[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/ext/oci8/oci8.c branches/PHP_5_3/ext/oci8/package.xml branches/PHP_5_4/ext/oci8/oci8.c branches/PHP_5_4/ext/oci8/package.xml trunk/ext/oci8/oci8.c trunk/e
sixd Fri, 18 Nov 2011 09:59:35 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=319457
Log:
Sync to 5.3 and check additional cases for #55748
Bug: https://bugs.php.net/55748 (Closed) multiple NULL Pointer Dereference with
zend_strndup()
Changed paths:
U php/php-src/branches/PHP_5_3/ext/oci8/oci8.c
U php/php-src/branches/PHP_5_3/ext/oci8/package.xml
U php/php-src/branches/PHP_5_4/ext/oci8/oci8.c
U php/php-src/branches/PHP_5_4/ext/oci8/package.xml
U php/php-src/trunk/ext/oci8/oci8.c
U php/php-src/trunk/ext/oci8/package.xml
Modified: php/php-src/branches/PHP_5_3/ext/oci8/oci8.c
===
--- php/php-src/branches/PHP_5_3/ext/oci8/oci8.c2011-11-18 09:26:01 UTC
(rev 319456)
+++ php/php-src/branches/PHP_5_3/ext/oci8/oci8.c2011-11-18 09:59:35 UTC
(rev 319457)
@@ -2054,7 +2054,14 @@
connection-is_persistent = 0;
} else {
connection = (php_oci_connection *) calloc(1,
sizeof(php_oci_connection));
+ if (connection == NULL) {
+ return NULL;
+ }
connection-hash_key = zend_strndup(hashed_details.c,
hashed_details.len);
+ if (connection-hash_key == NULL) {
+ free(connection);
+ return NULL;
+ }
connection-is_persistent = 1;
}
} else {
@@ -2704,12 +2711,20 @@
ub4 poolmode = OCI_DEFAULT; /* Mode to be passed to
OCISessionPoolCreate */
OCIAuthInfo *spoolAuth = NULL;
- /*Allocate sessionpool out of persistent memory */
+ /* Allocate sessionpool out of persistent memory */
session_pool = (php_oci_spool *) calloc(1, sizeof(php_oci_spool));
+ if (session_pool == NULL) {
+ iserror = 1;
+ goto exit_create_spool;
+ }
/* Populate key if passed */
if (hash_key_len) {
session_pool-spool_hash_key = zend_strndup(hash_key,
hash_key_len);
+ if (session_pool-spool_hash_key == NULL) {
+ iserror = 1;
+ goto exit_create_spool;
+ }
}
/* Create the session pool's env */
Modified: php/php-src/branches/PHP_5_3/ext/oci8/package.xml
===
--- php/php-src/branches/PHP_5_3/ext/oci8/package.xml 2011-11-18 09:26:01 UTC
(rev 319456)
+++ php/php-src/branches/PHP_5_3/ext/oci8/package.xml 2011-11-18 09:59:35 UTC
(rev 319457)
@@ -47,6 +47,7 @@
license uri=http://www.php.net/license;PHP/license
notes
Fixed bug #59985 (show normal warning text for OCI_NO_DATA)
+ Fixed OCI8 part of bug #55748 (CVE-2011-4153: multiple NULL Pointer
Dereference with zend_strndup)
Increased maximum Oracle error message buffer length for new Oracle 11.2.0.3
size
Improve internal initalization failure error messages
/notes
Modified: php/php-src/branches/PHP_5_4/ext/oci8/oci8.c
===
--- php/php-src/branches/PHP_5_4/ext/oci8/oci8.c2011-11-18 09:26:01 UTC
(rev 319456)
+++ php/php-src/branches/PHP_5_4/ext/oci8/oci8.c2011-11-18 09:59:35 UTC
(rev 319457)
@@ -2054,8 +2054,12 @@
connection-is_persistent = 0;
} else {
connection = (php_oci_connection *) calloc(1,
sizeof(php_oci_connection));
+ if (connection == NULL) {
+ return NULL;
+ }
connection-hash_key = zend_strndup(hashed_details.c,
hashed_details.len);
- if(connection-hash_key == NULL) {
+ if (connection-hash_key == NULL) {
+ free(connection);
return NULL;
}
connection-is_persistent = 1;
@@ -2707,12 +2711,20 @@
ub4 poolmode = OCI_DEFAULT; /* Mode to be passed to
OCISessionPoolCreate */
OCIAuthInfo *spoolAuth = NULL;
- /*Allocate sessionpool out of persistent memory */
+ /* Allocate sessionpool out of persistent memory */
session_pool = (php_oci_spool *) calloc(1, sizeof(php_oci_spool));
+ if (session_pool == NULL) {
+ iserror = 1;
+ goto exit_create_spool;
+ }
/* Populate key if passed */
if (hash_key_len) {
session_pool-spool_hash_key = zend_strndup(hash_key,
hash_key_len);
+ if (session_pool-spool_hash_key == NULL) {
+ iserror = 1;
+ goto exit_create_spool;
+ }
}
/*
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/ext/oci8/oci8.c branches/PHP_5_3/ext/oci8/package.xml branches/PHP_5_4/ext/oci8/oci8.c branches/PHP_5_4/ext/oci8/package.xml trunk/ext/oci8/oci8.c trunk/e
