pajoye Sun, 07 Feb 2010 20:15:58 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=294724
Log: - prevent unexpectable behaviors (for the user) with invalid path Changed paths: U php/php-src/branches/PHP_5_3/ext/standard/tests/file/tempnam_variation3-win32.phpt U php/php-src/branches/PHP_5_3/main/php_open_temporary_file.c U php/php-src/branches/PHP_5_3/main/streams/plain_wrapper.c U php/php-src/branches/PHP_5_3/win32/winutil.c U php/php-src/branches/PHP_5_3/win32/winutil.h U php/php-src/trunk/ext/standard/tests/file/tempnam_variation3-win32.phpt U php/php-src/trunk/main/php_open_temporary_file.c U php/php-src/trunk/main/streams/plain_wrapper.c U php/php-src/trunk/win32/winutil.c U php/php-src/trunk/win32/winutil.h
Modified: php/php-src/branches/PHP_5_3/ext/standard/tests/file/tempnam_variation3-win32.phpt =================================================================== --- php/php-src/branches/PHP_5_3/ext/standard/tests/file/tempnam_variation3-win32.phpt 2010-02-07 20:15:18 UTC (rev 294723) +++ php/php-src/branches/PHP_5_3/ext/standard/tests/file/tempnam_variation3-win32.phpt 2010-02-07 20:15:58 UTC (rev 294724) @@ -70,7 +70,7 @@ if (realpath($file_dir) == $file_path || realpath($file_dir . "\\") == $file_path) { echo "OK\n"; } else { - echo "Failed, not created in the correct directory" . realpath($file_dir) . ' vs ' . $file_path ."\n"; + echo "Failed, not created in the correct directory " . realpath($file_dir) . ' vs ' . $file_path ."\n"; } if (!is_writable($file_name)) { @@ -99,7 +99,8 @@ -- Iteration 4 -- OK -- Iteration 5 -- -OK +Failed, not created in the correct directory %s vs %s +0 -- Iteration 6 -- OK -- Iteration 7 -- Modified: php/php-src/branches/PHP_5_3/main/php_open_temporary_file.c =================================================================== --- php/php-src/branches/PHP_5_3/main/php_open_temporary_file.c 2010-02-07 20:15:18 UTC (rev 294723) +++ php/php-src/branches/PHP_5_3/main/php_open_temporary_file.c 2010-02-07 20:15:58 UTC (rev 294724) @@ -113,6 +113,13 @@ return -1; } +#ifdef PHP_WIN32 + if (!php_win32_check_trailing_space(pfx, (const int)strlen(pfx))) { + SetLastError(ERROR_INVALID_NAME); + return -1; + } +#endif + if (!VCWD_GETCWD(cwd, MAXPATHLEN)) { cwd[0] = '\0'; } @@ -138,12 +145,14 @@ } #ifdef PHP_WIN32 + if (GetTempFileName(new_state.cwd, pfx, 0, opened_path)) { /* Some versions of windows set the temp file to be read-only, * which means that opening it will fail... */ VCWD_CHMOD(opened_path, 0600); fd = VCWD_OPEN_MODE(opened_path, open_flags, 0600); } + #elif defined(HAVE_MKSTEMP) fd = mkstemp(opened_path); #else @@ -151,6 +160,7 @@ fd = VCWD_OPEN(opened_path, open_flags); } #endif + if (fd == -1 || !opened_path_p) { efree(opened_path); } else { Modified: php/php-src/branches/PHP_5_3/main/streams/plain_wrapper.c =================================================================== --- php/php-src/branches/PHP_5_3/main/streams/plain_wrapper.c 2010-02-07 20:15:18 UTC (rev 294723) +++ php/php-src/branches/PHP_5_3/main/streams/plain_wrapper.c 2010-02-07 20:15:58 UTC (rev 294724) @@ -38,12 +38,11 @@ #endif #include "SAPI.h" +#include "php_streams_int.h" #ifdef PHP_WIN32 -# include "ext/standard/php_string.h" +# include "win32/winutil.h" #endif -#include "php_streams_int.h" - #define php_stream_fopen_from_fd_int(fd, mode, persistent_id) _php_stream_fopen_from_fd_int((fd), (mode), (persistent_id) STREAMS_CC TSRMLS_CC) #define php_stream_fopen_from_fd_int_rel(fd, mode, persistent_id) _php_stream_fopen_from_fd_int((fd), (mode), (persistent_id) STREAMS_REL_CC TSRMLS_CC) #define php_stream_fopen_from_file_int(file, mode) _php_stream_fopen_from_file_int((file), (mode) STREAMS_CC TSRMLS_CC) @@ -1065,25 +1064,14 @@ } #ifdef PHP_WIN32 - /* Prevent bad things to happen when invalid path are