tony2001 Wed Jun 21 12:43:27 2006 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/bz2 bz2.c
Log:
MFH: fix invalid read with bzopen("","") and prevent filename from being
empty (which causes endless loop somewhere is libbz2)
http://cvs.php.net/viewvc.cgi/php-src/ext/bz2/bz2.c?r1=1.14.2.3.2.1&r2=1.14.2.3.2.2&diff_format=u
Index: php-src/ext/bz2/bz2.c
diff -u php-src/ext/bz2/bz2.c:1.14.2.3.2.1 php-src/ext/bz2/bz2.c:1.14.2.3.2.2
--- php-src/ext/bz2/bz2.c:1.14.2.3.2.1 Sun Jun 11 01:42:16 2006
+++ php-src/ext/bz2/bz2.c Wed Jun 21 12:43:27 2006
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: bz2.c,v 1.14.2.3.2.1 2006/06/11 01:42:16 bjori Exp $ */
+/* $Id: bz2.c,v 1.14.2.3.2.2 2006/06/21 12:43:27 tony2001 Exp $ */
#ifdef HAVE_CONFIG_H
#include "config.h"
@@ -359,7 +359,7 @@
}
convert_to_string_ex(mode);
- if (Z_STRVAL_PP(mode)[0] != 'r' && Z_STRVAL_PP(mode)[0] != 'w' &&
Z_STRVAL_PP(mode)[1] != '\0') {
+ if (Z_STRLEN_PP(mode) != 1 || (Z_STRVAL_PP(mode)[0] != 'r' &&
Z_STRVAL_PP(mode)[0] != 'w')) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "'%s' is not a
valid mode for bzopen(). Only 'w' and 'r' are supported.", Z_STRVAL_PP(mode));
RETURN_FALSE;
}
@@ -367,6 +367,12 @@
/* If it's not a resource its a string containing the filename to open
*/
if (Z_TYPE_PP(file) != IS_RESOURCE) {
convert_to_string_ex(file);
+
+ if (Z_STRLEN_PP(file) == 0) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "filename
cannot be empty");
+ RETURN_FALSE;
+ }
+
stream = php_stream_bz2open(NULL,
Z_STRVAL_PP(file),
Z_STRVAL_PP(mode),
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
