felipe                                   Sat, 07 May 2011 01:58:26 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=310814

Log:
- Fixed bug #54681 (addGlob() crashes on invalid flags)

Bug: http://bugs.php.net/54681 (Assigned) addGlob() crashes on invalid flags
      
Changed paths:
    U   php/php-src/branches/PHP_5_3/ext/zip/php_zip.c
    U   php/php-src/trunk/ext/zip/php_zip.c

Modified: php/php-src/branches/PHP_5_3/ext/zip/php_zip.c
===================================================================
--- php/php-src/branches/PHP_5_3/ext/zip/php_zip.c      2011-05-06 22:30:32 UTC 
(rev 310813)
+++ php/php-src/branches/PHP_5_3/ext/zip/php_zip.c      2011-05-07 01:58:26 UTC 
(rev 310814)
@@ -494,6 +494,28 @@
 #else
 #define GLOB_FLAGMASK (~0)
 #endif
+#ifndef GLOB_BRACE
+# define GLOB_BRACE 0
+#endif
+#ifndef GLOB_MARK
+# define GLOB_MARK 0
+#endif
+#ifndef GLOB_NOSORT
+# define GLOB_NOSORT 0
+#endif
+#ifndef GLOB_NOCHECK
+# define GLOB_NOCHECK 0
+#endif
+#ifndef GLOB_NOESCAPE
+# define GLOB_NOESCAPE 0
+#endif
+#ifndef GLOB_ERR
+# define GLOB_ERR 0
+#endif
+
+/* This is used for checking validity of passed flags (passing invalid flags 
causes segfault in glob()!! */
+#define GLOB_AVAILABLE_FLAGS (0 | GLOB_BRACE | GLOB_MARK | GLOB_NOSORT | 
GLOB_NOCHECK | GLOB_NOESCAPE | GLOB_ERR | GLOB_ONLYDIR)
+
 #endif /* }}} */

 int php_zip_glob(char *pattern, int pattern_len, long flags, zval 
*return_value TSRMLS_DC) /* {{{ */
@@ -508,7 +530,17 @@
        glob_t globbuf;
        int n;
        int ret;
+
+       if (pattern_len >= MAXPATHLEN) {
+               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Pattern exceeds 
the maximum allowed length of %d characters", MAXPATHLEN);
+               return -1;
+       }

+       if ((GLOB_AVAILABLE_FLAGS & flags) != flags) {
+               php_error_docref(NULL TSRMLS_CC, E_WARNING, "At least one of 
the passed flags is invalid or not supported on this platform");
+               return -1;
+       }
+
 #ifdef ZTS
        if (!IS_ABSOLUTE_PATH(pattern, pattern_len)) {
                result = VCWD_GETCWD(cwd, MAXPATHLEN);

Modified: php/php-src/trunk/ext/zip/php_zip.c
===================================================================
--- php/php-src/trunk/ext/zip/php_zip.c 2011-05-06 22:30:32 UTC (rev 310813)
+++ php/php-src/trunk/ext/zip/php_zip.c 2011-05-07 01:58:26 UTC (rev 310814)
@@ -493,6 +493,28 @@
 #else
 #define GLOB_FLAGMASK (~0)
 #endif
+#ifndef GLOB_BRACE
+# define GLOB_BRACE 0
+#endif
+#ifndef GLOB_MARK
+# define GLOB_MARK 0
+#endif
+#ifndef GLOB_NOSORT
+# define GLOB_NOSORT 0
+#endif
+#ifndef GLOB_NOCHECK
+# define GLOB_NOCHECK 0
+#endif
+#ifndef GLOB_NOESCAPE
+# define GLOB_NOESCAPE 0
+#endif
+#ifndef GLOB_ERR
+# define GLOB_ERR 0
+#endif
+
+/* This is used for checking validity of passed flags (passing invalid flags 
causes segfault in glob()!! */
+#define GLOB_AVAILABLE_FLAGS (0 | GLOB_BRACE | GLOB_MARK | GLOB_NOSORT | 
GLOB_NOCHECK | GLOB_NOESCAPE | GLOB_ERR | GLOB_ONLYDIR)
+
 #endif /* }}} */

 int php_zip_glob(char *pattern, int pattern_len, long flags, zval 
*return_value TSRMLS_DC) /* {{{ */
@@ -507,7 +529,17 @@
        glob_t globbuf;
        int n;
        int ret;
+
+       if (pattern_len >= MAXPATHLEN) {
+               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Pattern exceeds 
the maximum allowed length of %d characters", MAXPATHLEN);
+               return -1;
+       }

+       if ((GLOB_AVAILABLE_FLAGS & flags) != flags) {
+               php_error_docref(NULL TSRMLS_CC, E_WARNING, "At least one of 
the passed flags is invalid or not supported on this platform");
+               return -1;
+       }
+
 #ifdef ZTS
        if (!IS_ABSOLUTE_PATH(pattern, pattern_len)) {
                result = VCWD_GETCWD(cwd, MAXPATHLEN);

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to