[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/win32/readdir.c trunk/win32/readdir.c

[Pierre Joye]

pajoye   Mon, 10 Jan 2011 08:07:38 +

Revision: http://svn.php.net/viewvc?view=revisionrevision=307329

Log:
- possible NULL deref

Changed paths:
U   php/php-src/branches/PHP_5_3/win32/readdir.c
U   php/php-src/trunk/win32/readdir.c

Modified: php/php-src/branches/PHP_5_3/win32/readdir.c
===
--- php/php-src/branches/PHP_5_3/win32/readdir.c2011-01-10 06:21:53 UTC 
(rev 307328)
+++ php/php-src/branches/PHP_5_3/win32/readdir.c2011-01-10 08:07:38 UTC 
(rev 307329)
@@ -33,6 +33,9 @@
}

filespec = (char *)malloc(strlen(resolved_path_buff) + 2 + 1);
+   if (filespec == NULL) {
+   return NULL;
+   }
strcpy(filespec, resolved_path_buff);
index = strlen(filespec) - 1;
if (index = 0  (filespec[index] == '/' ||
@@ -41,6 +44,9 @@
strcat(filespec, \\*);

dp = (DIR *) malloc(sizeof(DIR));
+   if (dp == NULL) {
+   return NULL;
+   }
dp-offset = 0;
dp-finished = 0;

@@ -140,6 +146,10 @@
dp-finished = 0;

filespec = (char *)malloc(strlen(dp-dir) + 2 + 1);
+   if (filespec == NULL) {
+   return -1;
+   }
+
strcpy(filespec, dp-dir);
index = strlen(filespec) - 1;
if (index = 0  (filespec[index] == '/' ||

Modified: php/php-src/trunk/win32/readdir.c
===
--- php/php-src/trunk/win32/readdir.c   2011-01-10 06:21:53 UTC (rev 307328)
+++ php/php-src/trunk/win32/readdir.c   2011-01-10 08:07:38 UTC (rev 307329)
@@ -33,6 +33,9 @@
}

filespec = (char *)malloc(strlen(resolved_path_buff) + 2 + 1);
+   if (filespec == NULL) {
+   return NULL;
+   }
strcpy(filespec, resolved_path_buff);
index = strlen(filespec) - 1;
if (index = 0  (filespec[index] == '/' ||
@@ -41,6 +44,9 @@
strcat(filespec, \\*);

dp = (DIR *) malloc(sizeof(DIR));
+   if (dp == NULL) {
+   return NULL;
+   }
dp-offset = 0;
dp-finished = 0;

@@ -140,6 +146,10 @@
dp-finished = 0;

filespec = (char *)malloc(strlen(dp-dir) + 2 + 1);
+   if (filespec == NULL) {
+   return -1;
+   }
+
strcpy(filespec, dp-dir);
index = strlen(filespec) - 1;
if (index = 0  (filespec[index] == '/' ||

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/win32/readdir.c trunk/win32/readdir.c

[Pierre-Alain Joye]

pajoye   Tue, 01 Sep 2009 17:46:17 +

Revision: http://svn.php.net/viewvc?view=revisionrevision=287949

Log:
- #48746, fix regression in readdir/scandir and mounted points or junctions on 
windows

Bug: http://bugs.php.net/48746 (Feedback) Unable to browse directories within 
Junction Points
  
Changed paths:
U   php/php-src/branches/PHP_5_3/win32/readdir.c
U   php/php-src/trunk/win32/readdir.c

Modified: php/php-src/branches/PHP_5_3/win32/readdir.c
===
--- php/php-src/branches/PHP_5_3/win32/readdir.c2009-09-01 17:12:18 UTC 
(rev 287948)
+++ php/php-src/branches/PHP_5_3/win32/readdir.c2009-09-01 17:46:17 UTC 
(rev 287949)
@@ -25,14 +25,19 @@
char *filespec;
HANDLE handle;
int index;
+   char resolved_path_buff[MAXPATHLEN];

