http://git.php.net/?p=php-src.git;a=patch;h=ce96fd6b0761d98353761bf78d5bfb55291179fd
From ce96fd6b0761d98353761bf78d5bfb55291179fd Mon Sep 17 00:00:00 2001
From: Pierre Joye <pajoye@php.net>
Date: Thu, 18 Nov 2010 15:22:22 +0000
Subject: [PATCH] - fix #39863, do not accept paths with NULL in them.
diff -up php-5.3.3/ext/bz2/bz2.c.cve7243 php-5.3.3/ext/bz2/bz2.c
--- php-5.3.3/ext/bz2/bz2.c.cve7243 2010-06-26 18:03:39.000000000 +0200
+++ php-5.3.3/ext/bz2/bz2.c 2013-05-03 11:57:08.291141605 +0200
@@ -387,6 +387,9 @@ static PHP_FUNCTION(bzopen)
if (Z_TYPE_PP(file) == IS_STRING) {
convert_to_string_ex(file);
+ if (strlen(Z_STRVAL_PP(file)) != Z_STRLEN_PP(file)) {
+ RETURN_FALSE;
+ }
if (Z_STRLEN_PP(file) == 0) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "filename cannot be empty");
RETURN_FALSE;
diff -up php-5.3.3/ext/com_dotnet/com_persist.c.cve7243 php-5.3.3/ext/com_dotnet/com_persist.c
--- php-5.3.3/ext/com_dotnet/com_persist.c.cve7243 2010-01-03 10:23:27.000000000 +0100
+++ php-5.3.3/ext/com_dotnet/com_persist.c 2013-05-03 11:57:08.291141605 +0200
@@ -389,6 +389,9 @@ CPH_METHOD(SaveToFile)
}
if (filename) {
+ if (strlen(filename) != filename_len) {
+ RETURN_FALSE;
+ }
fullpath = expand_filepath(filename, NULL TSRMLS_CC);
if (!fullpath) {
RETURN_FALSE;
@@ -453,6 +456,10 @@ CPH_METHOD(LoadFromFile)
return;
}
+ if (strlen(filename) != filename_len) {
+ RETURN_FALSE;
+ }
+
if (!(fullpath = expand_filepath(filename, NULL TSRMLS_CC))) {
RETURN_FALSE;
}
diff -up php-5.3.3/ext/enchant/enchant.c.cve7243 php-5.3.3/ext/enchant/enchant.c
--- php-5.3.3/ext/enchant/enchant.c.cve7243 2010-05-02 07:01:51.000000000 +0200
+++ php-5.3.3/ext/enchant/enchant.c 2013-05-03 11:57:08.291141605 +0200
@@ -587,6 +587,10 @@ PHP_FUNCTION(enchant_broker_request_pwl_
RETURN_FALSE;
}
+ if (strlen(pwl) != pwllen) {
+ RETURN_FALSE;
+ }
+
#if PHP_API_VERSION < 20100412
if ((PG(safe_mode) && (!php_checkuid(pwl, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(pwl TSRMLS_CC)) {
#else
diff -up php-5.3.3/ext/fileinfo/fileinfo.c.cve7243 php-5.3.3/ext/fileinfo/fileinfo.c
--- php-5.3.3/ext/fileinfo/fileinfo.c.cve7243 2013-05-03 11:57:08.057140307 +0200
+++ php-5.3.3/ext/fileinfo/fileinfo.c 2013-05-03 11:57:08.292141611 +0200
@@ -294,6 +294,9 @@ PHP_FUNCTION(finfo_open)
if (file_len == 0) {
file = NULL;
} else if (file && *file) { /* user specified file, perform open_basedir checks */
+ if (strlen(file) != file_len) {
+ RETURN_FALSE;
+ }
if (!VCWD_REALPATH(file, resolved_path)) {
RETURN_FALSE;
}
diff -up php-5.3.3/ext/gd/gd.c.cve7243 php-5.3.3/ext/gd/gd.c
--- php-5.3.3/ext/gd/gd.c.cve7243 2010-01-15 18:09:14.000000000 +0100
+++ php-5.3.3/ext/gd/gd.c 2013-05-03 11:57:08.292141611 +0200
@@ -2642,6 +2642,9 @@ static void _php_image_output(INTERNAL_F
}
if (argc >= 2 && file_len) {
+ if (strlen(file) != file_len) {
+ RETURN_FALSE;
+ }
PHP_GD_CHECK_OPEN_BASEDIR(fn, "Invalid filename");
fp = VCWD_FOPEN(fn, "wb");
@@ -4552,6 +4555,14 @@ static void _php_image_convert(INTERNAL_
dest_width = width;
int_threshold = threshold;
+ if (strlen(f_org) != f_org_len) {
+ RETURN_FALSE;
+ }
+
+ if (strlen(f_dest) != f_dest_len) {
+ RETURN_FALSE;
+ }
+
/* Check threshold value */
if (int_threshold < 0 || int_threshold > 8) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid threshold value '%d'", int_threshold);
diff -up php-5.3.3/ext/gd/gd_ctx.c.cve7243 php-5.3.3/ext/gd/gd_ctx.c
--- php-5.3.3/ext/gd/gd_ctx.c.cve7243 2010-01-03 10:23:27.000000000 +0100
+++ php-5.3.3/ext/gd/gd_ctx.c 2013-05-03 11:57:08.292141611 +0200
@@ -91,6 +91,9 @@ static void _php_image_output_ctx(INTERN
}
if (argc > 1 && file_len) {
+ if (strlen(file) != file_len) {
+ RETURN_FALSE;
+ }
PHP_GD_CHECK_OPEN_BASEDIR(file, "Invalid filename");
fp = VCWD_FOPEN(file, "wb");
diff -up php-5.3.3/ext/imap/php_imap.c.cve7243 php-5.3.3/ext/imap/php_imap.c
--- php-5.3.3/ext/imap/php_imap.c.cve7243 2013-05-03 11:57:08.063140340 +0200
+++ php-5.3.3/ext/imap/php_imap.c 2013-05-03 11:57:08.293141616 +0200
@@ -1216,10 +1216,14 @@ static void php_imap_do_open(INTERNAL_FU
}
/* local filename, need to perform open_basedir and safe_mode checks */
- if (mailbox[0] != '{' &&
- (php_check_open_basedir(mailbox TSRMLS_CC) ||
- (PG(safe_mode) && !php_checkuid(mailbox, NULL, CHECKUID_CHECK_FILE_AND_DIR)))) {
- RETURN_FALSE;
+ if (mailbox[0] != '{') {
+ if (strlen(mailbox) != mailbox_len) {
+ RETURN_FALSE;
+ }
+ if (php_check_open_basedir(mailbox TSRMLS_CC) ||
+ (PG(safe_mode) && !php_checkuid(mailbox, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
+ RETURN_FALSE;
+ }
}
IMAPG(imap_user) = estrndup(user, user_len);
diff -up php-5.3.3/ext/oci8/oci8_interface.c.cve7243 php-5.3.3/ext/oci8/oci8_interface.c
--- php-5.3.3/ext/oci8/oci8_interface.c.cve7243 2010-01-06 19:58:16.000000000 +0100
+++ php-5.3.3/ext/oci8/oci8_interface.c 2013-05-03 11:57:08.294141621 +0200
@@ -271,6 +271,10 @@ PHP_FUNCTION(oci_lob_load)
return;
}
}
+
+ if (strlen(filename) != filename_len) {
+ RETURN_FALSE;
+ }
if (zend_hash_find(Z_OBJPROP_P(z_descriptor), "descriptor", sizeof("descriptor"), (void **)&tmp) == FAILURE) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to find descriptor property");
@@ -662,7 +666,7 @@ PHP_FUNCTION(oci_lob_erase)
RETURN_FALSE;
}
}
-
+
if (zend_hash_find(Z_OBJPROP_P(z_descriptor), "descriptor", sizeof("descriptor"), (void **)&tmp) == FAILURE) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to find descriptor property");
RETURN_FALSE;
@@ -918,6 +922,10 @@ PHP_FUNCTION(oci_lob_export)
/* nothing to write, fail silently */
RETURN_FALSE;
}
+
+ if (strlen(filename) != filename_len) {
+ RETURN_FALSE;
+ }
if (PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
RETURN_FALSE;
diff -up php-5.3.3/ext/odbc/php_odbc.c.cve7243 php-5.3.3/ext/odbc/php_odbc.c
--- php-5.3.3/ext/odbc/php_odbc.c.cve7243 2013-05-03 11:57:08.067140362 +0200
+++ php-5.3.3/ext/odbc/php_odbc.c 2013-05-03 11:57:08.294141621 +0200
@@ -1300,8 +1300,11 @@ PHP_FUNCTION(odbc_execute)
if (Z_STRLEN_PP(tmp) > 2 &&
Z_STRVAL_PP(tmp)[0] == '\'' &&
Z_STRVAL_PP(tmp)[Z_STRLEN_PP(tmp) - 1] == '\'') {
+ if (strlen(tmp) != Z_STRLEN_PP(tmp)) {
+ RETURN_FALSE;
+ }
+
filename = estrndup(&Z_STRVAL_PP(tmp)[1], Z_STRLEN_PP(tmp) - 2);
- filename[strlen(filename)] = '\0';
/* Check for safe mode. */
if (PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
diff -up php-5.3.3/ext/openssl/openssl.c.cve7243 php-5.3.3/ext/openssl/openssl.c
--- php-5.3.3/ext/openssl/openssl.c.cve7243 2013-05-03 11:57:08.184141011 +0200
