ID: 40600 User updated by: stas at FreeBSD dot org Reported By: stas at FreeBSD dot org -Status: Bogus +Status: Open Bug Type: POSIX related Operating System: FreeBSD PHP Version: 5.2.1 Assigned To: iliaa New Comment:
The bug is still here. Previous Comments: ------------------------------------------------------------------------ [2007-02-24 09:03:50] stas at FreeBSD dot org > The current code is fine, we should not hardcode buffer > sizes if they cannot be retrieved, this could lead to > exploitable situations. Also if the return buffer length of > 0 it probably indicates a problem. 1) According to POSIX it's not a problem 2) Besides that one check is missing (take a look at patch), so you're effectively trying to malloc (size_t)-1 bytes on FreeBSD currently, which leads to crash. ------------------------------------------------------------------------ [2007-02-23 23:53:25] [EMAIL PROTECTED] Thank you for taking the time to write to us, but this is not a bug. Please double-check the documentation available at http://www.php.net/manual/ and the instructions on how to report a bug at http://bugs.php.net/how-to-report.php The current code is fine, we should not hardcode buffer sizes if they cannot be retrieved, this could lead to exploitable situations. Also if the return buffer length of 0 it probably indicates a problem. ------------------------------------------------------------------------ [2007-02-23 14:07:38] [EMAIL PROTECTED] Ilia, please take a look at this, IIRC you added those sysconf() patches. ------------------------------------------------------------------------ [2007-02-23 13:55:02] [EMAIL PROTECTED] >Yeah... According to susv3: Yes, I know that, thanks. But that does not mean "if (buflen < 1)" is incorrect. I don't think that zero buflen is a correct value (and even if it is, it's useless). ------------------------------------------------------------------------ [2007-02-23 13:47:59] stas at FreeBSD dot org >>This patch covers two problems: >>1) The POSIX says that sysconf will return -1 on failure, >> thus the ( < check is definitely incorrect > >Oh? Care to elaborate? Yeah... According to susv3: "If name is an invalid value, sysconf() shall return -1 and set errno to indicate the error. If the variable corresponding to name has no limit, sysconf() shall return -1 without changing the value of errno. Note that indefinite limits do not imply infinite limits; see <limits.h>." >>2) It's safe to use the buffer of any size (according to >> POSIX), since you give the buffer length to these >> functions. > >Yeah, according to POSIX those functions must be >implemented. >But they are not. >it's better then give up on retriving this info just in >case the sysconf doesn't has these limit values. >I don't think it's any better to use hacks to workaround >missing FreeBSD > functionality. Ok, agree. It's open to you. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/40600 -- Edit this bug report at http://bugs.php.net/?id=40600&edit=1