used with MoveFileEx */ - { - int url_from_len = strlen(url_from); - int url_to_len = strlen(url_to); - char *trimed = php_trim(url_from, url_from_len, NULL, 0, NULL, 1 TSRMLS_CC); - int trimed_len = strlen(trimed); - - if (trimed_len == 0 || trimed_len != url_from_len) { - php_win32_docref2_from_error(ERROR_INVALID_NAME, url_from, url_to TSRMLS_CC); - return 0; - } - - trimed = php_trim(url_to, url_to_len, NULL, 0, NULL, 1 TSRMLS_CC); - trimed_len = strlen(trimed); - if (trimed_len == 0 || trimed_len != url_to_len) { - php_win32_docref2_from_error(ERROR_INVALID_NAME, url_from, url_to TSRMLS_CC); - return 0; - } + if (!php_win32_check_trailing_space(url_from, strlen(url_from))) { + php_win32_docref2_from_error(ERROR_INVALID_NAME, url_from, url_to TSRMLS_CC); + return 0; } + if (!php_win32_check_trailing_space(url_to, strlen(url_to))) { + php_win32_docref2_from_error(ERROR_INVALID_NAME, url_from, url_to TSRMLS_CC); + return 0; + } #endif if ((p = strstr(url_from, "://")) != NULL) { @@ -1251,6 +1239,9 @@ static int php_plain_files_rmdir(php_stream_wrapper *wrapper, char *url, int options, php_stream_context *context TSRMLS_DC) { +#if PHP_WIN32 + int url_len = strlen(url); +#endif if (PG(safe_mode) &&(!php_checkuid(url, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { return 0; } @@ -1259,6 +1250,13 @@ return 0; } +#if PHP_WIN32 + if (!php_win32_check_trailing_space(url, url_len)) { + php_error_docref1(NULL TSRMLS_CC, url, E_WARNING, "%s", strerror(ENOENT)); + return 0; + } +#endif + if (VCWD_RMDIR(url) < 0) { php_error_docref1(NULL TSRMLS_CC, url, E_WARNING, "%s", strerror(errno)); return 0; Modified: php/php-src/branches/PHP_5_3/win32/winutil.c =================================================================== --- php/php-src/branches/PHP_5_3/win32/winutil.c 2010-02-07 20:15:18 UTC (rev 294723) +++ php/php-src/branches/PHP_5_3/win32/winutil.c 2010-02-07 20:15:58 UTC (rev 294724) @@ -31,3 +31,18 @@ return (buf ? (char *) buf : ""); } + +int php_win32_check_trailing_space(const char * path, const int path_len) { + if (path_len < 1) { + return 1; + } + if (path) { + if (path[0] == ' ' || path[path_len - 1] == ' ') { + return 0; + } else { + return 1; + } + } else { + return 0; + } +} Modified: php/php-src/branches/PHP_5_3/win32/winutil.h =================================================================== --- php/php-src/branches/PHP_5_3/win32/winutil.h 2010-02-07 20:15:18 UTC (rev 294723) +++ php/php-src/branches/PHP_5_3/win32/winutil.h 2010-02-07 20:15:58 UTC (rev 294724) @@ -19,3 +19,4 @@ PHPAPI char *php_win_err(int error); #define php_win_err() php_win_err(GetLastError()) +int php_win32_check_trailing_space(const char * path, const int path_len); Modified: php/php-src/trunk/ext/standard/tests/file/tempnam_variation3-win32.phpt =================================================================== --- php/php-src/trunk/ext/standard/tests/file/tempnam_variation3-win32.phpt 2010-02-07 20:15:18 UTC (rev 294723) +++ php/php-src/trunk/ext/standard/tests/file/tempnam_variation3-win32.phpt 2010-02-07 20:15:58 UTC (rev 294724) @@ -70,7 +70,7 @@ if (realpath($file_dir) == $file_path || realpath($file_dir . "\\") == $file_path) { echo "OK\n"; } else { - echo "Failed, not created in the correct directory" . realpath($file_dir) . ' vs ' . $file_path ."\n"; + echo "Failed, not created in the correct directory " . realpath($file_dir) . ' vs ' . $file_path ."