felipe Mon, 14 Mar 2011 13:54:41 +0000
Revision: http://svn.php.net/viewvc?view=revision&revision=309221
Log:
- Fixed bug #54247 (format-string vulnerability on Phar)
Bug: http://bugs.php.net/54247 (error getting bug information)
Changed paths:
U php/php-src/branches/PHP_5_3/ext/phar/phar_object.c
U php/php-src/trunk/ext/phar/phar_object.c
Modified: php/php-src/branches/PHP_5_3/ext/phar/phar_object.c
===================================================================
--- php/php-src/branches/PHP_5_3/ext/phar/phar_object.c 2011-03-14 13:53:44 UTC (rev 309220)
+++ php/php-src/branches/PHP_5_3/ext/phar/phar_object.c 2011-03-14 13:54:41 UTC (rev 309221)
@@ -1141,7 +1141,7 @@
RETVAL_BOOL(phar_open_from_filename(fname, fname_len, alias, alias_len, REPORT_ERRORS, NULL, &error TSRMLS_CC) == SUCCESS);
if (error) {
- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
efree(error);
}
} /* }}} */
@@ -2007,7 +2007,7 @@
phar_flush(phar_obj->arc.archive, 0, 0, 0, &error TSRMLS_CC);
if (error) {
- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
efree(error);
}
@@ -2070,7 +2070,7 @@
phar_obj->arc.archive->ufp = pass.fp;
phar_flush(phar_obj->arc.archive, 0, 0, 0, &error TSRMLS_CC);
if (error) {
- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
efree(error);
}
} else {
@@ -2327,7 +2327,7 @@
phar_flush(phar, 0, 0, 1, &error TSRMLS_CC);
if (error) {
- zend_throw_exception_ex(spl_ce_BadMethodCallException, 0 TSRMLS_CC, error);
+ zend_throw_exception_ex(spl_ce_BadMethodCallException, 0 TSRMLS_CC, "%s", error);
efree(error);
efree(oldpath);
return NULL;
@@ -2787,7 +2787,7 @@
phar_flush(phar_obj->arc.archive, NULL, 0, 0, &error TSRMLS_CC);
if (error) {
- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
efree(error);
}
@@ -2862,7 +2862,7 @@
efree(error);
goto valid_alias;
}
- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
efree(error);
RETURN_FALSE;
}
@@ -2899,7 +2899,7 @@
phar_obj->arc.archive->alias = oldalias;
phar_obj->arc.archive->alias_len = oldalias_len;
phar_obj->arc.archive->is_temporary_alias = old_temp;
- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
if (readd) {
zend_hash_add(&(PHAR_GLOBALS->phar_alias_map), oldalias, oldalias_len, (void*)&(phar_obj->arc.archive), sizeof(phar_archive_data*), NULL);
}
@@ -2972,7 +2972,7 @@
phar_flush(phar_obj->arc.archive, 0, 0, 0, &error TSRMLS_CC);
if (error) {
- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
efree(error);
}
}
@@ -3021,7 +3021,7 @@
}
phar_flush(phar_obj->arc.archive, (char *) &zstub, len, 0, &error TSRMLS_CC);
if (error) {
- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
efree(error);
}
RETURN_TRUE;
@@ -3037,7 +3037,7 @@
phar_flush(phar_obj->arc.archive, stub, stub_len, 0, &error TSRMLS_CC);
if (error) {
- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
efree(error);
}
@@ -3098,7 +3098,7 @@
stub = phar_create_default_stub(index, webindex, &stub_len, &error TSRMLS_CC);
if (error) {
- zend_throw_exception_ex(spl_ce_UnexpectedValueException, 0 TSRMLS_CC, error);
+ zend_throw_exception_ex(spl_ce_UnexpectedValueException, 0 TSRMLS_CC, "%s", error);
efree(error);
if (stub) {
efree(stub);
@@ -3120,7 +3120,7 @@
}
if (error) {
- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
efree(error);
RETURN_FALSE;
}
@@ -3175,7 +3175,7 @@
phar_flush(phar_obj->arc.archive, 0, 0, 0, &error TSRMLS_CC);
if (error) {
- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
efree(error);
}
break;
@@ -3477,7 +3477,7 @@
phar_flush(phar_obj->arc.archive, 0, 0, 0, &error TSRMLS_CC);
if (error) {
- zend_throw_exception_ex(spl_ce_BadMethodCallException, 0 TSRMLS_CC, error);
+ zend_throw_exception_ex(spl_ce_BadMethodCallException, 0 TSRMLS_CC, "%s", error);
efree(error);
}
}
@@ -3517,7 +3517,7 @@
phar_flush(phar_obj->arc.archive, 0, 0, 0, &error TSRMLS_CC);
if (error) {
- zend_throw_exception_ex(spl_ce_BadMethodCallException, 0 TSRMLS_CC, error);
+ zend_throw_exception_ex(spl_ce_BadMethodCallException, 0 TSRMLS_CC, "%s", error);
efree(error);
}
@@ -3617,7 +3617,7 @@
