iliaa Tue, 27 Apr 2010 17:13:24 +0000
Revision: http://svn.php.net/viewvc?view=revision&revision=298667
Log:
Fixed string format validation inside phar extension. Reported by Stefan Esser
Changed paths:
U php/php-src/branches/PHP_5_3/NEWS
U php/php-src/branches/PHP_5_3/ext/phar/dirstream.c
U php/php-src/branches/PHP_5_3/ext/phar/stream.c
U php/php-src/trunk/ext/phar/dirstream.c
U php/php-src/trunk/ext/phar/stream.c
Modified: php/php-src/branches/PHP_5_3/NEWS
===================================================================
--- php/php-src/branches/PHP_5_3/NEWS 2010-04-27 17:12:03 UTC (rev 298666)
+++ php/php-src/branches/PHP_5_3/NEWS 2010-04-27 17:13:24 UTC (rev 298667)
@@ -21,6 +21,8 @@
- Fixed very rare memory leak in mysqlnd, when binding thousands of columns.
(Andrey)
+- Fixed string format validation inside phar extension. Reported by Stefan
+ Esser (Ilia)
- Fixed handling of session variable serialization on certain prefix
characters. Reported by Stefan Esser (Ilia)
- Fixed a NULL pointer dereference when processing invalid XML-RPC
Modified: php/php-src/branches/PHP_5_3/ext/phar/dirstream.c
===================================================================
--- php/php-src/branches/PHP_5_3/ext/phar/dirstream.c 2010-04-27 17:12:03 UTC
(rev 298666)
+++ php/php-src/branches/PHP_5_3/ext/phar/dirstream.c 2010-04-27 17:13:24 UTC
(rev 298667)
@@ -360,7 +360,7 @@
if (FAILURE == phar_get_archive(&phar, resource->host, host_len, NULL,
0, &error TSRMLS_CC)) {
if (error) {
- php_stream_wrapper_log_error(wrapper, options
TSRMLS_CC, error);
+ php_stream_wrapper_log_error(wrapper, options
TSRMLS_CC, "%s", error);
efree(error);
} else {
php_stream_wrapper_log_error(wrapper, options
TSRMLS_CC, "phar file \"%s\" is unknown", resource->host);
Modified: php/php-src/branches/PHP_5_3/ext/phar/stream.c
===================================================================
--- php/php-src/branches/PHP_5_3/ext/phar/stream.c 2010-04-27 17:12:03 UTC
(rev 298666)
+++ php/php-src/branches/PHP_5_3/ext/phar/stream.c 2010-04-27 17:13:24 UTC
(rev 298667)
@@ -117,7 +117,7 @@
{
if (error) {
if (!(options & PHP_STREAM_URL_STAT_QUIET)) {
- php_stream_wrapper_log_error(wrapper,
options TSRMLS_CC, error);
+ php_stream_wrapper_log_error(wrapper,
options TSRMLS_CC, "%s", error);
}
efree(error);
}
@@ -128,7 +128,7 @@
if (error) {
spprintf(&error, 0, "Cannot open cached phar
'%s' as writeable, copy on write failed", resource->host);
if (!(options & PHP_STREAM_URL_STAT_QUIET)) {
- php_stream_wrapper_log_error(wrapper,
options TSRMLS_CC, error);
+ php_stream_wrapper_log_error(wrapper,
options TSRMLS_CC, "%s", error);
}
efree(error);
}
@@ -140,7 +140,7 @@
{
if (error) {
if (!(options & PHP_STREAM_URL_STAT_QUIET)) {
- php_stream_wrapper_log_error(wrapper,
options TSRMLS_CC, error);
+ php_stream_wrapper_log_error(wrapper,
options TSRMLS_CC, "%s", error);
}
efree(error);
}
@@ -192,7 +192,7 @@
if (mode[0] == 'w' || (mode[0] == 'r' && mode[1] == '+')) {
if (NULL == (idata =
phar_get_or_create_entry_data(resource->host, host_len, internal_file,
strlen(internal_file), mode, 0, &error, 1 TSRMLS_CC))) {
if (error) {
- php_stream_wrapper_log_error(wrapper, options
TSRMLS_CC, error);
+ php_stream_wrapper_log_error(wrapper, options
TSRMLS_CC, "%s", error);
efree(error);
} else {
php_stream_wrapper_log_error(wrapper, options
TSRMLS_CC, "phar error: file \"%s\" could not be created in phar \"%s\"",
internal_file, resource->host);
@@ -297,7 +297,7 @@
if ((FAILURE == phar_get_entry_data(&idata, resource->host,
host_len, internal_file, strlen(internal_file), "r", 0, &error, 0 TSRMLS_CC))
|| !idata) {
idata_error:
if (error) {
- php_stream_wrapper_log_error(wrapper, options
TSRMLS_CC, error);
+ php_stream_wrapper_log_error(wrapper, options
TSRMLS_CC, "%s", error);
efree(error);
} else {
php_stream_wrapper_log_error(wrapper, options
TSRMLS_CC, "phar error: \"%s\" is not a file in phar \"%s\"", internal_file,
resource->host);
@@ -320,7 +320,7 @@
/* check length, crc32 */
if (!idata->internal_file->is_crc_checked &&