+++ php-5.3.3/ext/openssl/openssl.c 2013-05-03 11:57:08.295141627 +0200
@@ -1771,6 +1771,10 @@ PHP_FUNCTION(openssl_pkcs12_export_to_fi
return;
RETVAL_FALSE;
+
+ if (strlen(filename) != filename_len) {
+ return;
+ }
cert = php_openssl_x509_from_zval(zcert, 0, &certresource TSRMLS_CC);
if (cert == NULL) {
@@ -2218,6 +2222,10 @@ PHP_FUNCTION(openssl_csr_export_to_file)
}
RETVAL_FALSE;
+ if (strlen(filename) != filename_len) {
+ return;
+ }
+
csr = php_openssl_csr_from_zval(&zcsr, 0, &csr_resource TSRMLS_CC);
if (csr == NULL) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "cannot get CSR from parameter 1");
@@ -3002,6 +3010,10 @@ PHP_FUNCTION(openssl_pkey_export_to_file
}
RETVAL_FALSE;
+ if (strlen(filename) != filename_len) {
+ return;
+ }
+
key = php_openssl_evp_from_zval(zpkey, 0, passphrase, 0, &key_resource TSRMLS_CC);
if (key == NULL) {
@@ -3394,7 +3406,14 @@ PHP_FUNCTION(openssl_pkcs7_encrypt)
&outfilename, &outfilename_len, &zrecipcerts, &zheaders, &flags, &cipherid) == FAILURE)
return;
-
+ if (strlen(infilename) != infilename_len) {
+ return;
+ }
+
+ if (strlen(outfilename) != outfilename_len) {
+ return;
+ }
+
if (php_openssl_safe_mode_chk(infilename TSRMLS_CC) || php_openssl_safe_mode_chk(outfilename TSRMLS_CC)) {
return;
}
@@ -3526,14 +3545,22 @@ PHP_FUNCTION(openssl_pkcs7_sign)
char * outfilename; int outfilename_len;
char * extracertsfilename = NULL; int extracertsfilename_len;
+ RETVAL_FALSE;
+
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ssZZa!|ls",
&infilename, &infilename_len, &outfilename, &outfilename_len,
&zcert, &zprivkey, &zheaders, &flags, &extracertsfilename,
&extracertsfilename_len) == FAILURE) {
return;
}
-
- RETVAL_FALSE;
+
+ if (strlen(infilename) != infilename_len) {
+ return;
+ }
+
+ if (strlen(outfilename) != outfilename_len) {
+ return;
+ }
if (extracertsfilename) {
others = load_all_certs_from_file(extracertsfilename);
@@ -3630,12 +3657,20 @@ PHP_FUNCTION(openssl_pkcs7_decrypt)
char * infilename; int infilename_len;
char * outfilename; int outfilename_len;
+ RETVAL_FALSE;
+
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ssZ|Z", &infilename, &infilename_len,
&outfilename, &outfilename_len, &recipcert, &recipkey) == FAILURE) {
return;
}
- RETVAL_FALSE;
+ if (strlen(infilename) != infilename_len) {
+ return;
+ }
+
+ if (strlen(outfilename) != outfilename_len) {
+ return;
+ }
cert = php_openssl_x509_from_zval(recipcert, 0, &certresval TSRMLS_CC);
if (cert == NULL) {
diff -up php-5.3.3/ext/pgsql/pgsql.c.cve7243 php-5.3.3/ext/pgsql/pgsql.c
--- php-5.3.3/ext/pgsql/pgsql.c.cve7243 2010-05-01 20:27:42.000000000 +0200
+++ php-5.3.3/ext/pgsql/pgsql.c 2013-05-03 11:57:08.297141638 +0200
@@ -3339,6 +3339,10 @@ PHP_FUNCTION(pg_lo_import)
WRONG_PARAM_COUNT;
}
+ if (strlen(file_in) != name_len) {
+ RETURN_FALSE;
+ }
+
if (PG(safe_mode) &&(!php_checkuid(file_in, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
RETURN_FALSE;
}
@@ -3476,6 +3480,10 @@ PHP_FUNCTION(pg_lo_export)
RETURN_FALSE;
}
+ if (strlen(file_out) != name_len) {
+ RETURN_FALSE;
+ }
+
if (PG(safe_mode) &&(!php_checkuid(file_out, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
RETURN_FALSE;
}
diff -up php-5.3.3/ext/posix/posix.c.cve7243 php-5.3.3/ext/posix/posix.c
--- php-5.3.3/ext/posix/posix.c.cve7243 2010-06-26 18:03:39.000000000 +0200
+++ php-5.3.3/ext/posix/posix.c 2013-05-03 11:57:08.297141638 +0200
@@ -842,6 +842,10 @@ PHP_FUNCTION(posix_mkfifo)
RETURN_FALSE;
}
+ if (strlen(path) != path_len) {
+ RETURN_FALSE;
+ }
+
if (php_check_open_basedir_ex(path, 0 TSRMLS_CC) ||
(PG(safe_mode) && (!php_checkuid(path, NULL, CHECKUID_ALLOW_ONLY_DIR)))) {
RETURN_FALSE;
@@ -877,6 +881,10 @@ PHP_FUNCTION(posix_mknod)
RETURN_FALSE;
}
+ if (strlen(path) != path_len) {
+ RETURN_FALSE;
+ }
+
if (php_check_open_basedir_ex(path, 0 TSRMLS_CC) ||
(PG(safe_mode) && (!php_checkuid(path, NULL, CHECKUID_ALLOW_ONLY_DIR)))) {
RETURN_FALSE;
@@ -957,6 +965,10 @@ PHP_FUNCTION(posix_access)
RETURN_FALSE;
}
+ if (strlen(filename) != filename_len) {
+ RETURN_FALSE;
+ }
+
path = expand_filepath(filename, NULL TSRMLS_CC);
if (!path) {
POSIX_G(last_error) = EIO;
diff -up php-5.3.3/ext/pspell/pspell.c.cve7243 php-5.3.3/ext/pspell/pspell.c
--- php-5.3.3/ext/pspell/pspell.c.cve7243 2010-01-03 10:23:27.000000000 +0100
+++ php-5.3.3/ext/pspell/pspell.c 2013-05-03 11:57:08.298141644 +0200
@@ -402,6 +402,10 @@ static PHP_FUNCTION(pspell_new_personal)
}
#endif
+ if (strlen(personal) != personal_len) {
+ RETURN_FALSE;
+ }
+
if (PG(safe_mode) && (!php_checkuid(personal, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
delete_pspell_config(config);
RETURN_FALSE;
@@ -834,6 +838,10 @@ static void pspell_config_path(INTERNAL_
return;
}
+ if (strlen(value) != value_len) {
+ RETURN_FALSE;
+ }
+
PSPELL_FETCH_CONFIG;
if (PG(safe_mode) && (!php_checkuid(value, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
@@ -891,6 +899,10 @@ static PHP_FUNCTION(pspell_config_repl)
pspell_config_replace(config, "save-repl", "true");
+ if (strlen(repl) != repl_len) {
+ RETURN_FALSE;
+ }
+
if (PG(safe_mode) && (!php_checkuid(repl, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
RETURN_FALSE;
}
diff -up php-5.3.3/ext/sqlite3/sqlite3.c.cve7243 php-5.3.3/ext/sqlite3/sqlite3.c
--- php-5.3.3/ext/sqlite3/sqlite3.c.cve7243 2010-06-21 13:06:31.000000000 +0200
+++ php-5.3.3/ext/sqlite3/sqlite3.c 2013-05-03 11:57:08.299141649 +0200
@@ -114,6 +114,9 @@ PHP_METHOD(sqlite3, open)
zend_throw_exception(zend_exception_get_default(TSRMLS_C), "Already initialised DB Object", 0 TSRMLS_CC);
}
+ if (strlen(filename) != filename_len) {
+ return;
+ }
if (strncmp(filename, ":memory:", 8) != 0) {
if (!(fullpath = expand_filepath(filename, NULL TSRMLS_CC))) {
zend_throw_exception(zend_exception_get_default(TSRMLS_C), "Unable to expand filepath", 0 TSRMLS_CC);
diff -up php-5.3.3/ext/sqlite/sqlite.c.cve7243 php-5.3.3/ext/sqlite/sqlite.c
--- php-5.3.3/ext/sqlite/sqlite.c.cve7243 2010-04-28 14:10:10.000000000 +0200
+++ php-5.3.3/ext/sqlite/sqlite.c 2013-05-03 11:57:08.298141644 +0200
@@ -1560,6 +1560,9 @@ PHP_FUNCTION(sqlite_popen)
ZVAL_NULL(errmsg);
}
+ if (strlen(filename) != filename_len) {
+ RETURN_FALSE;
+ }
if (strncmp(filename, ":memory:", sizeof(":memory:") - 1)) {
/* resolve the fully-qualified path name to use as the hash key */
if (!(fullpath = expand_filepath(filename, NULL TSRMLS_CC))) {
@@ -1637,6 +1640,9 @@ PHP_FUNCTION(sqlite_open)
ZVAL_NULL(errmsg);
}
+ if (strlen(filename) != filename_len) {
+ RETURN_FALSE;
+ }
if (strncmp(filename, ":memory:", sizeof(":memory:") - 1)) {
