Re: [PHP-CVS] cvs: php4 /ext/ftp ftp.c ftp.h php_ftp.c

Mon, 03 Feb 2003 07:46:04 -0800 

Being a bit late here, but why don't you use spprintf() instead of 
emalloc() and sprintf combo?

Moriyoshi

"Sara Golemon" <[EMAIL PROTECTED]> wrote:

> pollita               Mon Jan 27 14:51:51 2003 EDT
> 
>   Modified files:              
>     /php4/ext/ftp     php_ftp.c ftp.h ftp.c 
>   Log:
>   Fix potential buffer overflow.
>   
>   
> Index: php4/ext/ftp/php_ftp.c
> diff -u php4/ext/ftp/php_ftp.c:1.80 php4/ext/ftp/php_ftp.c:1.81
> --- php4/ext/ftp/php_ftp.c:1.80       Sun Jan 26 21:54:12 2003
> +++ php4/ext/ftp/php_ftp.c    Mon Jan 27 14:51:50 2003
> @@ -17,7 +17,7 @@
>     +----------------------------------------------------------------------+
>   */
>  
> -/* $Id: php_ftp.c,v 1.80 2003/01/27 02:54:12 pollita Exp $ */
> +/* $Id: php_ftp.c,v 1.81 2003/01/27 19:51:50 pollita Exp $ */
>  
>  #ifdef HAVE_CONFIG_H
>  #include "config.h"
> @@ -396,7 +396,7 @@
>  
>       ZEND_FETCH_RESOURCE(ftp, ftpbuf_t*, &z_ftp, -1, le_ftpbuf_name, le_ftpbuf);
>  
> -     if (!ftp_chmod(ftp, mode, filename)) {
> +     if (!ftp_chmod(ftp, mode, filename, filename_len)) {
>               php_error_docref(NULL TSRMLS_CC, E_WARNING, "%s", ftp->inbuf);
>               RETURN_FALSE;
>       }
> Index: php4/ext/ftp/ftp.h
> diff -u php4/ext/ftp/ftp.h:1.34 php4/ext/ftp/ftp.h:1.35
> --- php4/ext/ftp/ftp.h:1.34   Sun Jan 26 21:54:12 2003
> +++ php4/ext/ftp/ftp.h        Mon Jan 27 14:51:50 2003
> @@ -17,7 +17,7 @@
>     +----------------------------------------------------------------------+
>   */
>  
> -/* $Id: ftp.h,v 1.34 2003/01/27 02:54:12 pollita Exp $ */
> +/* $Id: ftp.h,v 1.35 2003/01/27 19:51:50 pollita Exp $ */
>  
>  #ifndef      FTP_H
>  #define      FTP_H
> @@ -136,7 +136,7 @@
>  int          ftp_rmdir(ftpbuf_t *ftp, const char *dir);
>  
>  /* Set permissions on a file */
> -int          ftp_chmod(ftpbuf_t *ftp, const int mode, const char *filename);
> +int          ftp_chmod(ftpbuf_t *ftp, const int mode, const char *filename, const 
>int filename_len);
>  
>  /* returns a NULL-terminated array of filenames in the given path
>   * or NULL on error.  the return array must be freed (but don't
> Index: php4/ext/ftp/ftp.c
> diff -u php4/ext/ftp/ftp.c:1.74 php4/ext/ftp/ftp.c:1.75
> --- php4/ext/ftp/ftp.c:1.74   Sun Jan 26 21:54:12 2003
> +++ php4/ext/ftp/ftp.c        Mon Jan 27 14:51:50 2003
> @@ -17,7 +17,7 @@
>     +----------------------------------------------------------------------+
>   */
>  
> -/* $Id: ftp.c,v 1.74 2003/01/27 02:54:12 pollita Exp $ */
> +/* $Id: ftp.c,v 1.75 2003/01/27 19:51:50 pollita Exp $ */
>  
>  #include "php.h"
>  
> @@ -538,23 +538,31 @@
>  /* {{{ ftp_chmod
>   */
>  int
> -ftp_chmod(ftpbuf_t *ftp, const int mode, const char *filename)
> +ftp_chmod(ftpbuf_t *ftp, const int mode, const char *filename, const int 
>filename_len)
>  {
> -     char buffer[1024];
> +     char *buffer;
>  
> -     if (ftp == NULL) {
> +     if (ftp == NULL || filename_len <= 0) {
> +             return 0;
> +     }
> +
> +     if (!(buffer = emalloc(32 + filename_len + 1))) {
>               return 0;
>       }
>  
>       sprintf(buffer, "CHMOD %o %s", mode, filename);
>  
>       if (!ftp_putcmd(ftp, "SITE", buffer)) {
> +             efree(buffer);
>               return 0;
>       }
>  
> +     efree(buffer);
> +
>       if (!ftp_getresp(ftp) || ftp->resp != 200) {
>               return 0;
>       }
> +     
>       return 1;
>  }
>  /* }}} */
> 
> 
> 
> -- 
> PHP CVS Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 


-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to