phar_postprocess_file(idata, idata->internal_file->crc32, &error, 2 TSRMLS_CC)
!= SUCCESS) {
- php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, error);
+ php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "%s",
error);
efree(error);
phar_entry_delref(idata TSRMLS_CC);
efree(internal_file);
@@ -761,7 +761,7 @@
efree(internal_file);
phar_entry_remove(idata, &error TSRMLS_CC);
if (error) {
- php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, error);
+ php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "%s",
error);
efree(error);
}
return 1;
Modified: php/php-src/trunk/ext/phar/dirstream.c
===================================================================
--- php/php-src/trunk/ext/phar/dirstream.c 2010-04-27 17:12:03 UTC (rev
298666)
+++ php/php-src/trunk/ext/phar/dirstream.c 2010-04-27 17:13:24 UTC (rev
298667)
@@ -360,7 +360,7 @@
if (FAILURE == phar_get_archive(&phar, resource->host, host_len, NULL,
0, &error TSRMLS_CC)) {
if (error) {
- php_stream_wrapper_log_error(wrapper, options
TSRMLS_CC, error);
+ php_stream_wrapper_log_error(wrapper, options
TSRMLS_CC, "%s", error);
efree(error);
} else {
php_stream_wrapper_log_error(wrapper, options
TSRMLS_CC, "phar file \"%s\" is unknown", resource->host);
Modified: php/php-src/trunk/ext/phar/stream.c
===================================================================
--- php/php-src/trunk/ext/phar/stream.c 2010-04-27 17:12:03 UTC (rev 298666)
+++ php/php-src/trunk/ext/phar/stream.c 2010-04-27 17:13:24 UTC (rev 298667)
@@ -117,7 +117,7 @@
{
if (error) {
if (!(options & PHP_STREAM_URL_STAT_QUIET)) {
- php_stream_wrapper_log_error(wrapper,
options TSRMLS_CC, error);
+ php_stream_wrapper_log_error(wrapper,
options TSRMLS_CC, "%s", error);
}
efree(error);
}
@@ -128,7 +128,7 @@
if (error) {
spprintf(&error, 0, "Cannot open cached phar
'%s' as writeable, copy on write failed", resource->host);
if (!(options & PHP_STREAM_URL_STAT_QUIET)) {
- php_stream_wrapper_log_error(wrapper,
options TSRMLS_CC, error);
+ php_stream_wrapper_log_error(wrapper,
options TSRMLS_CC, "%s", error);
}
efree(error);
}
@@ -140,7 +140,7 @@
{
if (error) {
if (!(options & PHP_STREAM_URL_STAT_QUIET)) {
- php_stream_wrapper_log_error(wrapper,
options TSRMLS_CC, error);
+ php_stream_wrapper_log_error(wrapper,
options TSRMLS_CC, "%s", error);
}
efree(error);
}
@@ -192,7 +192,7 @@
if (mode[0] == 'w' || (mode[0] == 'r' && mode[1] == '+')) {
if (NULL == (idata =
phar_get_or_create_entry_data(resource->host, host_len, internal_file,
strlen(internal_file), mode, 0, &error, 1 TSRMLS_CC))) {
if (error) {
- php_stream_wrapper_log_error(wrapper, options
TSRMLS_CC, error);
+ php_stream_wrapper_log_error(wrapper, options
TSRMLS_CC, "%s", error);
efree(error);
} else {
php_stream_wrapper_log_error(wrapper, options
TSRMLS_CC, "phar error: file \"%s\" could not be created in phar \"%s\"",
internal_file, resource->host);
@@ -297,7 +297,7 @@
if ((FAILURE == phar_get_entry_data(&idata, resource->host,
host_len, internal_file, strlen(internal_file), "r", 0, &error, 0 TSRMLS_CC))
|| !idata) {
idata_error:
if (error) {
- php_stream_wrapper_log_error(wrapper, options
TSRMLS_CC, error);
+ php_stream_wrapper_log_error(wrapper, options
TSRMLS_CC, "%s", error);
efree(error);
} else {
php_stream_wrapper_log_error(wrapper, options
TSRMLS_CC, "phar error: \"%s\" is not a file in phar \"%s\"", internal_file,
resource->host);
@@ -320,7 +320,7 @@
/* check length, crc32 */
if (!idata->internal_file->is_crc_checked &&
phar_postprocess_file(idata, idata->internal_file->crc32, &error, 2 TSRMLS_CC)
!= SUCCESS) {
- php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, error);
+ php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "%s",
error);
efree(error);
phar_entry_delref(idata TSRMLS_CC);
efree(internal_file);
@@ -761,7 +761,7 @@
efree(internal_file);
phar_entry_remove(idata, &error TSRMLS_CC);
if (error) {
- php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, error);
+ php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "%s",
error);
efree(error);
}
return 1;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
