sixd Tue, 16 Nov 2010 19:33:31 +0000
Revision: http://svn.php.net/viewvc?view=revision&revision=305412
Log:
Protect against null bytes in LOB filenames (rasmus)
Changed paths:
U php/php-src/branches/PHP_5_3/ext/oci8/oci8_interface.c
U php/php-src/branches/PHP_5_3/ext/oci8/package.xml
U php/php-src/branches/PHP_5_3/ext/oci8/php_oci8.h
A php/php-src/branches/PHP_5_3/ext/oci8/tests/null_byte_1.phpt
A php/php-src/branches/PHP_5_3/ext/oci8/tests/null_byte_2.phpt
U php/php-src/trunk/ext/oci8/oci8_interface.c
U php/php-src/trunk/ext/oci8/package.xml
U php/php-src/trunk/ext/oci8/php_oci8.h
A php/php-src/trunk/ext/oci8/tests/null_byte_1.phpt
A php/php-src/trunk/ext/oci8/tests/null_byte_2.phpt
Modified: php/php-src/branches/PHP_5_3/ext/oci8/oci8_interface.c
===================================================================
--- php/php-src/branches/PHP_5_3/ext/oci8/oci8_interface.c 2010-11-16 18:39:35 UTC (rev 305411)
+++ php/php-src/branches/PHP_5_3/ext/oci8/oci8_interface.c 2010-11-16 19:33:31 UTC (rev 305412)
@@ -242,7 +242,12 @@
return;
}
}
-
+
+ if (strlen(filename) != filename_len) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Filename cannot contain null bytes");
+ RETURN_FALSE;
+ }
+
if (zend_hash_find(Z_OBJPROP_P(z_descriptor), "descriptor", sizeof("descriptor"), (void **)&tmp) == FAILURE) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to find descriptor property");
RETURN_FALSE;
@@ -894,7 +899,12 @@
RETURN_FALSE;
}
}
-
+
+ if (strlen(filename) != filename_len) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Filename cannot contain null bytes");
+ RETURN_FALSE;
+ }
+
if (zend_hash_find(Z_OBJPROP_P(z_descriptor), "descriptor", sizeof("descriptor"), (void **)&tmp) == FAILURE) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to find descriptor property");
RETURN_FALSE;
@@ -1666,8 +1676,8 @@
}
/* }}} */
-/* {{{ proto resource oci_parse(resource connection, string query)
- Parse a query and return a statement */
+/* {{{ proto resource oci_parse(resource connection, string statement)
+ Parse a SQL or PL/SQL statement and return a statement resource */
PHP_FUNCTION(oci_parse)
{
zval *z_connection;
Modified: php/php-src/branches/PHP_5_3/ext/oci8/package.xml
===================================================================
--- php/php-src/branches/PHP_5_3/ext/oci8/package.xml 2010-11-16 18:39:35 UTC (rev 305411)
+++ php/php-src/branches/PHP_5_3/ext/oci8/package.xml 2010-11-16 19:33:31 UTC (rev 305412)
@@ -33,21 +33,20 @@
<active>no</active>
</lead>
- <date>2010-11-10</date>
+ <date>2010-11-16</date>
<time>15:00:00</time>
<version>
- <release>1.4.4</release>
- <api>1.4.4</api>
+ <release>1.4.5</release>
+ <api>1.4.5</api>
</version>
<stability>
- <release>stable</release>
+ <release>devel</release>
<api>stable</api>
</stability>
<license uri="http://www.php.net/license";>PHP</license>
<notes>
- Fixed bug #53284 (Valgrind warnings in oci_set_* functions)
- Enhancement - improve startup failure error messages
+ Protect against null bytes in LOB filenames (http://news.php.net/php.internals/50202)
</notes>
<contents>
<dir name="/">
@@ -306,6 +305,8 @@
<file name="lob_temp1.phpt" role="test" />
<file name="lob_temp.phpt" role="test" />
<file name="minfo.phpt" role="test" />
+ <file name="null_byte_1.phpt" role="test" />
+ <file name="null_byte_2.phpt" role="test" />
<file name="num.phpt" role="test" />
<file name="oci8safemode.phpt" role="test" />
<file name="oci_execute_segfault.phpt" role="test" />
@@ -379,6 +380,22 @@
<release>
<version>
+ <release>1.4.4</release>
+ <api>1.4.4</api>
+ </version>
+ <stability>
+ <release>stable</release>
+ <api>stable</api>
+ </stability>
+ <license uri="http://www.php.net/license";>PHP</license>
+ <notes>
+ Fixed bug #53284 (Valgrind warnings in oci_set_* functions)