if (FAILURE == phar_copy_entry_fp(oldentry, &newentry, &error TSRMLS_CC)) {
efree(newentry.filename);
php_stream_close(newentry.fp);
- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
efree(error);
return;
}
@@ -3628,7 +3628,7 @@
phar_flush(phar_obj->arc.archive, 0, 0, 0, &error TSRMLS_CC);
if (error) {
- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
efree(error);
}
@@ -3774,7 +3774,7 @@
phar_flush(*pphar, 0, 0, 0, &error TSRMLS_CC);
if (error) {
- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
efree(error);
}
}
@@ -3810,7 +3810,7 @@
phar_flush(*pphar, 0, 0, 0, &error TSRMLS_CC);
if (error) {
- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
efree(error);
}
}
@@ -3896,7 +3896,7 @@
phar_flush(phar_obj->arc.archive, 0, 0, 0, &error TSRMLS_CC);
if (error) {
- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
efree(error);
}
@@ -4152,7 +4152,7 @@
phar_flush(phar_obj->arc.archive, 0, 0, 0, &error TSRMLS_CC);
if (error) {
- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
efree(error);
}
}
@@ -4179,7 +4179,7 @@
phar_flush(phar_obj->arc.archive, 0, 0, 0, &error TSRMLS_CC);
if (error) {
- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
efree(error);
RETURN_FALSE;
} else {
@@ -4727,7 +4727,7 @@
phar_flush(entry_obj->ent.entry->phar, 0, 0, 0, &error TSRMLS_CC);
if (error) {
- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
efree(error);
}
}
@@ -4813,7 +4813,7 @@
phar_flush(entry_obj->ent.entry->phar, 0, 0, 0, &error TSRMLS_CC);
if (error) {
- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
efree(error);
}
}
@@ -4858,7 +4858,7 @@
phar_flush(entry_obj->ent.entry->phar, 0, 0, 0, &error TSRMLS_CC);
if (error) {
- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
efree(error);
RETURN_FALSE;
} else {
@@ -5040,7 +5040,7 @@
phar_flush(entry_obj->ent.entry->phar, 0, 0, 0, &error TSRMLS_CC);
if (error) {
- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
efree(error);
}
@@ -5115,7 +5115,7 @@
phar_flush(entry_obj->ent.entry->phar, 0, 0, 0, &error TSRMLS_CC);
if (error) {
- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
efree(error);
}
RETURN_TRUE;
Modified: php/php-src/trunk/ext/phar/phar_object.c
===================================================================
--- php/php-src/trunk/ext/phar/phar_object.c 2011-03-14 13:53:44 UTC (rev 309220)
+++ php/php-src/trunk/ext/phar/phar_object.c 2011-03-14 13:54:41 UTC (rev 309221)
@@ -1143,7 +1143,7 @@
RETVAL_BOOL(phar_open_from_filename(fname, fname_len, alias, alias_len, REPORT_ERRORS, NULL, &error TSRMLS_CC) == SUCCESS);
if (error) {
- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
efree(error);
}
} /* }}} */
@@ -2009,7 +2009,7 @@
phar_flush(phar_obj->arc.archive, 0, 0, 0, &error TSRMLS_CC);
if (error) {
- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
efree(error);
}
@@ -2072,7 +2072,7 @@
phar_obj->arc.archive->ufp = pass.fp;
phar_flush(phar_obj->arc.archive, 0, 0, 0, &error TSRMLS_CC);
if (error) {
- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
efree(error);
}
} else {
@@ -2330,7 +2330,7 @@
phar_flush(phar, 0, 0, 1, &error TSRMLS_CC);
if (error) {
- zend_throw_exception_ex(spl_ce_BadMethodCallException, 0 TSRMLS_CC, error);
+ zend_throw_exception_ex(spl_ce_BadMethodCallException, 0 TSRMLS_CC, "%s", error);
efree(error);
efree(oldpath);
return NULL;
@@ -2790,7 +2790,7 @@
phar_flush(phar_obj->arc.archive, NULL, 0, 0, &error TSRMLS_CC);
if (error) {
- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
efree(error);
}
@@ -2865,7 +2865,7 @@
efree(error);
goto valid_alias;
}
- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
efree(error);
RETURN_FALSE;
}
@@ -2902,7 +2902,7 @@
phar_obj->arc.archive->alias = oldalias;
phar_obj->arc.archive->alias_len = oldalias_len;
phar_obj->arc.archive->is_temporary_alias = old_temp;
- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
if (readd) {
zend_hash_add(&(PHAR_GLOBALS->phar_alias_map), oldalias, oldalias_len, (void*)&(phar_obj->arc.archive), sizeof(phar_archive_data*), NULL);