/* resolve the fully-qualified path name to use as the hash key */
if (!(fullpath = expand_filepath(filename, NULL TSRMLS_CC))) {
@@ -1690,6 +1696,10 @@ PHP_FUNCTION(sqlite_factory)
ZVAL_NULL(errmsg);
}
+ if (strlen(filename) != filename_len) {
+ RETURN_FALSE;
+ }
+
if (strncmp(filename, ":memory:", sizeof(":memory:") - 1)) {
/* resolve the fully-qualified path name to use as the hash key */
if (!(fullpath = expand_filepath(filename, NULL TSRMLS_CC))) {
diff -up php-5.3.3/ext/standard/basic_functions.c.cve7243 php-5.3.3/ext/standard/basic_functions.c
--- php-5.3.3/ext/standard/basic_functions.c.cve7243 2013-05-03 11:57:08.078140423 +0200
+++ php-5.3.3/ext/standard/basic_functions.c 2013-05-03 11:57:08.300141655 +0200
@@ -4667,6 +4667,12 @@ PHP_FUNCTION(error_log)
opt_err = erropt;
}
+ if (opt_err == 3) {
+ if (strlen(opt) != opt_len) {
+ RETURN_FALSE;
+ }
+ }
+
if (_php_error_log_ex(opt_err, message, message_len, opt, headers TSRMLS_CC) == FAILURE) {
RETURN_FALSE;
}
@@ -5155,6 +5161,10 @@ PHP_FUNCTION(highlight_file)
RETURN_FALSE;
}
+ if (strlen(filename) != filename_len) {
+ RETURN_FALSE;
+ }
+
if (i) {
php_start_ob_buffer (NULL, 0, 1 TSRMLS_CC);
}
@@ -5201,6 +5211,10 @@ PHP_FUNCTION(php_strip_whitespace)
RETURN_FALSE;
}
+ if (strlen(filename) != filename_len) {
+ RETURN_FALSE;
+ }
+
file_handle.type = ZEND_HANDLE_FILENAME;
file_handle.filename = filename;
file_handle.free_filename = 0;
@@ -5461,6 +5475,11 @@ PHP_FUNCTION(set_include_path)
return;
}
+ /* No nulls allowed in paths */
+ if (strlen(new_value) != new_value_len) {
+ RETURN_FALSE;
+ }
+
old_value = zend_ini_string("include_path", sizeof("include_path"), 0);
/* copy to return here, because alter might free it! */
if (old_value) {
@@ -5771,6 +5790,10 @@ PHP_FUNCTION(is_uploaded_file)
return;
}
+ if (strlen(path) != path_len) {
+ RETURN_FALSE;
+ }
+
if (zend_hash_exists(SG(rfc1867_uploaded_files), path, path_len + 1)) {
RETURN_TRUE;
} else {
@@ -5811,6 +5834,14 @@ PHP_FUNCTION(move_uploaded_file)
RETURN_FALSE;
}
+ if (strlen(path) != path_len) {
+ RETURN_FALSE;
+ }
+
+ if (strlen(new_path) != new_path_len) {
+ RETURN_FALSE;
+ }
+
VCWD_UNLINK(new_path);
if (VCWD_RENAME(path, new_path) == 0) {
successful = 1;
@@ -5954,6 +5985,10 @@ PHP_FUNCTION(parse_ini_file)
RETURN_FALSE;
}
+ if (strlen(filename) != filename_len) {
+ RETURN_FALSE;
+ }
+
/* Set callback function */
if (process_sections) {
BG(active_ini_file_section) = NULL;
diff -up php-5.3.3/ext/standard/dir.c.cve7243 php-5.3.3/ext/standard/dir.c
--- php-5.3.3/ext/standard/dir.c.cve7243 2010-06-26 18:03:39.000000000 +0200
+++ php-5.3.3/ext/standard/dir.c 2013-05-03 11:57:08.301141660 +0200
@@ -325,6 +325,10 @@ PHP_FUNCTION(chdir)
RETURN_FALSE;
}
+ if (strlen(str) != str_len) {
+ RETURN_FALSE;
+ }
+
if ((PG(safe_mode) && !php_checkuid(str, NULL, CHECKUID_CHECK_FILE_AND_DIR)) || php_check_open_basedir(str TSRMLS_CC)) {
RETURN_FALSE;
}
@@ -436,6 +440,10 @@ PHP_FUNCTION(glob)
return;
}
+ if (strlen(pattern) != pattern_len) {
+ RETURN_FALSE;
+ }
+
if (pattern_len >= MAXPATHLEN) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Pattern exceeds the maximum allowed length of %d characters", MAXPATHLEN);
RETURN_FALSE;
@@ -557,6 +565,10 @@ PHP_FUNCTION(scandir)
return;
}
+ if (strlen(dirn) != dirn_len) {
+ RETURN_FALSE;
+ }
+
if (dirn_len < 1) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Directory name cannot be empty");
RETURN_FALSE;
diff -up php-5.3.3/ext/standard/file.c.cve7243 php-5.3.3/ext/standard/file.c
--- php-5.3.3/ext/standard/file.c.cve7243 2013-05-03 11:57:08.024140124 +0200
+++ php-5.3.3/ext/standard/file.c 2013-05-03 11:57:08.302141666 +0200
@@ -382,6 +382,10 @@ PHP_FUNCTION(get_meta_tags)
return;
}
+ if (strlen(filename) != filename_len) {
+ RETURN_FALSE;
+ }
+
md.stream = php_stream_open_wrapper(filename, "rb",
(use_include_path ? USE_PATH : 0) | ENFORCE_SAFE_MODE | REPORT_ERRORS,
NULL);
@@ -535,6 +539,10 @@ PHP_FUNCTION(file_get_contents)
return;
}
+ if (strlen(filename) != filename_len) {
+ RETURN_FALSE;
+ }
+
if (ZEND_NUM_ARGS() == 5 && maxlen < 0) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "length must be greater than or equal to zero");
RETURN_FALSE;
@@ -592,6 +600,10 @@ PHP_FUNCTION(file_put_contents)
return;
}
+ if (strlen(filename) != filename_len) {
+ RETURN_FALSE;
+ }
+
if (Z_TYPE_P(data) == IS_RESOURCE) {
php_stream_from_zval(srcstream, &data);
}
@@ -736,6 +748,11 @@ PHP_FUNCTION(file)
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|lr!", &filename, &filename_len, &flags, &zcontext) == FAILURE) {
return;
}
+
+ if (strlen(filename) != filename_len) {
+ RETURN_FALSE;
+ }
+
if (flags < 0 || flags > (PHP_FILE_USE_INCLUDE_PATH | PHP_FILE_IGNORE_NEW_LINES | PHP_FILE_SKIP_EMPTY_LINES | PHP_FILE_NO_DEFAULT_CONTEXT)) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "'%ld' flag is not supported", flags);
RETURN_FALSE;
@@ -833,6 +850,14 @@ PHP_FUNCTION(tempnam)
return;
}
+ if (strlen(dir) != dir_len) {
+ RETURN_FALSE;
+ }
+
+ if (strlen(prefix) != prefix_len) {
+ RETURN_FALSE;
+ }
+
if (PG(safe_mode) &&(!php_checkuid(dir, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
RETURN_FALSE;
}
@@ -891,6 +916,10 @@ PHP_NAMED_FUNCTION(php_if_fopen)
RETURN_FALSE;
}
+ if (strlen(filename) != filename_len) {
+ RETURN_FALSE;
+ }
+
context = php_stream_context_from_zval(zcontext, 0);
stream = php_stream_open_wrapper_ex(filename, mode, (use_include_path ? USE_PATH : 0) | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, context);
@@ -1394,6 +1423,10 @@ PHP_FUNCTION(mkdir)
RETURN_FALSE;
}
+ if (strlen(dir) != dir_len) {
+ RETURN_FALSE;
+ }
+
context = php_stream_context_from_zval(zcontext, 0);
RETURN_BOOL(php_stream_mkdir(dir, mode, (recursive ? PHP_STREAM_MKDIR_RECURSIVE : 0) | REPORT_ERRORS, context));
@@ -1413,6 +1446,10 @@ PHP_FUNCTION(rmdir)
RETURN_FALSE;
}
+ if (strlen(dir) != dir_len) {
+ RETURN_FALSE;
+ }
+
context = php_stream_context_from_zval(zcontext, 0);
RETURN_BOOL(php_stream_rmdir(dir, REPORT_ERRORS, context));
@@ -1435,6 +1472,10 @@ PHP_FUNCTION(readfile)
RETURN_FALSE;
}
+ if (strlen(filename) != filename_len) {
+ RETURN_FALSE;
+ }
+
context = php_stream_context_from_zval(zcontext, 0);
stream = php_stream_open_wrapper_ex(filename, "rb", (use_include_path ? USE_PATH : 0) | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, context);
@@ -1508,6 +1549,14 @@ PHP_FUNCTION(rename)
RETURN_FALSE;
}
+ if (strlen(old_name) != old_name_len) {
+ RETURN_FALSE;
+ }
+
+ if (strlen(new_name) != new_name_len) {
+ RETURN_FALSE;
