standard basic_functions.c

Jani Taskinen Thu, 21 Apr 2005 07:46:16 -0700

sniper          Thu Apr 21 10:45:55 2005 EDT

  Modified files:              (Branch: PHP_5_0)
    /php-src/ext/standard       basic_functions.c 
  Log:
  MFH: - Fixed bug #32647 (Using register_shutdown_function() with invalid 
callback can crash PHP)
  
http://cvs.php.net/diff.php/php-src/ext/standard/basic_functions.c?r1=1.673.2.14&r2=1.673.2.15&ty=u
Index: php-src/ext/standard/basic_functions.c
diff -u php-src/ext/standard/basic_functions.c:1.673.2.14 
php-src/ext/standard/basic_functions.c:1.673.2.15
--- php-src/ext/standard/basic_functions.c:1.673.2.14   Wed Apr  6 10:21:02 2005
+++ php-src/ext/standard/basic_functions.c      Thu Apr 21 10:45:55 2005
@@ -17,7 +17,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: basic_functions.c,v 1.673.2.14 2005/04/06 14:21:02 iliaa Exp $ */
+/* $Id: basic_functions.c,v 1.673.2.15 2005/04/21 14:45:55 sniper Exp $ */
 
 #include "php.h"
 #include "php_streams.h"
@@ -2102,17 +2102,21 @@
 static int user_shutdown_function_call(php_shutdown_function_entry 
*shutdown_function_entry TSRMLS_DC)
 {
        zval retval;
+       char *function_name = NULL;
 
-       if (call_user_function( EG(function_table), NULL,
-                                                       
shutdown_function_entry->arguments[0],
-                                                       &retval, 
-                                                       
shutdown_function_entry->arg_count - 1,
-                                                       
shutdown_function_entry->arguments + 1 
-                                                       TSRMLS_CC ) == SUCCESS 
) {
+       if (!zend_is_callable(shutdown_function_entry->arguments[0], 0, 
&function_name)) {
+               php_error(E_WARNING, "(Registered shutdown functions) Unable to 
call %s() - function does not exist", function_name);
+       } else if (call_user_function(EG(function_table), NULL,
+                                                               
shutdown_function_entry->arguments[0],
+                                                               &retval, 
+                                                               
shutdown_function_entry->arg_count - 1,
+                                                               
shutdown_function_entry->arguments + 1 
+                                                               TSRMLS_CC ) == 
SUCCESS)
+       {
                zval_dtor(&retval);
-
-       } else {
-               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to call 
%s() - function does not exist", 
Z_STRVAL_P(shutdown_function_entry->arguments[0]));
+       } 
+       if (function_name) {
+               efree(function_name);
        }
        return 0;
 }
@@ -2205,6 +2209,7 @@
 PHP_FUNCTION(register_shutdown_function)
 {
        php_shutdown_function_entry shutdown_function_entry;
+       char *function_name = NULL;
        int i;
 
        shutdown_function_entry.arg_count = ZEND_NUM_ARGS();
@@ -2213,26 +2218,31 @@
                WRONG_PARAM_COUNT;
        }
 
-       shutdown_function_entry.arguments = (pval **) safe_emalloc(sizeof(pval 
*), shutdown_function_entry.arg_count, 0);
+       shutdown_function_entry.arguments = (zval **) safe_emalloc(sizeof(zval 
*), shutdown_function_entry.arg_count, 0);
 
        if (zend_get_parameters_array(ht, shutdown_function_entry.arg_count, 
shutdown_function_entry.arguments) == FAILURE) {
                RETURN_FALSE;
        }
        
-       /* Prevent entering of anything but arrays/strings */
-       if (Z_TYPE_P(shutdown_function_entry.arguments[0]) != IS_ARRAY) {
-               convert_to_string(shutdown_function_entry.arguments[0]);
-       }
-       
-       if (!BG(user_shutdown_function_names)) {
-               ALLOC_HASHTABLE(BG(user_shutdown_function_names));
-               zend_hash_init(BG(user_shutdown_function_names), 0, NULL, (void 
(*)(void *)) user_shutdown_function_dtor, 0);
-       }
+       /* Prevent entering of anything but valid callback (syntax check only!) 
*/
+       if (!zend_is_callable(shutdown_function_entry.arguments[0], 1, 
&function_name)) {
+               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid shutdown 
callback '%s' passed", function_name);
+               efree(shutdown_function_entry.arguments);
+               RETVAL_FALSE;
+       } else {
+               if (!BG(user_shutdown_function_names)) {
+                       ALLOC_HASHTABLE(BG(user_shutdown_function_names));
+                       zend_hash_init(BG(user_shutdown_function_names), 0, 
NULL, (void (*)(void *)) user_shutdown_function_dtor, 0);
+               }
 
-       for (i = 0; i < shutdown_function_entry.arg_count; i++) {
-               shutdown_function_entry.arguments[i]->refcount++;
+               for (i = 0; i < shutdown_function_entry.arg_count; i++) {
+                       shutdown_function_entry.arguments[i]->refcount++;
+               }
+               zend_hash_next_index_insert(BG(user_shutdown_function_names), 
&shutdown_function_entry, sizeof(php_shutdown_function_entry), NULL);
+       }
+       if (function_name) {
+               efree(function_name);
        }
-       zend_hash_next_index_insert(BG(user_shutdown_function_names), 
&shutdown_function_entry, sizeof(php_shutdown_function_entry), NULL);
 }
 /* }}} */


-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-CVS] cvs: php-src(PHP_5_0) /ext/standard basic_functions.c

Reply via email to