (rev 
286912)
+++ php/php-src/trunk/Zend/zend_ini_scanner.l   2009-08-07 15:44:37 UTC (rev 
286913)
@@ -158,12 +158,28 @@

 /* {{{ init_ini_scanner()
 */
-static void init_ini_scanner(TSRMLS_D)
+static int init_ini_scanner(int scanner_mode, zend_file_handle *fh TSRMLS_DC)
 {
+       /* Sanity check */
+       if (scanner_mode != ZEND_INI_SCANNER_NORMAL && scanner_mode != 
ZEND_INI_SCANNER_RAW) {
+               zend_error(E_WARNING, "Invalid scanner mode");
+               return FAILURE;
+       }
+
        SCNG(lineno) = 1;
-       SCNG(scanner_mode) = ZEND_INI_SCANNER_NORMAL;
+       SCNG(scanner_mode) = scanner_mode;
+       SCNG(yy_in) = fh;
+
+       if (fh != NULL) {
+               ini_filename = zend_strndup(fh->filename, strlen(fh->filename));
+       } else {
+               ini_filename = NULL;
+       }
+
        zend_stack_init(&SCNG(state_stack));
        BEGIN(INITIAL);
+
+       return SUCCESS;
 }
 /* }}} */

@@ -201,15 +217,14 @@
        char *buf;
        size_t size;

-       if (zend_stream_fixup(fh, &buf, &size TSRMLS_CC) == FAILURE) {
+       if (zend_stream_fixup(fh, &buf, &size TSRMLS_CC) == FAILURE ||
+               init_ini_scanner(scanner_mode, fh TSRMLS_CC) == FAILURE
+       ) {
                return FAILURE;
        }

-       init_ini_scanner(TSRMLS_C);
-       SCNG(scanner_mode) = scanner_mode;
-       SCNG(yy_in) = fh;
        yy_scan_buffer(buf, size TSRMLS_CC);
-       ini_filename = zend_strndup(fh->filename, strlen(fh->filename));
+
        return SUCCESS;
 }
 /* }}} */
@@ -220,11 +235,12 @@
 {
        int len = strlen(str);

-       init_ini_scanner(TSRMLS_C);
-       SCNG(scanner_mode) = scanner_mode;
-       SCNG(yy_in) = NULL;
+       if (init_ini_scanner(scanner_mode, NULL TSRMLS_CC) == FAILURE) {
+               return FAILURE;
+       }
+
        yy_scan_buffer(str, len TSRMLS_CC);
-       ini_filename = NULL;
+
        return SUCCESS;
 }
 /* }}} */

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to