felipe Sat, 07 May 2011 01:58:26 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=310814
Log: - Fixed bug #54681 (addGlob() crashes on invalid flags) Bug: http://bugs.php.net/54681 (Assigned) addGlob() crashes on invalid flags Changed paths: U php/php-src/branches/PHP_5_3/ext/zip/php_zip.c U php/php-src/trunk/ext/zip/php_zip.c Modified: php/php-src/branches/PHP_5_3/ext/zip/php_zip.c =================================================================== --- php/php-src/branches/PHP_5_3/ext/zip/php_zip.c 2011-05-06 22:30:32 UTC (rev 310813) +++ php/php-src/branches/PHP_5_3/ext/zip/php_zip.c 2011-05-07 01:58:26 UTC (rev 310814) @@ -494,6 +494,28 @@ #else #define GLOB_FLAGMASK (~0) #endif +#ifndef GLOB_BRACE +# define GLOB_BRACE 0 +#endif +#ifndef GLOB_MARK +# define GLOB_MARK 0 +#endif +#ifndef GLOB_NOSORT +# define GLOB_NOSORT 0 +#endif +#ifndef GLOB_NOCHECK +# define GLOB_NOCHECK 0 +#endif +#ifndef GLOB_NOESCAPE +# define GLOB_NOESCAPE 0 +#endif +#ifndef GLOB_ERR +# define GLOB_ERR 0 +#endif + +/* This is used for checking validity of passed flags (passing invalid flags causes segfault in glob()!! */ +#define GLOB_AVAILABLE_FLAGS (0 | GLOB_BRACE | GLOB_MARK | GLOB_NOSORT | GLOB_NOCHECK | GLOB_NOESCAPE | GLOB_ERR | GLOB_ONLYDIR) + #endif /* }}} */ int php_zip_glob(char *pattern, int pattern_len, long flags, zval *return_value TSRMLS_DC) /* {{{ */ @@ -508,7 +530,17 @@ glob_t globbuf; int n; int ret; + + if (pattern_len >= MAXPATHLEN) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Pattern exceeds the maximum allowed length of %d characters", MAXPATHLEN); + return -1; + } + if ((GLOB_AVAILABLE_FLAGS & flags) != flags) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "At least one of the passed flags is invalid or not supported on this platform"); + return -1; + } + #ifdef ZTS if (!IS_ABSOLUTE_PATH(pattern, pattern_len)) { result = VCWD_GETCWD(cwd, MAXPATHLEN); Modified: php/php-src/trunk/ext/zip/php_zip.c =================================================================== --- php/php-src/trunk/ext/zip/php_zip.c 2011-05-06 22:30:32 UTC (rev 310813) +++ php/php-src/trunk/ext/zip/php_zip.c 2011-05-07 01:58:26 UTC (rev 310814) @@ -493,6 +493,28 @@ #else #define GLOB_FLAGMASK (~0) #endif +#ifndef GLOB_BRACE +# define GLOB_BRACE 0 +#endif +#ifndef GLOB_MARK +# define GLOB_MARK 0 +#endif +#ifndef GLOB_NOSORT +# define GLOB_NOSORT 0 +#endif +#ifndef GLOB_NOCHECK +# define GLOB_NOCHECK 0 +#endif +#ifndef GLOB_NOESCAPE +# define GLOB_NOESCAPE 0 +#endif +#ifndef GLOB_ERR +# define GLOB_ERR 0 +#endif + +/* This is used for checking validity of passed flags (passing invalid flags causes segfault in glob()!! */ +#define GLOB_AVAILABLE_FLAGS (0 | GLOB_BRACE | GLOB_MARK | GLOB_NOSORT | GLOB_NOCHECK | GLOB_NOESCAPE | GLOB_ERR | GLOB_ONLYDIR) + #endif /* }}} */ int php_zip_glob(char *pattern, int pattern_len, long flags, zval *return_value TSRMLS_DC) /* {{{ */ @@ -507,7 +529,17 @@ glob_t globbuf; int n; int ret; + + if (pattern_len >= MAXPATHLEN) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Pattern exceeds the maximum allowed length of %d characters", MAXPATHLEN); + return -1; + } + if ((GLOB_AVAILABLE_FLAGS & flags) != flags) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "At least one of the passed flags is invalid or not supported on this platform"); + return -1; + } + #ifdef ZTS if (!IS_ABSOLUTE_PATH(pattern, pattern_len)) { result = VCWD_GETCWD(cwd, MAXPATHLEN);
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
