iliaa Thu Aug 10 14:40:13 2006 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/standard string.c
/php-src/ext/curl interface.c streams.c
Log:
Fixed overflow on 64bit systems in str_repeat() and wordwrap().
Disabled CURLOPT_FOLLOWLOCATION in curl when open_basedir or safe_mode are
enabled.
# Patches by Stefan E.
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.10&r2=1.445.2.14.2.11&diff_format=u
Index: php-src/ext/standard/string.c
diff -u php-src/ext/standard/string.c:1.445.2.14.2.10
php-src/ext/standard/string.c:1.445.2.14.2.11
--- php-src/ext/standard/string.c:1.445.2.14.2.10 Tue Aug 8 10:22:25 2006
+++ php-src/ext/standard/string.c Thu Aug 10 14:40:12 2006
@@ -18,7 +18,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: string.c,v 1.445.2.14.2.10 2006/08/08 10:22:25 tony2001 Exp $ */
+/* $Id: string.c,v 1.445.2.14.2.11 2006/08/10 14:40:12 iliaa Exp $ */
/* Synced with php 3.0 revision 1.193 1999-06-16 [ssb] */
@@ -634,7 +634,8 @@
{
const char *text, *breakchar = "\n";
char *newtext;
- int textlen, breakcharlen = 1, newtextlen, alloced, chk;
+ int textlen, breakcharlen = 1, newtextlen, chk;
+ size_t alloced;
long current = 0, laststart = 0, lastspace = 0;
long linelength = 75;
zend_bool docut = 0;
@@ -4265,7 +4266,7 @@
zval **input_str; /* Input string */
zval **mult; /* Multiplier */
char *result; /* Resulting string */
- int result_len; /* Length of the resulting
string */
+ size_t result_len; /* Length of the resulting
string */
if (ZEND_NUM_ARGS() != 2 || zend_get_parameters_ex(2, &input_str,
&mult) == FAILURE) {
WRONG_PARAM_COUNT;
@@ -4290,11 +4291,7 @@
/* Initialize the result string */
result_len = Z_STRLEN_PP(input_str) * Z_LVAL_PP(mult);
- if (result_len < 1 || result_len > 2147483647) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "You may not create
strings longer than 2147483647 bytes");
- RETURN_FALSE;
- }
- result = (char *)emalloc(result_len + 1);
+ result = (char *)safe_emalloc(Z_STRLEN_PP(input_str), Z_LVAL_PP(mult),
1);
/* Heavy optimization for situations where input string is 1 byte long
*/
if (Z_STRLEN_PP(input_str) == 1) {
http://cvs.php.net/viewvc.cgi/php-src/ext/curl/interface.c?r1=1.62.2.14.2.6&r2=1.62.2.14.2.7&diff_format=u
Index: php-src/ext/curl/interface.c
diff -u php-src/ext/curl/interface.c:1.62.2.14.2.6
php-src/ext/curl/interface.c:1.62.2.14.2.7
--- php-src/ext/curl/interface.c:1.62.2.14.2.6 Tue Jul 4 20:12:38 2006
+++ php-src/ext/curl/interface.c Thu Aug 10 14:40:13 2006
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: interface.c,v 1.62.2.14.2.6 2006/07/04 20:12:38 iliaa Exp $ */
+/* $Id: interface.c,v 1.62.2.14.2.7 2006/08/10 14:40:13 iliaa Exp $ */
#define ZEND_INCLUDE_FULL_WINDOWS_HEADERS
@@ -1168,7 +1168,6 @@
case CURLOPT_FTPLISTONLY:
case CURLOPT_FTPAPPEND:
case CURLOPT_NETRC:
- case CURLOPT_FOLLOWLOCATION:
case CURLOPT_PUT:
#if CURLOPT_MUTE != 0
case CURLOPT_MUTE:
@@ -1219,6 +1218,16 @@
convert_to_long_ex(zvalue);
error = curl_easy_setopt(ch->cp, option,
Z_LVAL_PP(zvalue));
break;
+ case CURLOPT_FOLLOWLOCATION:
+ convert_to_long_ex(zvalue);
+ if ((PG(open_basedir) && *PG(open_basedir)) ||
PG(safe_mode)) {
+ if (Z_LVAL_PP(zvalue) != 0) {
+ php_error_docref(NULL TSRMLS_CC,
E_WARNING, "CURLOPT_FOLLOWLOCATION cannot be activated when in safe_mode or an
open_basedir is set");
+ RETURN_FALSE;
+ }
+ }
+ error = curl_easy_setopt(ch->cp, option,
Z_LVAL_PP(zvalue));
+ break;
case CURLOPT_URL:
case CURLOPT_PROXY:
case CURLOPT_USERPWD:
http://cvs.php.net/viewvc.cgi/php-src/ext/curl/streams.c?r1=1.14.2.2.2.3&r2=1.14.2.2.2.4&diff_format=u
Index: php-src/ext/curl/streams.c
diff -u php-src/ext/curl/streams.c:1.14.2.2.2.3
php-src/ext/curl/streams.c:1.14.2.2.2.4
--- php-src/ext/curl/streams.c:1.14.2.2.2.3 Tue Aug 1 13:28:03 2006
+++ php-src/ext/curl/streams.c Thu Aug 10 14:40:13 2006
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: streams.c,v 1.14.2.2.2.3 2006/08/01 13:28:03 tony2001 Exp $ */
+/* $Id: streams.c,v 1.14.2.2.2.4 2006/08/10 14:40:13 iliaa Exp $ */
/* This file implements cURL based wrappers.
* NOTE: If you are implementing your own streams that are intended to
@@ -349,11 +349,19 @@
}
}
if (mr > 1) {
- curl_easy_setopt(curlstream->curl,
CURLOPT_FOLLOWLOCATION, 1L);
+ if ((PG(open_basedir) && *PG(open_basedir)) ||
PG(safe_mode)) {
+ curl_easy_setopt(curlstream->curl,
CURLOPT_FOLLOWLOCATION, 1);
+ } else {
+ curl_easy_setopt(curlstream->curl,
CURLOPT_FOLLOWLOCATION, 0);
+ }
curl_easy_setopt(curlstream->curl,
CURLOPT_MAXREDIRS, mr);
}
} else {
- curl_easy_setopt(curlstream->curl,
CURLOPT_FOLLOWLOCATION, 1L);
+ if ((PG(open_basedir) && *PG(open_basedir)) ||
PG(safe_mode)) {
+ curl_easy_setopt(curlstream->curl,
CURLOPT_FOLLOWLOCATION, 1);
+ } else {
+ curl_easy_setopt(curlstream->curl,
CURLOPT_FOLLOWLOCATION, 0);
+ }
curl_easy_setopt(curlstream->curl, CURLOPT_MAXREDIRS,
20L);
}
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