\n"; } if (!is_writable($file_name)) { @@ -99,7 +99,8 @@ -- Iteration 4 -- OK -- Iteration 5 -- -OK +Failed, not created in the correct directory %s vs %s +0 -- Iteration 6 -- OK -- Iteration 7 -- Modified: php/php-src/trunk/main/php_open_temporary_file.c =================================================================== --- php/php-src/trunk/main/php_open_temporary_file.c 2010-02-07 20:15:18 UTC (rev 294723) +++ php/php-src/trunk/main/php_open_temporary_file.c 2010-02-07 20:15:58 UTC (rev 294724) @@ -113,6 +113,13 @@ return -1; } +#ifdef PHP_WIN32 + if (!php_win32_check_trailing_space(pfx, (const int)strlen(pfx))) { + SetLastError(ERROR_INVALID_NAME); + return -1; + } +#endif + if (!VCWD_GETCWD(cwd, MAXPATHLEN)) { cwd[0] = '\0'; } Modified: php/php-src/trunk/main/streams/plain_wrapper.c =================================================================== --- php/php-src/trunk/main/streams/plain_wrapper.c 2010-02-07 20:15:18 UTC (rev 294723) +++ php/php-src/trunk/main/streams/plain_wrapper.c 2010-02-07 20:15:58 UTC (rev 294724) @@ -39,6 +39,9 @@ #include "SAPI.h" #include "php_streams_int.h" +#ifdef PHP_WIN32 +# include "win32/winutil.h" +#endif #define php_stream_fopen_from_fd_int(fd, mode, persistent_id) _php_stream_fopen_from_fd_int((fd), (mode), (persistent_id) STREAMS_CC TSRMLS_CC) #define php_stream_fopen_from_fd_int_rel(fd, mode, persistent_id) _php_stream_fopen_from_fd_int((fd), (mode), (persistent_id) STREAMS_REL_CC TSRMLS_CC) @@ -1043,25 +1046,14 @@ } #ifdef PHP_WIN32 - /* Prevent bad things to happen when invalid path are used with MoveFileEx */ - { - int url_from_len = strlen(url_from); - int url_to_len = strlen(url_to); - char *trimed = php_trim(url_from, url_from_len, NULL, 0, NULL, 1 TSRMLS_CC); - int trimed_len = strlen(trimed); - - if (trimed_len == 0 || trimed_len != url_from_len) { - php_win32_docref2_from_error(ERROR_INVALID_NAME, url_from, url_to TSRMLS_CC); - return 0; - } - - trimed = php_trim(url_to, url_to_len, NULL, 0, NULL, 1 TSRMLS_CC); - trimed_len = strlen(trimed); - if (trimed_len == 0 || trimed_len != url_to_len) { - php_win32_docref2_from_error(ERROR_INVALID_NAME, url_from, url_to TSRMLS_CC); - return 0; - } + if (!php_win32_check_trailing_space(url_from, strlen(url_from))) { + php_win32_docref2_from_error(ERROR_INVALID_NAME, url_from, url_to TSRMLS_CC); + return 0; } + if (!php_win32_check_trailing_space(url_to, strlen(url_to))) { + php_win32_docref2_from_error(ERROR_INVALID_NAME, url_from, url_to TSRMLS_CC); + return 0; + } #endif if ((p = strstr(url_from, "://")) != NULL) { @@ -1224,10 +1216,20 @@ static int php_plain_files_rmdir(php_stream_wrapper *wrapper, char *url, int options, php_stream_context *context TSRMLS_DC) { +#if PHP_WIN32 + int url_len = strlen(url); +#endif if (php_check_open_basedir(url TSRMLS_CC)) { return 0; } +#if PHP_WIN32 + if (!php_win32_check_trailing_space(url, url_len)) { + php_error_docref1(NULL TSRMLS_CC, url, E_WARNING, "%s", strerror(ENOENT)); + return 0; + } +#endif + if (VCWD_RMDIR(url) < 0) { php_error_docref1(NULL TSRMLS_CC, url, E_WARNING, "%s", strerror(errno)); return 0; Modified: php/php-src/trunk/win32/winutil.c =================================================================== --- php/php-src/trunk/win32/winutil.c 2010-02-07 20:15:18 UTC (rev 294723) +++ php/php-src/trunk/win32/winutil.c 2010-02-07 20:15:58 UTC (rev 294724) @@ -31,3 +31,18 @@ return (buf ? (char *) buf : ""); } + +int php_win32_check_trailing_space(const char * path, const int path_len) { + if (path_len < 1) { + return 1; + } + if (path) { + if (path[0] == ' ' || path[path_len - 1] == ' ') { + return 0; + } else { + return 1; + } + } else { + return 0; + } +} Modified: php/php-src/trunk/win32/winutil.h =================================================================== --- php/php-src/trunk/win32/winutil.h 2010-02-07 20:15:18 UTC (rev 294723) +++ php/php-src/trunk/win32/winutil.h 2010-02-07 20:15:58 UTC (rev 294724) @@ -19,3 +19,4 @@ PHPAPI char *php_win_err(int error); #define php_win_err() php_win_err(GetLastError()) +int php_win32_check_trailing_space(const char * path, const int path_len);
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php