ID: 26235 Updated by: [EMAIL PROTECTED] Reported By: benoit dot sibaud at rd dot francetelecom dot com -Status: Open +Status: Closed Bug Type: YP/NIS related Operating System: Debian GNU/Linux Woody PHP Version: 4.3.4 New Comment:
This bug has been fixed in CVS. In case this was a PHP problem, snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. In case this was a documentation problem, the fix will show up soon at http://www.php.net/manual/. In case this was a PHP.net website problem, the change will show up on the PHP.net site and on the mirror sites in short time. Thank you for the report, and for helping us make PHP better. Previous Comments: ------------------------------------------------------------------------ [2003-11-13 05:56:38] benoit dot sibaud at rd dot francetelecom dot com Description: ------------ YP/NIS server is a Solaris 2.7 Sparc. PHP clients are Debian GNU/Linux Intel (several versions). (php version 4.1.2, at the beginning). It looks like there is some problems with (non)null terminated strings in yp_first and yp_next functions. The following patch sanitizes the outkey in yp_first and yp_next (code taken from yp_cat), and removes the unneeded warning from bug #12345, "[16 Oct 2002 9:14am EDT] tshort at cisco dot com" --- php-4.3.4/ext/yp/yp.c 2003-09-26 12:13:30.000000000 +0200 +++ php-4.1.2-patched/ext/yp/yp.c 2003-11-13 09:48:32.000000000 +0100 @@ -167,7 +167,7 @@ PHP_FUNCTION(yp_first) { pval **domain, **map; - char *outval, *outkey; + char *outval, *outkey, *goodkey; int outvallen, outkeylen; if((ZEND_NUM_ARGS() != 2) || zend_get_parameters_ex(2,&domain,&map) == FAILURE) { @@ -182,7 +182,15 @@ RETURN_FALSE; } array_init(return_value); - add_assoc_stringl_ex(return_value,outkey,outkeylen,outval,outvallen,1); + goodkey = emalloc(outkeylen+1); + if(goodkey) { + strlcpy(goodkey, outkey, outkeylen+1); + add_assoc_stringl_ex(return_value, goodkey, outkeylen+1, outval, outvallen, 1); + efree(goodkey); + } else { + php_error(E_WARNING, "Can't allocate %d bytes for key buffer in yp_next()", outkeylen+1); + } +/* add_assoc_stringl_ex(return_value,outkey,outkeylen,outval,outvallen,1);*/ /* Deprecated */ add_assoc_stringl(return_value,"key",outkey,outkeylen,1); @@ -195,7 +203,7 @@ PHP_FUNCTION(yp_next) { pval **domain, **map, **key; - char *outval, *outkey; + char *outval, *outkey, *goodkey; int outvallen, outkeylen; if((ZEND_NUM_ARGS() != 3) || zend_get_parameters_ex(3,&domain,&map,&key) == FAILURE) { @@ -207,12 +215,20 @@ convert_to_string_ex(key); if((YP(error) = yp_next(Z_STRVAL_PP (domain), Z_STRVAL_PP (map), Z_STRVAL_PP (key), Z_STRLEN_PP (key), &outkey, &outkeylen, &outval, &outvallen))) { - php_error(E_WARNING, yperr_string (YP(error))); + /*php_error(E_WARNING, yperr_string (YP(error)));*/ RETURN_FALSE; } array_init(return_value); - add_assoc_stringl_ex(return_value,outkey,outkeylen,outval,outvallen,1); + goodkey = emalloc(outkeylen+1); + if(goodkey) { + strlcpy(goodkey, outkey, outkeylen+1); + add_assoc_stringl_ex(return_value, goodkey, outkeylen+1, outval, outvallen, 1); + efree(goodkey); + } else { + php_error(E_WARNING, "Can't allocate %d bytes for key buffer in yp_next()", outkeylen+1); + } +/* add_assoc_stringl_ex(return_value,outkey,outkeylen,outval,outvallen,1); */ } /* }}} */ Reproduce code: --------------- <?php $entry = yp_first($domain, $map); $key = $entry ["key"]; echo "key #" . $key . "# value #" . $entry["value"]."#\n"; while ($entry) { $entry = yp_next($domain, $map, $key); if ($entry) { $key = key ($entry); $yplist[$key] = $entry[$key]; echo "key #" . $key . "# value #" . $entry[$key]."#\n"; } } ?> Expected result: ---------------- ### With PHP 3.0.18 (from Debian GNU/Linux Woody), this script works. key #goodkey1# value #goodvalue1# key #goodkey2# value #goodvalue2# (...) key #goodkey3# value #goodvalue3# ### With PHP 4.1.2 (from Debian GNU/Linux Woody) + php-4.3.4/ext/yp/yp.c + patch It works. Actual result: -------------- ### With PHP 4.1.2 (from Debian GNU/Linux Woody), this script fails. key #goodkey1# value #goodvalue1# key #goodkey2# value ## (...) key #goodkey3# value ## <br /> <b>Warning</b>: No more records in map database in <b>foobar.php</b> on line <b>11</b><br /> Debug with serialization and print_r: a:3:{s:7:"goodkey1_without_last_char";s:99:"goodvalue1";s:3:"key";s:8:"goodkey1";s:5:"value";s:99:"goodvalue1";} Array ( [goodkey1+garbage] => goodvalue1 [key] => goodkey1 [value] => goodvalue1 ) key #goodkey1# value #goodvalue1# a:1:{s:7:"goodkey2_without_last_char";s:93:"goodvalue2";} Array ( [goodkey2+garbage] => goodvalue2 ) key #goodkey2# value ## ### With PHP 4.1.2 (from Debian GNU/Linux Woody) + php-4.3.4/ext/yp/yp.c (I believe it's equivalent to a full PHP 4.3.4 for this test) Same wrong results. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=26235&edit=1
