dmitry Thu, 13 May 2010 08:34:06 +0000
Revision: http://svn.php.net/viewvc?view=revision&revision=299328
Log:
Fixed a possible resource destruction issues in shm_put_var()
Changed paths:
U php/php-src/branches/PHP_5_3/NEWS
U php/php-src/branches/PHP_5_3/ext/sysvshm/sysvshm.c
U php/php-src/trunk/ext/sysvshm/sysvshm.c
Modified: php/php-src/branches/PHP_5_3/NEWS
===================================================================
--- php/php-src/branches/PHP_5_3/NEWS 2010-05-13 08:09:54 UTC (rev 299327)
+++ php/php-src/branches/PHP_5_3/NEWS 2010-05-13 08:34:06 UTC (rev 299328)
@@ -23,6 +23,8 @@
- Fixed very rare memory leak in mysqlnd, when binding thousands of columns.
(Andrey)
+- Fixed a possible resource destruction issues in shm_put_var()
+ Reported by Stefan Esser (Dmitry)
- Fixed a possible information leak because of interruption of XOR operator.
Reported by Stefan Esser (Dmitry)
- Fixed a possible memory corruption because of unexpected call-time pass by
Modified: php/php-src/branches/PHP_5_3/ext/sysvshm/sysvshm.c
===================================================================
--- php/php-src/branches/PHP_5_3/ext/sysvshm/sysvshm.c 2010-05-13 08:09:54 UTC
(rev 299327)
+++ php/php-src/branches/PHP_5_3/ext/sysvshm/sysvshm.c 2010-05-13 08:34:06 UTC
(rev 299328)
@@ -251,13 +251,18 @@
if (SUCCESS != zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rlz",
&shm_id, &shm_key, &arg_var)) {
return;
}
- SHM_FETCH_RESOURCE(shm_list_ptr, shm_id);
/* setup string-variable and serialize */
PHP_VAR_SERIALIZE_INIT(var_hash);
php_var_serialize(&shm_var, &arg_var, &var_hash TSRMLS_CC);
PHP_VAR_SERIALIZE_DESTROY(var_hash);
+ shm_list_ptr = zend_fetch_resource(&shm_id TSRMLS_CC, -1,
PHP_SHM_RSRC_NAME, NULL, 1, php_sysvshm.le_shm);
+ if (!shm_list_ptr) {
+ smart_str_free(&shm_var);
+ RETURN_FALSE;
+ }
+
/* insert serialized variable into shared memory */
ret = php_put_shm_data(shm_list_ptr->ptr, shm_key, shm_var.c,
shm_var.len);
Modified: php/php-src/trunk/ext/sysvshm/sysvshm.c
===================================================================
--- php/php-src/trunk/ext/sysvshm/sysvshm.c 2010-05-13 08:09:54 UTC (rev
299327)
+++ php/php-src/trunk/ext/sysvshm/sysvshm.c 2010-05-13 08:34:06 UTC (rev
299328)
@@ -251,13 +251,18 @@
if (SUCCESS != zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rlz",
&shm_id, &shm_key, &arg_var)) {
return;
}
- SHM_FETCH_RESOURCE(shm_list_ptr, shm_id);
/* setup string-variable and serialize */
PHP_VAR_SERIALIZE_INIT(var_hash);
php_var_serialize(&shm_var, &arg_var, &var_hash TSRMLS_CC);
PHP_VAR_SERIALIZE_DESTROY(var_hash);
+ shm_list_ptr = zend_fetch_resource(&shm_id TSRMLS_CC, -1,
PHP_SHM_RSRC_NAME, NULL, 1, php_sysvshm.le_shm);
+ if (!shm_list_ptr) {
+ smart_str_free(&shm_var);
+ RETURN_FALSE;
+ }
+
/* insert serialized variable into shared memory */
ret = php_put_shm_data(shm_list_ptr->ptr, shm_key, shm_var.c,
shm_var.len);
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