sixd Mon, 07 Nov 2011 20:10:41 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=31
Log:
Improve OCI8 NLS env creation error messages (#58925)
Bug: https://bugs.php.net/58925 (Assigned) No error information available when
php_oci_create_env fails
Changed paths:
U php/php-src/branches/PHP_5_3/ext/oci8/oci8.c
U php/php-src/branches/PHP_5_3/ext/oci8/package.xml
U php/php-src/branches/PHP_5_4/ext/oci8/oci8.c
U php/php-src/branches/PHP_5_4/ext/oci8/package.xml
U php/php-src/trunk/ext/oci8/oci8.c
U php/php-src/trunk/ext/oci8/package.xml
Modified: php/php-src/branches/PHP_5_3/ext/oci8/oci8.c
===
--- php/php-src/branches/PHP_5_3/ext/oci8/oci8.c2011-11-07 19:23:17 UTC
(rev 318887)
+++ php/php-src/branches/PHP_5_3/ext/oci8/oci8.c2011-11-07 20:10:41 UTC
(rev 31)
@@ -2901,11 +2901,20 @@
PHP_OCI_CALL_RETURN(OCI_G(errcode), OCIEnvNlsCreate, (retenv,
OCI_G(events) ? PHP_OCI_INIT_MODE | OCI_EVENTS : PHP_OCI_INIT_MODE, 0, NULL,
NULL, NULL, 0, NULL, charsetid, charsetid));
if (OCI_G(errcode) != OCI_SUCCESS) {
+ sb4 ora_error_code = 0;
+ text ora_msg_buf[OCI_ERROR_MAXMSG_SIZE]; /* Use traditional
smaller size: non-PL/SQL errors should fit and it keeps the stack smaller */
+
#ifdef HAVE_OCI_INSTANT_CLIENT
php_error_docref(NULL TSRMLS_CC, E_WARNING, OCIEnvNlsCreate()
failed. There is something wrong with your system - please check that
PHP_OCI8_LIB_PATH_MSG includes the directory with Oracle Instant Client
libraries);
#else
php_error_docref(NULL TSRMLS_CC, E_WARNING, OCIEnvNlsCreate()
failed. There is something wrong with your system - please check that
ORACLE_HOME and PHP_OCI8_LIB_PATH_MSG are set and point to the right
directories);
#endif
+ if (retenv
+OCIErrorGet(retenv, (ub4)1, NULL, ora_error_code,
ora_msg_buf, (ub4)OCI_ERROR_MAXMSG_SIZE, (ub4)OCI_HTYPE_ENV) == OCI_SUCCESS
+*ora_msg_buf) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, %s,
ora_msg_buf);
+ }
+
return NULL;
}
return retenv;
Modified: php/php-src/branches/PHP_5_3/ext/oci8/package.xml
===
--- php/php-src/branches/PHP_5_3/ext/oci8/package.xml 2011-11-07 19:23:17 UTC
(rev 318887)
+++ php/php-src/branches/PHP_5_3/ext/oci8/package.xml 2011-11-07 20:10:41 UTC
(rev 31)
@@ -47,6 +47,7 @@
license uri=http://www.php.net/license;PHP/license
notes
Increased maximum possible Oracle DB error message length
+ Improve internal initalization failure error messages
/notes
contents
dir name=/
Modified: php/php-src/branches/PHP_5_4/ext/oci8/oci8.c
===
--- php/php-src/branches/PHP_5_4/ext/oci8/oci8.c2011-11-07 19:23:17 UTC
(rev 318887)
+++ php/php-src/branches/PHP_5_4/ext/oci8/oci8.c2011-11-07 20:10:41 UTC
(rev 31)
@@ -2901,11 +2901,20 @@
PHP_OCI_CALL_RETURN(OCI_G(errcode), OCIEnvNlsCreate, (retenv,
OCI_G(events) ? PHP_OCI_INIT_MODE | OCI_EVENTS : PHP_OCI_INIT_MODE, 0, NULL,
NULL, NULL, 0, NULL, charsetid, charsetid));
if (OCI_G(errcode) != OCI_SUCCESS) {
+ sb4 ora_error_code = 0;
+ text ora_msg_buf[OCI_ERROR_MAXMSG_SIZE]; /* Use traditional
smaller size: non-PL/SQL errors should fit and it keeps the stack smaller */
+
#ifdef HAVE_OCI_INSTANT_CLIENT
php_error_docref(NULL TSRMLS_CC, E_WARNING, OCIEnvNlsCreate()
failed. There is something wrong with your system - please check that
PHP_OCI8_LIB_PATH_MSG includes the directory with Oracle Instant Client
libraries);
#else
php_error_docref(NULL TSRMLS_CC, E_WARNING, OCIEnvNlsCreate()
failed. There is something wrong with your system - please check that
ORACLE_HOME and PHP_OCI8_LIB_PATH_MSG are set and point to the right
directories);
#endif
+ if (retenv
+OCIErrorGet(retenv, (ub4)1, NULL, ora_error_code,
ora_msg_buf, (ub4)OCI_ERROR_MAXMSG_SIZE, (ub4)OCI_HTYPE_ENV) == OCI_SUCCESS
+*ora_msg_buf) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, %s,
ora_msg_buf);
+ }
+
return NULL;
}
return retenv;
Modified: php/php-src/branches/PHP_5_4/ext/oci8/package.xml
===
--- php/php-src/branches/PHP_5_4/ext/oci8/package.xml 2011-11-07 19:23:17 UTC
(rev 318887)
+++ php/php-src/branches/PHP_5_4/ext/oci8/package.xml 2011-11-07 20:10:41 UTC
(rev 31)
@@ -47,6 +47,7 @@
license uri=http://www.php.net/license;PHP/license
notes
Increased maximum possible Oracle DB error