+ Enhancement - improve startup failure error messages
+ </notes>
+</release>
+
+<release>
+ <version>
<release>1.4.3</release>
<api>1.4.3</api>
</version>
Modified: php/php-src/branches/PHP_5_3/ext/oci8/php_oci8.h
===================================================================
--- php/php-src/branches/PHP_5_3/ext/oci8/php_oci8.h 2010-11-16 18:39:35 UTC (rev 305411)
+++ php/php-src/branches/PHP_5_3/ext/oci8/php_oci8.h 2010-11-16 19:33:31 UTC (rev 305412)
@@ -46,7 +46,7 @@
*/
#undef PHP_OCI8_VERSION
#endif
-#define PHP_OCI8_VERSION "1.4.4"
+#define PHP_OCI8_VERSION "1.4.5-devel"
extern zend_module_entry oci8_module_entry;
#define phpext_oci8_ptr &oci8_module_entry
Added: php/php-src/branches/PHP_5_3/ext/oci8/tests/null_byte_1.phpt
===================================================================
--- php/php-src/branches/PHP_5_3/ext/oci8/tests/null_byte_1.phpt (rev 0)
+++ php/php-src/branches/PHP_5_3/ext/oci8/tests/null_byte_1.phpt 2010-11-16 19:33:31 UTC (rev 305412)
@@ -0,0 +1,38 @@
+--TEST--
+Protect against null bytes in LOB filenames (http://news.php.net/php.internals/50202)
+--SKIPIF--
+<?php if (!extension_loaded('oci8')) die ("skip no oci8 extension"); ?>
+--INI--
+display_errors = On
+error_reporting = E_WARNING
+--FILE--
+<?php
+
+require(dirname(__FILE__).'/connect.inc');
+
+// Run Test
+
+echo "Test 1: Import\n";
+
+$lob = oci_new_descriptor($c, OCI_D_LOB);
+$r = $lob->savefile("/tmp/abc\0def");
+var_dump($r);
+
+echo "Test 2: Export\n";
+
+$r = $lob->export("/tmp/abc\0def");
+var_dump($r);
+
+?>
+===DONE===
+<?php exit(0); ?>
+--EXPECTF--
+Test 1: Import
+
+Warning: OCI-Lob::savefile(): Filename cannot contain null bytes in %snull_byte_1.php on line %d
+bool(false)
+Test 2: Export
+
+Warning: OCI-Lob::export(): Filename cannot contain null bytes in %snull_byte_1.php on line %d
+bool(false)
+===DONE===
Property changes on: php/php-src/branches/PHP_5_3/ext/oci8/tests/null_byte_1.phpt
___________________________________________________________________
Added: svn:keywords
+ Id Rev Revision
Added: svn:eol-style
+ native
Added: php/php-src/branches/PHP_5_3/ext/oci8/tests/null_byte_2.phpt
===================================================================
--- php/php-src/branches/PHP_5_3/ext/oci8/tests/null_byte_2.phpt (rev 0)
+++ php/php-src/branches/PHP_5_3/ext/oci8/tests/null_byte_2.phpt 2010-11-16 19:33:31 UTC (rev 305412)
@@ -0,0 +1,69 @@
+--TEST--
+Null bytes in SQL statements
+--SKIPIF--
+<?php if (!extension_loaded('oci8')) die ("skip no oci8 extension"); ?>
+--INI--
+display_errors = On
+error_reporting = E_WARNING
+--FILE--
+<?php
+
+require(dirname(__FILE__).'/connect.inc');
+
+// Run Test
+
+echo "Test 1: Valid use of a null byte\n";
+
+$s = oci_parse($c, "select * \0from dual");
+oci_execute($s);
+oci_fetch_all($s, $res);
+var_dump($res);
+
+echo "Test 2: Invalid use of a null byte\n";
+
+$s = oci_parse($c, "select * from du\0al");
+oci_execute($s);
+
+echo "Test 3: Using a null byte in a bind variable name\n";
+
+$s = oci_parse($c, "select * from dual where :bv = 1");
+$bv = 1;
+oci_bind_by_name($s, ":bv\0:bv", $bv);
+oci_execute($s);
+
+echo "Test 4: Using a null byte in a bind variable value causing WHERE clause to fail\n";
+
+$s = oci_parse($c, "select * from dual where :bv = 'abc'");
+$bv = 'abc\0abc';
+oci_bind_by_name($s, ":bv", $bv);
+oci_execute($s);
+oci_fetch_all($s, $res);
+var_dump($res);
+
+?>
+===DONE===
+<?php exit(0); ?>
+--EXPECTF--
+Test 1: Valid use of a null byte
+array(1) {
+ ["DUMMY"]=>
+ array(1) {
+ [0]=>
+ string(1) "X"
+ }
+}
+Test 2: Invalid use of a null byte
+
+Warning: oci_execute(): ORA-00942: %s in %snull_byte_2.php on line %d
+Test 3: Using a null byte in a bind variable name
+
+Warning: oci_bind_by_name(): ORA-01036: %s in %snull_byte_2.php on line %d
+
