tony2001 Wed Oct 11 12:53:38 2006 UTC
Added files:
/php-src/ext/standard/tests/file stream_002.phpt
Modified files:
/php-src/main/streams xp_socket.c
Log:
fix crash when parsing invalid hostnames/IPs
http://cvs.php.net/viewvc.cgi/php-src/main/streams/xp_socket.c?r1=1.36&r2=1.37&diff_format=u
Index: php-src/main/streams/xp_socket.c
diff -u php-src/main/streams/xp_socket.c:1.36
php-src/main/streams/xp_socket.c:1.37
--- php-src/main/streams/xp_socket.c:1.36 Tue Sep 19 10:38:31 2006
+++ php-src/main/streams/xp_socket.c Wed Oct 11 12:53:38 2006
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: xp_socket.c,v 1.36 2006/09/19 10:38:31 dmitry Exp $ */
+/* $Id: xp_socket.c,v 1.37 2006/10/11 12:53:38 tony2001 Exp $ */
#include "php.h"
#include "ext/standard/file.h"
@@ -495,7 +495,7 @@
#ifdef HAVE_IPV6
char *p;
- if (*(str) == '[') {
+ if (*(str) == '[' && str_len > 1) {
/* IPV6 notation to specify raw address with port (i.e.
[fe80::1]:80) */
p = memchr(str + 1, ']', str_len - 2);
if (!p || *(p + 1) != ':') {
@@ -508,8 +508,11 @@
return estrndup(str + 1, p - str - 1);
}
#endif
-
- colon = memchr(str, ':', str_len - 1);
+ if (str_len) {
+ colon = memchr(str, ':', str_len - 1);
+ } else {
+ colon = NULL;
+ }
if (colon) {
*portno = atoi(colon + 1);
host = estrndup(str, colon - str);
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/tests/file/stream_002.phpt?view=markup&rev=1.1
Index: php-src/ext/standard/tests/file/stream_002.phpt
+++ php-src/ext/standard/tests/file/stream_002.phpt
--TEST--
stream_socket_client() and invalid arguments
--FILE--
<?php
$a = NULL;
$b = NULL;
var_dump(stream_socket_client("", $a, $b));
var_dump($a, $b);
var_dump(stream_socket_client("[", $a, $b));
var_dump($a, $b);
var_dump(stream_socket_client("[ ", $a, $b));
var_dump($a, $b);
var_dump(stream_socket_client(".", $a, $b));
var_dump($a, $b);
var_dump(stream_socket_client(1, $a, $b));
var_dump($a, $b);
var_dump(stream_socket_client(array(), $a, $b));
var_dump($a, $b);
echo "Done\n";
?>
--EXPECTF--
Warning: stream_socket_client(): unable to connect to (Failed to parse address
"") in %s on line %d
bool(false)
int(0)
string(26) "Failed to parse address """
Warning: stream_socket_client(): unable to connect to [ (Failed to parse
address "[") in %s on line %d
bool(false)
int(0)
string(27) "Failed to parse address "[""
Warning: stream_socket_client(): unable to connect to [ (Failed to parse IPv6
address "[ ") in %s on line %d
bool(false)
int(0)
string(33) "Failed to parse IPv6 address "[ ""
Warning: stream_socket_client(): unable to connect to . (Failed to parse
address ".") in %s on line %d
bool(false)
int(0)
string(27) "Failed to parse address ".""
Warning: stream_socket_client(): unable to connect to 1 (Failed to parse
address "1") in %s on line %d
bool(false)
int(0)
string(27) "Failed to parse address "1""
Warning: stream_socket_client() expects parameter 1 to be string, array given
in %s on line %d
bool(false)
int(0)
string(27) "Failed to parse address "1""
Done
--UEXPECTF--
Warning: stream_socket_client(): unable to connect to (Failed to parse address
"") in %s on line %d
bool(false)
int(0)
unicode(26) "Failed to parse address """
Warning: stream_socket_client(): unable to connect to [ (Failed to parse
address "[") in %s on line %d
bool(false)
int(0)
unicode(27) "Failed to parse address "[""
Warning: stream_socket_client(): unable to connect to [ (Failed to parse IPv6
address "[ ") in %s on line %d
bool(false)
int(0)
unicode(33) "Failed to parse IPv6 address "[ ""
Warning: stream_socket_client(): unable to connect to . (Failed to parse
address ".") in %s on line %d
bool(false)
int(0)
unicode(27) "Failed to parse address ".""
Warning: stream_socket_client(): unable to connect to 1 (Failed to parse
address "1") in %s on line %d
bool(false)
int(0)
unicode(27) "Failed to parse address "1""
Warning: stream_socket_client() expects parameter 1 to be binary string, array
given in %s on line %d
bool(false)
int(0)
unicode(27) "Failed to parse address "1""
Done
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