-   filespec = (char *)malloc(strlen(dir) + 2 + 1);
-   strcpy(filespec, dir);
+   if (!VCWD_REALPATH(dir, resolved_path_buff)) {
+   return NULL;
+   }
+
+   filespec = (char *)malloc(strlen(resolved_path_buff) + 2 + 1);
+   strcpy(filespec, resolved_path_buff);
index = strlen(filespec) - 1;
if (index = 0  (filespec[index] == '/' ||
   (filespec[index] == '\\'  (index == 0 || 
!IsDBCSLeadByte(filespec[index-1])
filespec[index] = '\0';
-   strcat(filespec, /*);
+   strcat(filespec, \\*);

dp = (DIR *) malloc(sizeof(DIR));
dp-offset = 0;
@@ -40,7 +45,7 @@

if ((handle = FindFirstFile(filespec, (dp-fileinfo))) == 
INVALID_HANDLE_VALUE) {
DWORD err = GetLastError();
-   if (err == ERROR_NO_MORE_FILES) {
+   if (err == ERROR_NO_MORE_FILES || err == ERROR_FILE_NOT_FOUND) {
dp-finished = 1;
} else {
free(dp);
@@ -48,7 +53,7 @@
return NULL;
}
}
-   dp-dir = strdup(dir);
+   dp-dir = strdup(resolved_path_buff);
dp-handle = handle;
free(filespec);

@@ -108,7 +113,11 @@
 {
if (!dp)
return 0;
-   FindClose(dp-handle);
+   /* It is valid to scan an empty directory but we have an invalid
+  handle in this case (no first file found). */
+   if (dp-handle != INVALID_HANDLE_VALUE) {
+   FindClose(dp-handle);
+   }
if (dp-dir)
free(dp-dir);
if (dp)

Modified: php/php-src/trunk/win32/readdir.c
===
--- php/php-src/trunk/win32/readdir.c   2009-09-01 17:12:18 UTC (rev 287948)
+++ php/php-src/trunk/win32/readdir.c   2009-09-01 17:46:17 UTC (rev 287949)
@@ -25,14 +25,19 @@
char *filespec;
HANDLE handle;
int index;
+   char resolved_path_buff[MAXPATHLEN];

-   filespec = (char *)malloc(strlen(dir) + 2 + 1);
-   strcpy(filespec, dir);
+   if (!VCWD_REALPATH(dir, resolved_path_buff)) {
+   return NULL;
+   }
+
+   filespec = (char *)malloc(strlen(resolved_path_buff) + 2 + 1);
+   strcpy(filespec, resolved_path_buff);
index = strlen(filespec) - 1;
if (index = 0  (filespec[index] == '/' ||
   (filespec[index] == '\\'  (index == 0 || 
!IsDBCSLeadByte(filespec[index-1])
filespec[index] = '\0';
-   strcat(filespec, /*);
+   strcat(filespec, \\*);

dp = (DIR *) malloc(sizeof(DIR));
dp-offset = 0;
@@ -40,7 +45,7 @@

if ((handle = FindFirstFile(filespec, (dp-fileinfo))) == 
INVALID_HANDLE_VALUE) {
DWORD err = GetLastError();
-   if (err == ERROR_NO_MORE_FILES) {
+   if (err == ERROR_NO_MORE_FILES || err == ERROR_FILE_NOT_FOUND) {
dp-finished = 1;
} else {
free(dp);
@@ -48,7 +53,7 @@
return NULL;
}
}
-   dp-dir = strdup(dir);
+   dp-dir = strdup(resolved_path_buff);
dp-handle = handle;
free(filespec);

@@ -108,7 +113,11 @@
 {
if (!dp)
return 0;
-   FindClose(dp-handle);
+   /* It is valid to scan an empty directory but we have an invalid
+  handle in this case (no first file found). */
+   if (dp-handle != INVALID_HANDLE_VALUE) {
+   FindClose(dp-handle);
+   }
if (dp-dir)
free(dp-dir);
if (dp)

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php