}
@@ -2975,7 +2975,7 @@
phar_flush(phar_obj->arc.archive, 0, 0, 0, &error TSRMLS_CC);
if (error) {
- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
efree(error);
}
}
@@ -3024,7 +3024,7 @@
}
phar_flush(phar_obj->arc.archive, (char *) &zstub, len, 0, &error TSRMLS_CC);
if (error) {
- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
efree(error);
}
RETURN_TRUE;
@@ -3040,7 +3040,7 @@
phar_flush(phar_obj->arc.archive, stub, stub_len, 0, &error TSRMLS_CC);
if (error) {
- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
efree(error);
}
@@ -3101,7 +3101,7 @@
stub = phar_create_default_stub(index, webindex, &stub_len, &error TSRMLS_CC);
if (error) {
- zend_throw_exception_ex(spl_ce_UnexpectedValueException, 0 TSRMLS_CC, error);
+ zend_throw_exception_ex(spl_ce_UnexpectedValueException, 0 TSRMLS_CC, "%s", error);
efree(error);
if (stub) {
efree(stub);
@@ -3123,7 +3123,7 @@
}
if (error) {
- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
efree(error);
RETURN_FALSE;
}
@@ -3178,7 +3178,7 @@
phar_flush(phar_obj->arc.archive, 0, 0, 0, &error TSRMLS_CC);
if (error) {
- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
efree(error);
}
break;
@@ -3480,7 +3480,7 @@
phar_flush(phar_obj->arc.archive, 0, 0, 0, &error TSRMLS_CC);
if (error) {
- zend_throw_exception_ex(spl_ce_BadMethodCallException, 0 TSRMLS_CC, error);
+ zend_throw_exception_ex(spl_ce_BadMethodCallException, 0 TSRMLS_CC, "%s", error);
efree(error);
}
}
@@ -3520,7 +3520,7 @@
phar_flush(phar_obj->arc.archive, 0, 0, 0, &error TSRMLS_CC);
if (error) {
- zend_throw_exception_ex(spl_ce_BadMethodCallException, 0 TSRMLS_CC, error);
+ zend_throw_exception_ex(spl_ce_BadMethodCallException, 0 TSRMLS_CC, "%s", error);
efree(error);
}
@@ -3620,7 +3620,7 @@
if (FAILURE == phar_copy_entry_fp(oldentry, &newentry, &error TSRMLS_CC)) {
efree(newentry.filename);
php_stream_close(newentry.fp);
- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
efree(error);
return;
}
@@ -3631,7 +3631,7 @@
phar_flush(phar_obj->arc.archive, 0, 0, 0, &error TSRMLS_CC);
if (error) {
- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
efree(error);
}
@@ -3777,7 +3777,7 @@
phar_flush(*pphar, 0, 0, 0, &error TSRMLS_CC);
if (error) {
- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
efree(error);
}
}
@@ -3813,7 +3813,7 @@
phar_flush(*pphar, 0, 0, 0, &error TSRMLS_CC);
if (error) {
- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
efree(error);
}
}
@@ -3899,7 +3899,7 @@
phar_flush(phar_obj->arc.archive, 0, 0, 0, &error TSRMLS_CC);
if (error) {
- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
efree(error);
}
@@ -4155,7 +4155,7 @@
phar_flush(phar_obj->arc.archive, 0, 0, 0, &error TSRMLS_CC);
if (error) {
- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
efree(error);
}
}
@@ -4182,7 +4182,7 @@
phar_flush(phar_obj->arc.archive, 0, 0, 0, &error TSRMLS_CC);
if (error) {
- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
efree(error);
RETURN_FALSE;
} else {
@@ -4731,7 +4731,7 @@
phar_flush(entry_obj->ent.entry->phar, 0, 0, 0, &error TSRMLS_CC);
if (error) {
- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
efree(error);
}
}
@@ -4817,7 +4817,7 @@
phar_flush(entry_obj->ent.entry->phar, 0, 0, 0, &error TSRMLS_CC);
if (error) {
- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
efree(error);
}
}
@@ -4862,7 +4862,7 @@
phar_flush(entry_obj->ent.entry->phar, 0, 0, 0, &error TSRMLS_CC);
if (error) {
- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
efree(error);
RETURN_FALSE;
} else {
@@ -5044,7 +5044,7 @@
phar_flush(entry_obj->ent.entry->phar, 0, 0, 0, &error TSRMLS_CC);
if (error) {
- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
efree(error);
}
@@ -5119,7 +5119,7 @@
phar_flush(entry_obj->ent.entry->phar, 0, 0, 0, &error TSRMLS_CC);
if (error) {
- zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, error);
+ zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "%s", error);
efree(error);
}
RETURN_TRUE;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