+ }
+
wrapper = php_stream_locate_url_wrapper(old_name, NULL, 0 TSRMLS_CC);
if (!wrapper || !wrapper->wops) {
@@ -1545,6 +1594,10 @@ PHP_FUNCTION(unlink)
RETURN_FALSE;
}
+ if (strlen(filename) != filename_len) {
+ RETURN_FALSE;
+ }
+
context = php_stream_context_from_zval(zcontext, 0);
wrapper = php_stream_locate_url_wrapper(filename, NULL, 0 TSRMLS_CC);
@@ -1681,6 +1734,14 @@ PHP_FUNCTION(copy)
return;
}
+ if (strlen(source) != source_len) {
+ RETURN_FALSE;
+ }
+
+ if (strlen(target) != target_len) {
+ RETURN_FALSE;
+ }
+
if (PG(safe_mode) &&(!php_checkuid(source, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
RETURN_FALSE;
}
@@ -2372,6 +2433,10 @@ PHP_FUNCTION(realpath)
return;
}
+ if (strlen(filename) != filename_len) {
+ RETURN_FALSE;
+ }
+
if (VCWD_REALPATH(filename, resolved_path_buff)) {
if (PG(safe_mode) && (!php_checkuid(resolved_path_buff, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
RETURN_FALSE;
@@ -2514,6 +2579,14 @@ PHP_FUNCTION(fnmatch)
return;
}
+ if (strlen(pattern) != pattern_len) {
+ RETURN_FALSE;
+ }
+
+ if (strlen(filename) != filename_len) {
+ RETURN_FALSE;
+ }
+
if (filename_len >= MAXPATHLEN) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Filename exceeds the maximum allowed length of %d characters", MAXPATHLEN);
RETURN_FALSE;
diff -up php-5.3.3/ext/standard/filestat.c.cve7243 php-5.3.3/ext/standard/filestat.c
--- php-5.3.3/ext/standard/filestat.c.cve7243 2010-01-03 10:23:27.000000000 +0100
+++ php-5.3.3/ext/standard/filestat.c 2013-05-03 11:57:08.302141666 +0200
@@ -379,6 +379,10 @@ PHP_FUNCTION(disk_free_space)
RETURN_FALSE;
}
+ if (strlen(path) != path_len) {
+ RETURN_FALSE;
+ }
+
if (php_disk_free_space(path, &bytesfree TSRMLS_CC) == SUCCESS) {
RETURN_DOUBLE(bytesfree);
}
@@ -399,6 +403,10 @@ static void php_do_chgrp(INTERNAL_FUNCTI
RETURN_FALSE;
}
+ if (strlen(filename) != filename_len) {
+ RETURN_FALSE;
+ }
+
if (Z_TYPE_P(group) == IS_LONG) {
gid = (gid_t)Z_LVAL_P(group);
} else if (Z_TYPE_P(group) == IS_STRING) {
@@ -500,6 +508,10 @@ static void php_do_chown(INTERNAL_FUNCTI
return;
}
+ if (strlen(filename) != filename_len) {
+ RETURN_FALSE;
+ }
+
if (Z_TYPE_P(user) == IS_LONG) {
uid = (uid_t)Z_LVAL_P(user);
} else if (Z_TYPE_P(user) == IS_STRING) {
@@ -607,6 +619,10 @@ PHP_FUNCTION(chmod)
RETURN_FALSE;
}
+ if (strlen(filename) != filename_len) {
+ RETURN_FALSE;
+ }
+
/* Check the basedir */
if (php_check_open_basedir(filename TSRMLS_CC)) {
RETURN_FALSE;
@@ -660,6 +676,10 @@ PHP_FUNCTION(touch)
return;
}
+ if (strlen(filename) != filename_len) {
+ RETURN_FALSE;
+ }
+
switch (argc) {
case 1:
#ifdef HAVE_UTIME_NULL
@@ -715,8 +735,9 @@ PHP_FUNCTION(touch)
PHPAPI void php_clear_stat_cache(zend_bool clear_realpath_cache, const char *filename, int filename_len TSRMLS_DC)
{
/* always clear CurrentStatFile and CurrentLStatFile even if filename is not NULL
- * as it may contains outdated data (e.g. "nlink" for a directory when deleting a file
+ * as it may contain outdated data (e.g. "nlink" for a directory when deleting a file
* in this directory, as shown by lstat_stat_variation9.phpt) */
+
if (BG(CurrentStatFile)) {
efree(BG(CurrentStatFile));
BG(CurrentStatFile) = NULL;
@@ -777,6 +798,10 @@ PHPAPI void php_stat(const char *filenam
RETURN_FALSE;
}
+ if (strlen(filename) != filename_length) {
+ RETURN_FALSE;
+ }
+
if ((wrapper = php_stream_locate_url_wrapper(filename, &local, 0 TSRMLS_CC)) == &php_plain_files_wrapper) {
if (php_check_open_basedir(local TSRMLS_CC)) {
RETURN_FALSE;
diff -up php-5.3.3/ext/standard/ftok.c.cve7243 php-5.3.3/ext/standard/ftok.c
--- php-5.3.3/ext/standard/ftok.c.cve7243 2010-01-03 10:23:27.000000000 +0100
+++ php-5.3.3/ext/standard/ftok.c 2013-05-03 11:57:08.302141666 +0200
@@ -39,6 +39,10 @@ PHP_FUNCTION(ftok)
return;
}
+ if (strlen(pathname) != pathname_len) {
+ RETURN_FALSE;
+ }
+
if (pathname_len == 0){
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Pathname is invalid");
RETURN_LONG(-1);
diff -up php-5.3.3/ext/standard/iptc.c.cve7243 php-5.3.3/ext/standard/iptc.c
--- php-5.3.3/ext/standard/iptc.c.cve7243 2010-01-03 10:23:27.000000000 +0100
+++ php-5.3.3/ext/standard/iptc.c 2013-05-03 11:57:08.302141666 +0200
@@ -190,6 +190,10 @@ PHP_FUNCTION(iptcembed)
return;
}
+ if (strlen(jpeg_file) != jpeg_file_len) {
+ RETURN_FALSE;
+ }
+
if (PG(safe_mode) && (!php_checkuid(jpeg_file, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
RETURN_FALSE;
}
diff -up php-5.3.3/ext/standard/link.c.cve7243 php-5.3.3/ext/standard/link.c
--- php-5.3.3/ext/standard/link.c.cve7243 2010-01-03 10:23:27.000000000 +0100
+++ php-5.3.3/ext/standard/link.c 2013-05-03 11:57:08.303141671 +0200
@@ -64,6 +64,10 @@ PHP_FUNCTION(readlink)
return;
}
+ if (strlen(link) != link_len) {
+ RETURN_FALSE;
+ }
+
if (PG(safe_mode) && !php_checkuid(link, NULL, CHECKUID_CHECK_FILE_AND_DIR)) {
RETURN_FALSE;
}
@@ -123,6 +127,14 @@ PHP_FUNCTION(symlink)
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ss", &topath, &topath_len, &frompath, &frompath_len) == FAILURE) {
return;
}
+
+ if (strlen(topath) != topath_len) {
+ RETURN_FALSE;
+ }
+
+ if (strlen(frompath) != frompath_len) {
+ RETURN_FALSE;
+ }
if (!expand_filepath(frompath, source_p TSRMLS_CC)) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "No such file or directory");
@@ -188,6 +200,14 @@ PHP_FUNCTION(link)
return;
}
+ if (strlen(topath) != topath_len) {
+ RETURN_FALSE;
+ }
+
+ if (strlen(frompath) != frompath_len) {
+ RETURN_FALSE;
+ }
+
if (!expand_filepath(frompath, source_p TSRMLS_CC) || !expand_filepath(topath, dest_p TSRMLS_CC)) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "No such file or directory");
RETURN_FALSE;
diff -up php-5.3.3/ext/tidy/tidy.c.cve7243 php-5.3.3/ext/tidy/tidy.c
--- php-5.3.3/ext/tidy/tidy.c.cve7243 2010-03-12 11:28:59.000000000 +0100
+++ php-5.3.3/ext/tidy/tidy.c 2013-05-03 11:57:08.303141671 +0200
@@ -567,6 +567,9 @@ static void php_tidy_quick_repair(INTERN
}
if (is_file) {
+ if (strlen(arg1) != arg1_len) {
+ RETURN_FALSE;
+ }
if (!(data = php_tidy_file_to_mem(arg1, use_include_path, &data_len TSRMLS_CC))) {
RETURN_FALSE;
}
@@ -1221,6 +1224,9 @@ static PHP_FUNCTION(tidy_parse_file)
RETURN_FALSE;
}
+ if (strlen(inputfile) != input_len) {
+ RETURN_FALSE;
+ }
tidy_instanciate(tidy_ce_doc, return_value TSRMLS_CC);
obj = (PHPTidyObj *) zend_object_store_get_object(return_value TSRMLS_CC);
@@ -1534,10 +1540,13 @@ static TIDY_DOC_METHOD(__construct)
&options, &enc, &enc_len, &use_include_path) == FAILURE) {
RETURN_FALSE;
}
-
+
