From: benoit dot sibaud at rd dot francetelecom dot com
Operating system: Debian GNU/Linux Woody
PHP version: 4.3.4
PHP Bug Type: YP/NIS related
Bug description: Bad results in yp_first/yp_next with a Solaris NIS server
Description:
------------
YP/NIS server is a Solaris 2.7 Sparc.
PHP clients are Debian GNU/Linux Intel (several versions). (php version
4.1.2, at the beginning).
It looks like there is some problems with (non)null terminated strings in
yp_first and yp_next functions.
The following patch sanitizes the outkey in yp_first and yp_next (code
taken from yp_cat), and removes the unneeded warning from bug #12345, "[16
Oct 2002 9:14am EDT] tshort at cisco dot com"
--- php-4.3.4/ext/yp/yp.c 2003-09-26 12:13:30.000000000 +0200
+++ php-4.1.2-patched/ext/yp/yp.c 2003-11-13 09:48:32.000000000
+0100
@@ -167,7 +167,7 @@
PHP_FUNCTION(yp_first)
{
pval **domain, **map;
- char *outval, *outkey;
+ char *outval, *outkey, *goodkey;
int outvallen, outkeylen;
if((ZEND_NUM_ARGS() != 2) ||
zend_get_parameters_ex(2,&domain,&map) == FAILURE) {
@@ -182,7 +182,15 @@
RETURN_FALSE;
}
array_init(return_value);
-
add_assoc_stringl_ex(return_value,outkey,outkeylen,outval,outvallen,1);
+ goodkey = emalloc(outkeylen+1);
+ if(goodkey) {
+ strlcpy(goodkey, outkey, outkeylen+1);
+ add_assoc_stringl_ex(return_value, goodkey, outkeylen+1,
outval, outvallen, 1);
+ efree(goodkey);
+ } else {
+ php_error(E_WARNING, "Can't allocate %d bytes for key
buffer in yp_next()", outkeylen+1);
+ }
+/*
add_assoc_stringl_ex(return_value,outkey,outkeylen,outval,outvallen,1);*/
/* Deprecated */
add_assoc_stringl(return_value,"key",outkey,outkeylen,1);
@@ -195,7 +203,7 @@
PHP_FUNCTION(yp_next)
{
pval **domain, **map, **key;
- char *outval, *outkey;
+ char *outval, *outkey, *goodkey;
int outvallen, outkeylen;
if((ZEND_NUM_ARGS() != 3) ||
zend_get_parameters_ex(3,&domain,&map,&key) == FAILURE) {
@@ -207,12 +215,20 @@
convert_to_string_ex(key);
if((YP(error) = yp_next(Z_STRVAL_PP (domain), Z_STRVAL_PP (map),
Z_STRVAL_PP (key), Z_STRLEN_PP (key), &outkey, &outkeylen, &outval,
&outvallen))) {
- php_error(E_WARNING, yperr_string (YP(error)));
+ /*php_error(E_WARNING, yperr_string (YP(error)));*/
RETURN_FALSE;
}
array_init(return_value);
-
add_assoc_stringl_ex(return_value,outkey,outkeylen,outval,outvallen,1);
+ goodkey = emalloc(outkeylen+1);
+ if(goodkey) {
+ strlcpy(goodkey, outkey, outkeylen+1);
+ add_assoc_stringl_ex(return_value, goodkey, outkeylen+1,
outval, outvallen, 1);
+ efree(goodkey);
+ } else {
+ php_error(E_WARNING, "Can't allocate %d bytes for key
buffer in yp_next()", outkeylen+1);
+ }
+/*
add_assoc_stringl_ex(return_value,outkey,outkeylen,outval,outvallen,1);
*/
}
/* }}} */
Reproduce code:
---------------
<?php
$entry = yp_first($domain, $map);
$key = $entry ["key"];
echo "key #" . $key . "# value #" . $entry["value"]."#\n";
while ($entry) {
$entry = yp_next($domain, $map, $key);
if ($entry) {
$key = key ($entry);
$yplist[$key] = $entry[$key];
echo "key #" . $key . "# value #" . $entry[$key]."#\n";
}
}
?>
Expected result:
----------------
### With PHP 3.0.18 (from Debian GNU/Linux Woody), this script works.
key #goodkey1# value #goodvalue1#
key #goodkey2# value #goodvalue2#
(...)
key #goodkey3# value #goodvalue3#
### With PHP 4.1.2 (from Debian GNU/Linux Woody) + php-4.3.4/ext/yp/yp.c +
patch
It works.
Actual result:
--------------
### With PHP 4.1.2 (from Debian GNU/Linux Woody), this script fails.
key #goodkey1# value #goodvalue1#
key #goodkey2# value ##
(...)
key #goodkey3# value ##
<br />
<b>Warning</b>: No more records in map database in <b>foobar.php</b> on
line <b>11</b><br />
Debug with serialization and print_r:
a:3:{s:7:"goodkey1_without_last_char";s:99:"goodvalue1";s:3:"key";s:8:"goodkey1";s:5:"value";s:99:"goodvalue1";}
Array
(
[goodkey1+garbage] => goodvalue1
[key] => goodkey1
[value] => goodvalue1
)
key #goodkey1# value #goodvalue1#
a:1:{s:7:"goodkey2_without_last_char";s:93:"goodvalue2";}
Array
(
[goodkey2+garbage] => goodvalue2
)
key #goodkey2# value ##
### With PHP 4.1.2 (from Debian GNU/Linux Woody) + php-4.3.4/ext/yp/yp.c
(I believe it's equivalent to a full PHP 4.3.4 for this test)
Same wrong results.
--
Edit bug report at http://bugs.php.net/?id=26235&edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=26235&r=trysnapshot4
Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=26235&r=trysnapshot5
Fixed in CVS: http://bugs.php.net/fix.php?id=26235&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=26235&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=26235&r=needtrace
Try newer version: http://bugs.php.net/fix.php?id=26235&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=26235&r=support
Expected behavior: http://bugs.php.net/fix.php?id=26235&r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=26235&r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=26235&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=26235&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=26235&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=26235&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=26235&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=26235&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=26235&r=float