+Warning: oci_execute(): ORA-01008: %s in %snull_byte_2.php on line %d
+Test 4: Using a null byte in a bind variable value causing WHERE clause to fail
+array(1) {
+ ["DUMMY"]=>
+ array(0) {
+ }
+}
+===DONE===
Property changes on: php/php-src/branches/PHP_5_3/ext/oci8/tests/null_byte_2.phpt
___________________________________________________________________
Added: svn:keywords
+ Id Rev Revision
Added: svn:eol-style
+ native
Modified: php/php-src/trunk/ext/oci8/oci8_interface.c
===================================================================
--- php/php-src/trunk/ext/oci8/oci8_interface.c 2010-11-16 18:39:35 UTC (rev 305411)
+++ php/php-src/trunk/ext/oci8/oci8_interface.c 2010-11-16 19:33:31 UTC (rev 305412)
@@ -242,7 +242,12 @@
return;
}
}
-
+
+ if (strlen(filename) != filename_len) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Filename cannot contain null bytes");
+ RETURN_FALSE;
+ }
+
if (zend_hash_find(Z_OBJPROP_P(z_descriptor), "descriptor", sizeof("descriptor"), (void **)&tmp) == FAILURE) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to find descriptor property");
RETURN_FALSE;
@@ -894,7 +899,12 @@
RETURN_FALSE;
}
}
-
+
+ if (strlen(filename) != filename_len) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Filename cannot contain null bytes");
+ RETURN_FALSE;
+ }
+
if (zend_hash_find(Z_OBJPROP_P(z_descriptor), "descriptor", sizeof("descriptor"), (void **)&tmp) == FAILURE) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to find descriptor property");
RETURN_FALSE;
@@ -1662,8 +1672,8 @@
}
/* }}} */
-/* {{{ proto resource oci_parse(resource connection, string query)
- Parse a query and return a statement */
+/* {{{ proto resource oci_parse(resource connection, string statement)
+ Parse a SQL or PL/SQL statement and return a statement resource */
PHP_FUNCTION(oci_parse)
{
zval *z_connection;
Modified: php/php-src/trunk/ext/oci8/package.xml
===================================================================
--- php/php-src/trunk/ext/oci8/package.xml 2010-11-16 18:39:35 UTC (rev 305411)
+++ php/php-src/trunk/ext/oci8/package.xml 2010-11-16 19:33:31 UTC (rev 305412)
@@ -33,21 +33,20 @@
<active>no</active>
</lead>
- <date>2010-11-10</date>
+ <date>2010-11-16</date>
<time>15:00:00</time>
<version>
- <release>1.4.4</release>
- <api>1.4.4</api>
+ <release>1.4.5</release>
+ <api>1.4.5</api>
</version>
<stability>
- <release>stable</release>
+ <release>devel</release>
<api>stable</api>
</stability>
<license uri="http://www.php.net/license";>PHP</license>
<notes>
- Fixed bug #53284 (Valgrind warnings in oci_set_* functions)
- Enhancement - improve startup failure error messages
+ Protect against null bytes in LOB filenames (http://news.php.net/php.internals/50202)
</notes>
<contents>
<dir name="/">
@@ -306,6 +305,8 @@
<file name="lob_temp1.phpt" role="test" />
<file name="lob_temp.phpt" role="test" />
<file name="minfo.phpt" role="test" />
+ <file name="null_byte_1.phpt" role="test" />
+ <file name="null_byte_2.phpt" role="test" />
<file name="num.phpt" role="test" />
<file name="oci8safemode.phpt" role="test" />
<file name="oci_execute_segfault.phpt" role="test" />
@@ -379,6 +380,22 @@
<release>
<version>
+ <release>1.4.4</release>
+ <api>1.4.4</api>
+ </version>
+ <stability>
+ <release>stable</release>
+ <api>stable</api>
+ </stability>
+ <license uri="http://www.php.net/license";>PHP</license>
+ <notes>
+ Fixed bug #53284 (Valgrind warnings in oci_set_* functions)
+ Enhancement - improve startup failure error messages
+ </notes>
+</release>
+
+<release>
+ <version>
<release>1.4.3</release>
<api>1.4.3</api>
</version>
Modified: php/php-src/trunk/ext/oci8/php_oci8.h
===================================================================
--- php/php-src/trunk/ext/oci8/php_oci8.h 2010-11-16 18:39:35 UTC (rev 305411)