obj = (PHPTidyObj *)zend_object_store_get_object(object TSRMLS_CC);
if (inputfile) {
+ if (strlen(inputfile) != input_len) {
+ RETURN_FALSE;
+ }
if (!(contents = php_tidy_file_to_mem(inputfile, use_include_path, &contents_len TSRMLS_CC))) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot Load '%s' into memory %s", inputfile, (use_include_path) ? "(Using include path)" : "");
return;
@@ -1568,7 +1577,10 @@ static TIDY_DOC_METHOD(parseFile)
&options, &enc, &enc_len, &use_include_path) == FAILURE) {
RETURN_FALSE;
}
-
+
+ if (strlen(inputfile) != input_len) {
+ RETURN_FALSE;
+ }
if (!(contents = php_tidy_file_to_mem(inputfile, use_include_path, &contents_len TSRMLS_CC))) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot Load '%s' into memory %s", inputfile, (use_include_path) ? "(Using include path)" : "");
RETURN_FALSE;
diff -up php-5.3.3/ext/xsl/xsltprocessor.c.cve7243 php-5.3.3/ext/xsl/xsltprocessor.c
--- php-5.3.3/ext/xsl/xsltprocessor.c.cve7243 2013-05-03 11:57:08.259141427 +0200
+++ php-5.3.3/ext/xsl/xsltprocessor.c 2013-05-03 11:57:08.303141671 +0200
@@ -690,6 +690,9 @@ PHP_FUNCTION(xsl_xsltprocessor_transform
ret = -1;
if (newdocp) {
+ if (strlen(uri) != uri_len) {
+ RETURN_FALSE;
+ }
ret = xsltSaveResultToFilename(uri, newdocp, sheetp, 0);
xmlFreeDoc(newdocp);
}
@@ -893,7 +896,7 @@ PHP_FUNCTION(xsl_xsltprocessor_set_profi
if (intern->profiling) {
efree(intern->profiling);
}
- if (filename != NULL) {
+ if (filename != NULL && strlen(filename) == filename_len) {
intern->profiling = estrndup(filename,filename_len);
} else {
intern->profiling = NULL;
diff -up php-5.3.3/ext/zip/php_zip.c.cve7243 php-5.3.3/ext/zip/php_zip.c
--- php-5.3.3/ext/zip/php_zip.c.cve7243 2013-05-03 11:57:08.141140773 +0200
+++ php-5.3.3/ext/zip/php_zip.c 2013-05-03 11:59:23.507871248 +0200
@@ -1148,6 +1148,10 @@ static PHP_NAMED_FUNCTION(zif_zip_open)
RETURN_FALSE;
}
+ if (strlen(filename) != filename_len) {
+ RETURN_FALSE;
+ }
+
if (ZIP_OPENBASEDIR_CHECKPATH(filename)) {
RETURN_FALSE;
}
@@ -1437,6 +1441,10 @@ static ZIPARCHIVE_METHOD(open)
RETURN_FALSE;
}
+ if (strlen(filename) != filename_len) {
+ RETURN_FALSE;
+ }
+
if (ZIP_OPENBASEDIR_CHECKPATH(filename)) {
RETURN_FALSE;
}
@@ -2363,6 +2371,10 @@ static ZIPARCHIVE_METHOD(extractTo)
RETURN_FALSE;
}
+ if (strlen(pathto) != pathto_len) {
+ RETURN_FALSE;
+ }
+
if (php_stream_stat_path(pathto, &ssb) < 0) {
ret = php_stream_mkdir(pathto, 0777, PHP_STREAM_MKDIR_RECURSIVE, NULL);
if (!ret) {
@@ -2449,6 +2461,9 @@ static void php_zip_get_from(INTERNAL_FU
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|ll", &filename, &filename_len, &len, &flags) == FAILURE) {
return;
}
+ if (strlen(filename) != filename_len) {
+ return;
+ }
PHP_ZIP_STAT_PATH(intern, filename, filename_len, flags, sb);
} else {
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "l|ll", &index, &len, &flags) == FAILURE) {
diff -up php-5.3.3/main/fopen_wrappers.c.cve7243 php-5.3.3/main/fopen_wrappers.c
--- php-5.3.3/main/fopen_wrappers.c.cve7243 2010-04-22 00:22:31.000000000 +0200
+++ php-5.3.3/main/fopen_wrappers.c 2013-05-03 11:57:08.304141677 +0200
@@ -519,6 +519,10 @@ PHPAPI char *php_resolve_path(const char
return NULL;
}
+ if (strlen(filename) != filename_length) {
+ return NULL;
+ }
+
/* Don't resolve paths which contain protocol (except of file://) */
for (p = filename; isalnum((int)*p) || *p == '+' || *p == '-' || *p == '.'; p++);
if ((*p == ':') && (p - filename > 1) && (p[1] == '/') && (p[2] == '/')) {
diff -up php-5.3.3/Zend/zend_vm_execute.h.cve7243 php-5.3.3/Zend/zend_vm_execute.h
--- php-5.3.3/Zend/zend_vm_execute.h.cve7243 2010-07-05 11:08:35.000000000 +0200
+++ php-5.3.3/Zend/zend_vm_execute.h 2013-05-03 11:57:08.290141599 +0200
@@ -1880,6 +1880,16 @@ static int ZEND_FASTCALL ZEND_INCLUDE_O
return_value_used = RETURN_VALUE_USED(opline);
+ if (Z_LVAL(opline->op2.u.constant) != ZEND_EVAL && strlen(Z_STRVAL_P(inc_filename)) != Z_STRLEN_P(inc_filename)) {
+ if (Z_LVAL(opline->op2.u.constant)==ZEND_INCLUDE_ONCE ||
+ Z_LVAL(opline->op2.u.constant)==ZEND_INCLUDE) {
+ zend_message_dispatcher(ZMSG_FAILED_INCLUDE_FOPEN, Z_STRVAL_P(inc_filename) TSRMLS_CC);
+ } else {
+ zend_message_dispatcher(ZMSG_FAILED_REQUIRE_FOPEN, Z_STRVAL_P(inc_filename) TSRMLS_CC);
+ }
+ goto done;
+ }
+
switch (Z_LVAL(opline->op2.u.constant)) {
case ZEND_INCLUDE_ONCE:
case ZEND_REQUIRE_ONCE: {
@@ -1933,6 +1943,7 @@ static int ZEND_FASTCALL ZEND_INCLUDE_O
break;
EMPTY_SWITCH_DEFAULT_CASE()
}
+done:
if (inc_filename==&tmp_inc_filename) {
zval_dtor(&tmp_inc_filename);
}
@@ -5154,6 +5165,16 @@ static int ZEND_FASTCALL ZEND_INCLUDE_O
return_value_used = RETURN_VALUE_USED(opline);
+ if (Z_LVAL(opline->op2.u.constant) != ZEND_EVAL && strlen(Z_STRVAL_P(inc_filename)) != Z_STRLEN_P(inc_filename)) {
+ if (Z_LVAL(opline->op2.u.constant)==ZEND_INCLUDE_ONCE ||
+ Z_LVAL(opline->op2.u.constant)==ZEND_INCLUDE) {
+ zend_message_dispatcher(ZMSG_FAILED_INCLUDE_FOPEN, Z_STRVAL_P(inc_filename) TSRMLS_CC);
+ } else {
+ zend_message_dispatcher(ZMSG_FAILED_REQUIRE_FOPEN, Z_STRVAL_P(inc_filename) TSRMLS_CC);
+ }
+ goto done;
+ }
+
switch (Z_LVAL(opline->op2.u.constant)) {
case ZEND_INCLUDE_ONCE:
case ZEND_REQUIRE_ONCE: {
@@ -5207,6 +5228,7 @@ static int ZEND_FASTCALL ZEND_INCLUDE_O
break;
EMPTY_SWITCH_DEFAULT_CASE()
}
+done:
if (inc_filename==&tmp_inc_filename) {
zval_dtor(&tmp_inc_filename);
}
@@ -8524,6 +8546,16 @@ static int ZEND_FASTCALL ZEND_INCLUDE_O
return_value_used = RETURN_VALUE_USED(opline);
+ if (Z_LVAL(opline->op2.u.constant) != ZEND_EVAL && strlen(Z_STRVAL_P(inc_filename)) != Z_STRLEN_P(inc_filename)) {
+ if (Z_LVAL(opline->op2.u.constant)==ZEND_INCLUDE_ONCE ||
+ Z_LVAL(opline->op2.u.constant)==ZEND_INCLUDE) {
+ zend_message_dispatcher(ZMSG_FAILED_INCLUDE_FOPEN, Z_STRVAL_P(inc_filename) TSRMLS_CC);
+ } else {
+ zend_message_dispatcher(ZMSG_FAILED_REQUIRE_FOPEN, Z_STRVAL_P(inc_filename) TSRMLS_CC);
+ }
+ goto done;
+ }
+
switch (Z_LVAL(opline->op2.u.constant)) {
case ZEND_INCLUDE_ONCE:
case ZEND_REQUIRE_ONCE: {
@@ -8577,6 +8609,7 @@ static int ZEND_FASTCALL ZEND_INCLUDE_O
break;
EMPTY_SWITCH_DEFAULT_CASE()
}
+done:
if (inc_filename==&tmp_inc_filename) {
zval_dtor(&tmp_inc_filename);
}
@@ -22387,6 +22420,16 @@ static int ZEND_FASTCALL ZEND_INCLUDE_O
return_value_used = RETURN_VALUE_USED(opline);
+ if (Z_LVAL(opline->op2.u.constant) != ZEND_EVAL && strlen(Z_STRVAL_P(inc_filename)) != Z_STRLEN_P(inc_filename)) {
+ if (Z_LVAL(opline->op2.u.constant)==ZEND_INCLUDE_ONCE ||
+ Z_LVAL(opline->op2.u.constant)==ZEND_INCLUDE) {
