[PHP-CVS] cvs: php4(PHP_4_3) /ext/sockets sockets.c

Tue, 25 Mar 2003 10:29:15 -0800 

rasmus          Tue Mar 25 14:26:18 2003 EDT

  Modified files:              (Branch: PHP_4_3)
    /php4/ext/sockets   sockets.c 
  Log:
  Make sure we never pass a negative arg to emalloc
  (once again, this API needs to be fixed, so this is just for 4.3)
  
  
Index: php4/ext/sockets/sockets.c
diff -u php4/ext/sockets/sockets.c:1.125.2.7 php4/ext/sockets/sockets.c:1.125.2.8
--- php4/ext/sockets/sockets.c:1.125.2.7        Tue Mar 25 10:54:26 2003
+++ php4/ext/sockets/sockets.c  Tue Mar 25 14:26:18 2003
@@ -19,7 +19,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: sockets.c,v 1.125.2.7 2003/03/25 15:54:26 rasmus Exp $ */
+/* $Id: sockets.c,v 1.125.2.8 2003/03/25 19:26:18 rasmus Exp $ */
 
 #ifdef HAVE_CONFIG_H
 #include "config.h"
@@ -781,6 +781,7 @@
        if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rl|l", &arg1, &length, 
&type) == FAILURE)
                return;
 
+       if(length<0) RETURN_FALSE;
        tmpbuf = emalloc(length + 1);
        
        ZEND_FETCH_RESOURCE(php_sock, php_socket *, &arg1, -1, le_socket_name, 
le_socket);
@@ -1120,9 +1121,11 @@
 
        for (i = 0, j = 1; i < num_vectors; i++, j++) {
                convert_to_long_ex(args[j]);
-               
-               vector_array[i].iov_base        = (char*)emalloc(Z_LVAL_PP(args[j]));
-               vector_array[i].iov_len         = Z_LVAL_PP(args[j]);
+       
+               if(Z_LVAL_PP(args[j])>0) {
+                       vector_array[i].iov_base        = 
(char*)emalloc(Z_LVAL_PP(args[j]));
+                       vector_array[i].iov_len         = Z_LVAL_PP(args[j]);
+               }
        }
        
        efree(args);
@@ -1330,6 +1333,8 @@
        if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rzll", &php_sock_res, 
&buf, &len, &flags) == FAILURE)
                return;
 
+       if(len<0) RETURN_FALSE;
+
        ZEND_FETCH_RESOURCE(php_sock, php_socket *, &php_sock_res, -1, le_socket_name, 
le_socket);
 
        recv_buf = emalloc(len + 1);
@@ -1404,6 +1409,8 @@
 
        ZEND_FETCH_RESOURCE(php_sock, php_socket *, &arg1, -1, le_socket_name, 
le_socket);
 
+       if(arg3<0) RETURN_FALSE;
+
        recv_buf = emalloc(arg3 + 2);
        memset(recv_buf, 0, arg3 + 2);
        
@@ -1539,6 +1546,8 @@
 
        if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rrzzzz|z", &arg1, &arg2, 
&arg3, &arg4, &arg5, &arg6, &arg7) == FAILURE)
                return;
+
+       if(Z_LVAL_P(arg4)<0) RETURN_FALSE;
 
        ZEND_FETCH_RESOURCE(php_sock, php_socket *, &arg1, -1, le_socket_name, 
le_socket);
        ZEND_FETCH_RESOURCE(iov, php_iovec_t *, &arg2, -1, le_iov_name, le_iov);



-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to