+++ php/php-src/trunk/ext/oci8/php_oci8.h 2010-11-16 19:33:31 UTC (rev 305412)
@@ -46,7 +46,7 @@
*/
#undef PHP_OCI8_VERSION
#endif
-#define PHP_OCI8_VERSION "1.4.4"
+#define PHP_OCI8_VERSION "1.4.5-devel"
extern zend_module_entry oci8_module_entry;
#define phpext_oci8_ptr &oci8_module_entry
Added: php/php-src/trunk/ext/oci8/tests/null_byte_1.phpt
===================================================================
--- php/php-src/trunk/ext/oci8/tests/null_byte_1.phpt (rev 0)
+++ php/php-src/trunk/ext/oci8/tests/null_byte_1.phpt 2010-11-16 19:33:31 UTC (rev 305412)
@@ -0,0 +1,38 @@
+--TEST--
+Protect against null bytes in LOB filenames (http://news.php.net/php.internals/50202)
+--SKIPIF--
+<?php if (!extension_loaded('oci8')) die ("skip no oci8 extension"); ?>
+--INI--
+display_errors = On
+error_reporting = E_WARNING
+--FILE--
+<?php
+
+require(dirname(__FILE__).'/connect.inc');
+
+// Run Test
+
+echo "Test 1: Import\n";
+
+$lob = oci_new_descriptor($c, OCI_D_LOB);
+$r = $lob->savefile("/tmp/abc\0def");
+var_dump($r);
+
+echo "Test 2: Export\n";
+
+$r = $lob->export("/tmp/abc\0def");
+var_dump($r);
+
+?>
+===DONE===
+<?php exit(0); ?>
+--EXPECTF--
+Test 1: Import
+
+Warning: OCI-Lob::savefile(): Filename cannot contain null bytes in %snull_byte_1.php on line %d
+bool(false)
+Test 2: Export
+
+Warning: OCI-Lob::export(): Filename cannot contain null bytes in %snull_byte_1.php on line %d
+bool(false)
+===DONE===
Property changes on: php/php-src/trunk/ext/oci8/tests/null_byte_1.phpt
___________________________________________________________________
Added: svn:keywords
+ Id Rev Revision
Added: svn:eol-style
+ native
Added: php/php-src/trunk/ext/oci8/tests/null_byte_2.phpt
===================================================================
--- php/php-src/trunk/ext/oci8/tests/null_byte_2.phpt (rev 0)
+++ php/php-src/trunk/ext/oci8/tests/null_byte_2.phpt 2010-11-16 19:33:31 UTC (rev 305412)
@@ -0,0 +1,69 @@
+--TEST--
+Null bytes in SQL statements
+--SKIPIF--
+<?php if (!extension_loaded('oci8')) die ("skip no oci8 extension"); ?>
+--INI--
+display_errors = On
+error_reporting = E_WARNING
+--FILE--
+<?php
+
+require(dirname(__FILE__).'/connect.inc');
+
+// Run Test
+
+echo "Test 1: Valid use of a null byte\n";
+
+$s = oci_parse($c, "select * \0from dual");
+oci_execute($s);
+oci_fetch_all($s, $res);
+var_dump($res);
+
+echo "Test 2: Invalid use of a null byte\n";
+
+$s = oci_parse($c, "select * from du\0al");
+oci_execute($s);
+
+echo "Test 3: Using a null byte in a bind variable name\n";
+
+$s = oci_parse($c, "select * from dual where :bv = 1");
+$bv = 1;
+oci_bind_by_name($s, ":bv\0:bv", $bv);
+oci_execute($s);
+
+echo "Test 4: Using a null byte in a bind variable value causing WHERE clause to fail\n";
+
+$s = oci_parse($c, "select * from dual where :bv = 'abc'");
+$bv = 'abc\0abc';
+oci_bind_by_name($s, ":bv", $bv);
+oci_execute($s);
+oci_fetch_all($s, $res);
+var_dump($res);
+
+?>
+===DONE===
+<?php exit(0); ?>
+--EXPECTF--
+Test 1: Valid use of a null byte
+array(1) {
+ ["DUMMY"]=>
+ array(1) {
+ [0]=>
+ string(1) "X"
+ }
+}
+Test 2: Invalid use of a null byte
+
+Warning: oci_execute(): ORA-00942: %s in %snull_byte_2.php on line %d
+Test 3: Using a null byte in a bind variable name
+
+Warning: oci_bind_by_name(): ORA-01036: %s in %snull_byte_2.php on line %d
+
+Warning: oci_execute(): ORA-01008: %s in %snull_byte_2.php on line %d
+Test 4: Using a null byte in a bind variable value causing WHERE clause to fail
+array(1) {
+ ["DUMMY"]=>
+ array(0) {
+ }
+}
+===DONE===
Property changes on: php/php-src/trunk/ext/oci8/tests/null_byte_2.phpt
___________________________________________________________________
Added: svn:keywords
+ Id Rev Revision
Added: svn:eol-style
+ native
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