+ zend_message_dispatcher(ZMSG_FAILED_INCLUDE_FOPEN, Z_STRVAL_P(inc_filename) TSRMLS_CC);
+ } else {
+ zend_message_dispatcher(ZMSG_FAILED_REQUIRE_FOPEN, Z_STRVAL_P(inc_filename) TSRMLS_CC);
+ }
+ goto done;
+ }
+
switch (Z_LVAL(opline->op2.u.constant)) {
case ZEND_INCLUDE_ONCE:
case ZEND_REQUIRE_ONCE: {
@@ -22440,6 +22483,7 @@ static int ZEND_FASTCALL ZEND_INCLUDE_O
break;
EMPTY_SWITCH_DEFAULT_CASE()
}
+done:
if (inc_filename==&tmp_inc_filename) {
zval_dtor(&tmp_inc_filename);
}
From 7deec592fdc57f7a4d96390d021c9ae2e9715cee Mon Sep 17 00:00:00 2001
From: Pierre Joye <pajoye@php.net>
Date: Mon, 21 Feb 2011 10:09:50 +0000
Subject: [PATCH] - fix test 025
---
ext/openssl/openssl.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index 47deeb3..5f86bb8 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -3543,14 +3543,13 @@ PHP_FUNCTION(openssl_pkcs7_sign)
char * outfilename; int outfilename_len;
char * extracertsfilename = NULL; int extracertsfilename_len;
- RETVAL_FALSE;
-
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ssZZa!|ls",
&infilename, &infilename_len, &outfilename, &outfilename_len,
&zcert, &zprivkey, &zheaders, &flags, &extracertsfilename,
&extracertsfilename_len) == FAILURE) {
return;
}
+ RETVAL_FALSE;
if (strlen(infilename) != infilename_len) {
return;
--
1.7.11.5
From 2a545be57f7ca7bc269eb9c93a07e1b85d4e8172 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Gustavo=20Andr=C3=A9=20dos=20Santos=20Lopes?=
<cataphract@php.net>
Date: Mon, 22 Nov 2010 05:10:14 +0000
Subject: [PATCH] - Fix tests for \0 patch in PHP 5.3. - Fix
constants_error_004.phpt (closes bug #51901)
---
ext/standard/tests/file/copy_variation4.phpt | Bin 4654 -> 4467 bytes
.../tests/file/disk_free_space_variation.phpt | 16 +++++------
.../file/file_get_contents_variation8-win32.phpt | 2 --
.../tests/file/file_get_contents_variation8.phpt | 2 --
.../tests/file/file_put_contents_variation8.phpt | Bin 2302 -> 2228 bytes
ext/standard/tests/file/filegroup_variation3.phpt | 4 +--
ext/standard/tests/file/fileinode_variation3.phpt | 4 +--
ext/standard/tests/file/fileowner_variation3.phpt | 4 +--
ext/standard/tests/file/fileperms_variation3.phpt | 4 +--
ext/standard/tests/file/fnmatch_variation.phpt | 30 ++++++++++-----------
ext/standard/tests/file/glob_variation.phpt | 23 +++++-----------
ext/standard/tests/file/is_dir_variation4.phpt | 4 +--
.../tests/file/is_executable_variation1.phpt | 4 +--
ext/standard/tests/file/is_file_variation4.phpt | 4 +--
.../tests/file/is_readable_variation1.phpt | 6 ++---
.../tests/file/is_writable_variation1.phpt | 12 ++++-----
.../tests/file/mkdir_rmdir_variation2.phpt | 4 +--
.../tests/file/readfile_variation10-win32.phpt | 14 +++++++---
ext/standard/tests/file/readfile_variation10.phpt | Bin 1786 -> 1847 bytes
.../tests/file/rename_variation13-win32.phpt | Bin 3947 -> 3805 bytes
ext/standard/tests/file/rename_variation13.phpt | 4 ---
ext/standard/tests/file/stream_rfc2397_006.phpt | 4 +--
.../tests/file/tempnam_variation3-win32.phpt | 5 ++--
ext/standard/tests/file/tempnam_variation3.phpt | 6 ++---
.../tests/file/tempnam_variation7-win32.phpt | 6 ++---
ext/standard/tests/file/tempnam_variation7.phpt | 6 ++---
tests/classes/constants_error_004.phpt | 2 +-
27 files changed, 81 insertions(+), 89 deletions(-)
diff --git a/ext/standard/tests/file/copy_variation4.phpt b/ext/standard/tests/file/copy_variation4.phpt
index 48386743f325e3cfedaa7712443a6af249aa9593..32756c1ede19ac8fb5e1029e4cd549b1bf42c199 100644
GIT binary patch
delta 51
zcmZ3d@>yxZ<c+rzm>82bTQfi7n4BXhH<_PLmnAJRr+BhGUo3Z0etwPyh?lCl*@yQL
F3jp%@5;6b)
delta 78
zcmV-U0I~n`BCaHmlPgzAP9iA^ARuIEWhf$ZYiV#GL~kH&Z*(AXb#5SUZXj1_Ze(wF
kb0R4_3bA&50<-i2<_MGe2+RQhlO7R5lL!hcv!D#q1Rf_E<^TWy
diff --git a/ext/standard/tests/file/disk_free_space_variation.phpt b/ext/standard/tests/file/disk_free_space_variation.phpt
index c180998..178f857 100644
--- a/ext/standard/tests/file/disk_free_space_variation.phpt
+++ b/ext/standard/tests/file/disk_free_space_variation.phpt
@@ -105,19 +105,19 @@ float(%d)
float(%d)
-- Iteration 9 --
-float(%d)
-float(%d)
+bool(false)
+bool(false)
-- Iteration 10 --
-float(%d)
-float(%d)
+bool(false)
+bool(false)
-- Iteration 11 --
-float(%d)
-float(%d)
+bool(false)
+bool(false)
-- Iteration 12 --
-float(%d)
-float(%d)
+bool(false)
+bool(false)
--- Done ---
diff --git a/ext/standard/tests/file/file_get_contents_variation8-win32.phpt b/ext/standard/tests/file/file_get_contents_variation8-win32.phpt
index 43d742a..c0074ff 100644
--- a/ext/standard/tests/file/file_get_contents_variation8-win32.phpt
+++ b/ext/standard/tests/file/file_get_contents_variation8-win32.phpt
@@ -76,8 +76,6 @@ Warning: file_get_contents( ): failed to open stream: Permission denied in %s on
bool(false)
-- Filename: \0 --
-
-Warning: file_get_contents(): Filename cannot be empty in %s on line %d
bool(false)
-- Filename: array() --
diff --git a/ext/standard/tests/file/file_get_contents_variation8.phpt b/ext/standard/tests/file/file_get_contents_variation8.phpt
index dca75a0..84621e1 100644
--- a/ext/standard/tests/file/file_get_contents_variation8.phpt
+++ b/ext/standard/tests/file/file_get_contents_variation8.phpt
@@ -68,8 +68,6 @@ bool(false)
Warning: file_get_contents( ): failed to open stream: No such file or directory in %s on line %d
bool(false)
-- Iteration 6 --
-
-Warning: file_get_contents(): Filename cannot be empty in %s on line %d
bool(false)
-- Iteration 7 --
diff --git a/ext/standard/tests/file/file_put_contents_variation8.phpt b/ext/standard/tests/file/file_put_contents_variation8.phpt
index 1e27e71334165f687b4bf263cfd56e934dbce78d..c35ace47b2c0037484e7d90885bd0876d29a7e9f 100644
GIT binary patch
delta 20
ccmew-xJ7WoU$)5?*d-_Xvhi)sW1qkX0A3phxBvhE
delta 18
acmdlY_)l=dU$)5!Y)Om^o5k4YF#-Tc0tQn6
diff --git a/ext/standard/tests/file/filegroup_variation3.phpt b/ext/standard/tests/file/filegroup_variation3.phpt
index dd875a0..c41f383 100644
--- a/ext/standard/tests/file/filegroup_variation3.phpt
+++ b/ext/standard/tests/file/filegroup_variation3.phpt
@@ -74,8 +74,8 @@ bool(false)
Warning: filegroup(): stat failed for %s/filegroup_variation3/filegroup*.tmp in %s on line %d
bool(false)
- Iteration 7 -
-int(%d)
+bool(false)
- Iteration 8 -
-int(%d)
+bool(false)
*** Done ***
diff --git a/ext/standard/tests/file/fileinode_variation3.phpt b/ext/standard/tests/file/fileinode_variation3.phpt
index c81b573..23cf3c7 100644
--- a/ext/standard/tests/file/fileinode_variation3.phpt
+++ b/ext/standard/tests/file/fileinode_variation3.phpt
