jani Fri, 07 Aug 2009 15:44:37 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=286913
Log: - Fixed bug #48719 parse_ini_*(): scanner mode is not checked for sanity) Bug: http://bugs.php.net/48719 (Assigned) parse_ini_*(): scanner mode is not checked for sanity Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/Zend/zend_ini_scanner.l U php/php-src/trunk/Zend/zend_ini_scanner.l Modified: php/php-src/branches/PHP_5_3/NEWS =================================================================== --- php/php-src/branches/PHP_5_3/NEWS 2009-08-07 15:03:08 UTC (rev 286912) +++ php/php-src/branches/PHP_5_3/NEWS 2009-08-07 15:44:37 UTC (rev 286913) @@ -78,6 +78,8 @@ install location). (james dot cohen at digitalwindow dot com, Greg) - Fixed bug #48733 (CURLOPT_WRITEHEADER|CURLOPT_FILE|CURLOPT_STDERR warns on files that have been opened with r+). (Ilia) +- Fixed bug #48719 (parse_ini_*(): scanner_mode parameter is not checked for + sanity). (Jani) - Fixed bug #48718 (FILTER_VALIDATE_EMAIL does not allow numbers in domain components). (Ilia) - Fixed bug #48681 (openssl signature verification for tar archives broken). Modified: php/php-src/branches/PHP_5_3/Zend/zend_ini_scanner.l =================================================================== --- php/php-src/branches/PHP_5_3/Zend/zend_ini_scanner.l 2009-08-07 15:03:08 UTC (rev 286912) +++ php/php-src/branches/PHP_5_3/Zend/zend_ini_scanner.l 2009-08-07 15:44:37 UTC (rev 286913) @@ -158,12 +158,28 @@ /* {{{ init_ini_scanner() */ -static void init_ini_scanner(TSRMLS_D) +static int init_ini_scanner(int scanner_mode, zend_file_handle *fh TSRMLS_DC) { + /* Sanity check */ + if (scanner_mode != ZEND_INI_SCANNER_NORMAL && scanner_mode != ZEND_INI_SCANNER_RAW) { + zend_error(E_WARNING, "Invalid scanner mode"); + return FAILURE; + } + SCNG(lineno) = 1; - SCNG(scanner_mode) = ZEND_INI_SCANNER_NORMAL; + SCNG(scanner_mode) = scanner_mode; + SCNG(yy_in) = fh; + + if (fh != NULL) { + ini_filename = zend_strndup(fh->filename, strlen(fh->filename)); + } else { + ini_filename = NULL; + } + zend_stack_init(&SCNG(state_stack)); BEGIN(INITIAL); + + return SUCCESS; } /* }}} */ @@ -201,15 +217,14 @@ char *buf; size_t size; - if (zend_stream_fixup(fh, &buf, &size TSRMLS_CC) == FAILURE) { + if (zend_stream_fixup(fh, &buf, &size TSRMLS_CC) == FAILURE || + init_ini_scanner(scanner_mode, fh TSRMLS_CC) == FAILURE + ) { return FAILURE; } - init_ini_scanner(TSRMLS_C); - SCNG(scanner_mode) = scanner_mode; - SCNG(yy_in) = fh; yy_scan_buffer(buf, size TSRMLS_CC); - ini_filename = zend_strndup(fh->filename, strlen(fh->filename)); + return SUCCESS; } /* }}} */ @@ -220,11 +235,12 @@ { int len = strlen(str); - init_ini_scanner(TSRMLS_C); - SCNG(scanner_mode) = scanner_mode; - SCNG(yy_in) = NULL; + if (init_ini_scanner(scanner_mode, NULL TSRMLS_CC) == FAILURE) { + return FAILURE; + } + yy_scan_buffer(str, len TSRMLS_CC); - ini_filename = NULL; + return SUCCESS; } /* }}} */ Modified: php/php-src/trunk/Zend/zend_ini_scanner.l =================================================================== --- php/php-src/trunk/Zend/zend_ini_scanner.l 2009-08-07 15:03:08 UTC (rev 286912) +++ php/php-src/trunk/Zend/zend_ini_scanner.l 2009-08-07 15:44:37 UTC (rev 286913) @@ -158,12 +158,28 @@ /* {{{ init_ini_scanner() */ -static void init_ini_scanner(TSRMLS_D) +static int init_ini_scanner(int scanner_mode, zend_file_handle *fh TSRMLS_DC) { + /* Sanity check */ + if (scanner_mode != ZEND_INI_SCANNER_NORMAL && scanner_mode != ZEND_INI_SCANNER_RAW) { + zend_error(E_WARNING, "Invalid scanner mode"); + return FAILURE; + } + SCNG(lineno) = 1; - SCNG(scanner_mode) = ZEND_INI_SCANNER_NORMAL; + SCNG(scanner_mode) = scanner_mode; + SCNG(yy_in) = fh; + + if (fh != NULL) { + ini_filename = zend_strndup(fh->filename, strlen(fh->filename)); + } else { + ini_filename = NULL; + } + zend_stack_init(&SCNG(state_stack)); BEGIN(INITIAL); + + return SUCCESS; } /* }}} */ @@ -201,15 +217,14 @@ char *buf; size_t size; - if (zend_stream_fixup(fh, &buf, &size TSRMLS_CC) == FAILURE) { + if (zend_stream_fixup(fh, &buf, &size TSRMLS_CC) == FAILURE || + init_ini_scanner(scanner_mode, fh TSRMLS_CC) == FAILURE + ) { return FAILURE; } - init_ini_scanner(TSRMLS_C); - SCNG(scanner_mode) = scanner_mode; - SCNG(yy_in) = fh; yy_scan_buffer(buf, size TSRMLS_CC); - ini_filename = zend_strndup(fh->filename, strlen(fh->filename)); + return SUCCESS; } /* }}} */ @@ -220,11 +235,12 @@ { int len = strlen(str); - init_ini_scanner(TSRMLS_C); - SCNG(scanner_mode) = scanner_mode; - SCNG(yy_in) = NULL; + if (init_ini_scanner(scanner_mode, NULL TSRMLS_CC) == FAILURE) { + return FAILURE; + } + yy_scan_buffer(str, len TSRMLS_CC); - ini_filename = NULL; + return SUCCESS; } /* }}} */
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php