@@ -75,8 +75,8 @@ bool(false)
Warning: fileinode(): stat failed for %s/fileinode_variation3/fileinode*.tmp in %s on line %d
bool(false)
- Iteration 7 -
-int(%d)
+bool(false)
- Iteration 8 -
-int(%d)
+bool(false)
*** Done ***
diff --git a/ext/standard/tests/file/fileowner_variation3.phpt b/ext/standard/tests/file/fileowner_variation3.phpt
index 2a322b6..b2691e9 100644
--- a/ext/standard/tests/file/fileowner_variation3.phpt
+++ b/ext/standard/tests/file/fileowner_variation3.phpt
@@ -75,8 +75,8 @@ bool(false)
Warning: fileowner(): stat failed for %s/fileowner_variation3/fileowner*.tmp in %s on line %d
bool(false)
- Iteration 7 -
-int(%d)
+bool(false)
- Iteration 8 -
-int(%d)
+bool(false)
*** Done ***
diff --git a/ext/standard/tests/file/fileperms_variation3.phpt b/ext/standard/tests/file/fileperms_variation3.phpt
index 38101e3..1e7396a 100644
--- a/ext/standard/tests/file/fileperms_variation3.phpt
+++ b/ext/standard/tests/file/fileperms_variation3.phpt
@@ -74,8 +74,8 @@ bool(false)
Warning: fileperms(): stat failed for %s/fileperms_variation3/fileperms*.tmp in %s on line %d
bool(false)
- Iteration 7 -
-int(%d)
+bool(false)
- Iteration 8 -
-int(%d)
+bool(false)
*** Done ***
diff --git a/ext/standard/tests/file/fnmatch_variation.phpt b/ext/standard/tests/file/fnmatch_variation.phpt
index e65bdd0..13afebb 100644
--- a/ext/standard/tests/file/fnmatch_variation.phpt
+++ b/ext/standard/tests/file/fnmatch_variation.phpt
@@ -259,21 +259,21 @@ bool(true)
--- With Strings ---
-- Iteration 0 --
bool(true)
-bool(true)
+bool(false)
bool(true)
bool(false)
bool(false)
bool(true)
-- Iteration 1 --
-bool(true)
-bool(true)
-bool(true)
bool(false)
bool(false)
-bool(true)
+bool(false)
+bool(false)
+bool(false)
+bool(false)
-- Iteration 2 --
bool(true)
-bool(true)
+bool(false)
bool(true)
bool(false)
bool(false)
@@ -282,7 +282,7 @@ bool(true)
bool(false)
bool(false)
bool(false)
-bool(true)
+bool(false)
bool(false)
bool(false)
-- Iteration 4 --
@@ -294,7 +294,7 @@ bool(true)
bool(false)
-- Iteration 5 --
bool(true)
-bool(true)
+bool(false)
bool(true)
bool(false)
bool(false)
@@ -397,28 +397,28 @@ bool(true)
bool(true)
bool(true)
bool(true)
-bool(true)
+bool(false)
bool(false)
bool(false)
-- Iteration 1 --
bool(true)
bool(true)
bool(true)
-bool(true)
+bool(false)
bool(false)
bool(false)
-- Iteration 2 --
bool(true)
bool(true)
bool(true)
-bool(true)
+bool(false)
bool(false)
bool(false)
-- Iteration 3 --
-bool(true)
-bool(true)
-bool(true)
-bool(true)
+bool(false)
+bool(false)
+bool(false)
+bool(false)
bool(false)
bool(false)
-- Iteration 4 --
diff --git a/ext/standard/tests/file/glob_variation.phpt b/ext/standard/tests/file/glob_variation.phpt
index 52c0dc8..64d3d8a 100755
--- a/ext/standard/tests/file/glob_variation.phpt
+++ b/ext/standard/tests/file/glob_variation.phpt
@@ -325,20 +325,12 @@ array(0) {
}
-- Iteration 8 --
-array(0) {
-}
-array(0) {
-}
-array(0) {
-}
-array(1) {
- [0]=>
- string(%d) "%s/glob_variation/WONDER5"
-}
-array(0) {
-}
-array(0) {
-}
+bool(false)
+bool(false)
+bool(false)
+bool(false)
+bool(false)
+bool(false)
-- Iteration 9 --
array(0) {
@@ -441,8 +433,7 @@ array(1) {
array(0) {
}
-- Iteration 8 --
-array(0) {
-}
+bool(false)
-- Iteration 9 --
array(0) {
}
diff --git a/ext/standard/tests/file/is_dir_variation4.phpt b/ext/standard/tests/file/is_dir_variation4.phpt
index a68fe0b..b83d185 100644
--- a/ext/standard/tests/file/is_dir_variation4.phpt
+++ b/ext/standard/tests/file/is_dir_variation4.phpt
@@ -77,9 +77,9 @@ bool(true)
bool(false)
-- Iteration 9 --
-bool(true)
+bool(false)
-- Iteration 10 --
-bool(true)
+bool(false)
*** Done ***
diff --git a/ext/standard/tests/file/is_executable_variation1.phpt b/ext/standard/tests/file/is_executable_variation1.phpt
index 9969911..bc826b9 100644
--- a/ext/standard/tests/file/is_executable_variation1.phpt
+++ b/ext/standard/tests/file/is_executable_variation1.phpt
@@ -76,9 +76,9 @@ bool(false)
-- Iteration 5 --
bool(false)
-- Iteration 6 --
-bool(true)
+bool(false)
-- Iteration 7 --
-bool(true)
+bool(false)
-- Iteration 8 --
bool(false)
-- Iteration 9 --
diff --git a/ext/standard/tests/file/is_file_variation4.phpt b/ext/standard/tests/file/is_file_variation4.phpt
index 55aeedf..fbdf438 100644
--- a/ext/standard/tests/file/is_file_variation4.phpt
+++ b/ext/standard/tests/file/is_file_variation4.phpt
@@ -67,8 +67,8 @@ bool(false)
- Iteration 6 -
bool(false)
- Iteration 7 -
-bool(true)
+bool(false)
- Iteration 8 -
-bool(true)
+bool(false)
*** Done ***
diff --git a/ext/standard/tests/file/is_readable_variation1.phpt b/ext/standard/tests/file/is_readable_variation1.phpt
index a131032..7493574 100644
--- a/ext/standard/tests/file/is_readable_variation1.phpt
+++ b/ext/standard/tests/file/is_readable_variation1.phpt
@@ -87,11 +87,11 @@ bool(false)
-- Iteration 6 --
bool(false)
-- Iteration 7 --
-bool(true)
+bool(false)
-- Iteration 8 --
-bool(true)
+bool(false)
-- Iteration 9 --
-bool(true)
+bool(false)
-- Iteration 10 --
bool(true)
-- Iteration 11 --
diff --git a/ext/standard/tests/file/is_writable_variation1.phpt b/ext/standard/tests/file/is_writable_variation1.phpt
index bf3e7e1..1f3cbf5 100644
--- a/ext/standard/tests/file/is_writable_variation1.phpt
+++ b/ext/standard/tests/file/is_writable_variation1.phpt
@@ -96,14 +96,14 @@ bool(false)
bool(false)
bool(false)
-- Iteration 7 --
-bool(true)
-bool(true)
+bool(false)
+bool(false)
-- Iteration 8 --
-bool(true)
-bool(true)
+bool(false)
+bool(false)
-- Iteration 9 --
-bool(true)
-bool(true)
+bool(false)
+bool(false)
-- Iteration 10 --
bool(true)
bool(true)
diff --git a/ext/standard/tests/file/mkdir_rmdir_variation2.phpt b/ext/standard/tests/file/mkdir_rmdir_variation2.phpt
index e7c41c4..101e890 100644
--- a/ext/standard/tests/file/mkdir_rmdir_variation2.phpt
+++ b/ext/standard/tests/file/mkdir_rmdir_variation2.phpt
@@ -64,8 +64,8 @@ Warning: rmdir(%s/mkdir_variation2/): %s on line %d
bool(false)
*** Testing mkdir() and rmdir() for binary safe functionality ***
-bool(true)
-bool(true)
+bool(false)
+bool(false)
*** Testing mkdir() with miscelleneous input ***
bool(true)
diff --git a/ext/standard/tests/file/readfile_variation10-win32.phpt b/ext/standard/tests/file/readfile_variation10-win32.phpt
index 6453b98..1624194 100644
--- a/ext/standard/tests/file/readfile_variation10-win32.phpt
+++ b/ext/standard/tests/file/readfile_variation10-win32.phpt
@@ -37,7 +37,7 @@ $names_arr = array(
foreach($names_arr as $key => $value) {
echo "\n-- Filename: $key --\n";
- readfile($value);
+ var_dump(readfile($value));
};
?>
@@ -48,40 +48,48 @@ foreach($names_arr as $key => $value) {
-- Filename: -1 --
Warning: readfile(-1): failed to open stream: No such file or directory in %s on line %d
+bool(false)
-- Filename: TRUE --
Warning: readfile(1): failed to open stream: No such file or directory in %s on line %d
+bool(false)
-- Filename: FALSE --
Warning: readfile(): Filename cannot be empty in %s on line %d
+bool(false)
-- Filename: NULL --
Warning: readfile(): Filename cannot be empty in %s on line %d
+bool(false)
-- Filename: "" --
Warning: readfile(): Filename cannot be empty in %s on line %d
+bool(false)
-- Filename: " " --
Warning: readfile( ): failed to open stream: Permission denied in %s on line %d
+bool(false)
-- Filename: \0 --
-
-Warning: readfile(): Filename cannot be empty in %s on line %d
+bool(false)
-- Filename: array() --
Warning: readfile() expects parameter 1 to be string, array given in %s on line %d
+bool(false)
-- Filename: /no/such/file/dir --
Warning: readfile(/no/such/file/dir): failed to open stream: No such file or directory in %s on line %d
+bool(false)
-- Filename: php/php --
Warning: readfile(php/php): failed to open stream: No such file or directory in %s on line %d
+bool(false)
===Done===
\ No newline at end of file
diff --git a/ext/standard/tests/file/readfile_variation10.phpt b/ext/standard/tests/file/readfile_variation10.phpt
index a48150aee0fcf1240a7f47b7939c317043ae037f..2caa2de1d259b0012f6f5722b441a25666b1f9b8 100644
GIT binary patch
delta 216
zcmeyxyPa=?3bRC6Vo`ibX>Nf=QEFmJT4qkFhDu&yZmQ;FBj(lIN%{FX8fl3+#X$ZY
z=1>%VBTEoTd}Y>96(sYxbafR<Qj1G6^U@X6xsW6#pJdHOG1!<b7KPu>7Au9Mo{LLM
POH08eKQC1Q$lwA1(T_+Z
delta 94
zcmdna_ltLf3Nv3(YGO)SW=^VxN?u}a>SP<{)ssInhfLnU5(vjxtRcL*x(X$!#U+_}
q=?dx$lUO7sm$T?je$1LRIg%}A@<Fy3J}xaSEd`hSyi^4sg9`vL;2zZg
diff --git a/ext/standard/tests/file/rename_variation13-win32.phpt b/ext/standard/tests/file/rename_variation13-win32.phpt
index a86025889d31bedfad6b7214ff98c1a4cd9dcd62..2cd9dbdd949d456a4e7093b3e0993f45f1c71046 100644
GIT binary patch
delta 25
gcmaDYcUN`;4>u22Qht7pMp|M{ajNF#W!y)Z0e1xn6#xJL
delta 26
icmcaB`&w=T4>u#j<b9lGlN~tyC*S5!*{s36l^Fnh^a#HI
diff --git a/ext/standard/tests/file/rename_variation13.phpt b/ext/standard/tests/file/rename_variation13.phpt
index 24697d5..2c35198 100644
--- a/ext/standard/tests/file/rename_variation13.phpt
+++ b/ext/standard/tests/file/rename_variation13.phpt
@@ -98,11 +98,7 @@ bool(true)
Warning: rename( ,%s/renameVar13/afile.tmp): No such file or directory in %s on line %d
bool(false)
-- testing '%s' --
-
-Warning: rename(%s/renameVar13/afile.tmp,): %s in %s on line %d
bool(false)
-
-Warning: rename(,%s/renameVar13/afile.tmp): %s in %s on line %d
bool(false)
-- testing 'Array' --
diff --git a/ext/standard/tests/file/stream_rfc2397_006.phpt b/ext/standard/tests/file/stream_rfc2397_006.phpt
index dab6cd5..b1b3111 100755
--- a/ext/standard/tests/file/stream_rfc2397_006.phpt
+++ b/ext/standard/tests/file/stream_rfc2397_006.phpt
@@ -21,8 +21,8 @@ foreach($streams as $stream)
===DONE===
<?php exit(0); ?>
--EXPECTF--
-string(0) ""
-string(6) "foobar"
+bool(false)
+bool(false)
string(13) "foobar foobar"
Warning: file_get_contents(data:;base64,#Zm9vYmFyIGZvb2Jhc=): failed to open stream: rfc2397: unable to decode in %sstream_rfc2397_006.php on line %d
diff --git a/ext/standard/tests/file/tempnam_variation3-win32.phpt b/ext/standard/tests/file/tempnam_variation3-win32.phpt
index fb457cb..a51a10a 100644
--- a/ext/standard/tests/file/tempnam_variation3-win32.phpt
+++ b/ext/standard/tests/file/tempnam_variation3-win32.phpt
@@ -31,8 +31,8 @@ $names_arr = array(
NULL,
"",
" ",
- "\0",
/* Invalid args */
+ "\0",
array(),
/* Valid args*/
@@ -102,7 +102,8 @@ OK
Failed, not created in the correct directory %s vs %s
0
-- Iteration 6 --
-OK
+Failed, not created in the correct directory %s vs %s
+0
-- Iteration 7 --
Warning: tempnam() expects parameter 2 to be string, array given in %s\ext\standard\tests\file\tempnam_variation3-win32.php on line %d
diff --git a/ext/standard/tests/file/tempnam_variation3.phpt b/ext/standard/tests/file/tempnam_variation3.phpt
index 69ab16c..4a0e861 100644
--- a/ext/standard/tests/file/tempnam_variation3.phpt
+++ b/ext/standard/tests/file/tempnam_variation3.phpt
@@ -100,9 +100,9 @@ File name is => %s/%s
File permissions are => 100600
File created in => directory specified
-- Iteration 6 --
-File name is => %s/%s
-File permissions are => 100600
-File created in => directory specified
+-- File is not created --
+
+Warning: unlink(): %s in %s on line %d
-- Iteration 7 --
Warning: tempnam() expects parameter 2 to be string, array given in %s on line %d
diff --git a/ext/standard/tests/file/tempnam_variation7-win32.phpt b/ext/standard/tests/file/tempnam_variation7-win32.phpt
index 34e352a..8ea839e 100644
--- a/ext/standard/tests/file/tempnam_variation7-win32.phpt
+++ b/ext/standard/tests/file/tempnam_variation7-win32.phpt
@@ -89,9 +89,9 @@ File name is => %s%et%s
File permissions are => 100666
File created in => temp dir
-- Iteration 6 --
-File name is => %s%et%s
-File permissions are => 100666
-File created in => temp dir
+-- File is not created --
+
+Warning: unlink(): %s in %s on line %d
-- Iteration 7 --
Warning: tempnam() expects parameter 1 to be string, array given in %s on line %d
diff --git a/ext/standard/tests/file/tempnam_variation7.phpt b/ext/standard/tests/file/tempnam_variation7.phpt
index 18d074d..16f94f0 100644
--- a/ext/standard/tests/file/tempnam_variation7.phpt
+++ b/ext/standard/tests/file/tempnam_variation7.phpt
@@ -94,9 +94,9 @@ File name is => %s%etempnam_variation3.tmp%s
File permissions are => 100600
File created in => temp dir
-- Iteration 6 --
-File name is => %s%etempnam_variation3.tmp%s
-File permissions are => 100600
-File created in => temp dir
+-- File is not created --
+
+Warning: unlink(): %s in %s on line %d
-- Iteration 7 --
Warning: tempnam() expects parameter 1 to be string, array given in %s on line %d
diff --git a/tests/classes/constants_error_004.phpt b/tests/classes/constants_error_004.phpt
index 732c530..03e6725 100644
--- a/tests/classes/constants_error_004.phpt
+++ b/tests/classes/constants_error_004.phpt
@@ -10,4 +10,4 @@ Class constant whose initial value refereces a non-existent class
$a = new C();
?>
--EXPECTF--
-Fatal error: Undefined class constant 'D::hello' in %s on line %d
+Fatal error: Class 'D' not found in %s on line %d
--
1.7.11.5
distrib
>
Scientific%20Linux
>
5x
>
x86_64
>
by-pkgid
>
56662f8135650f8f8f84b2c96c004eb0
>
files
>
15
