| author | Craig Mohrman <craig.mohrman@oracle.com> |
| Wed, 29 Jan 2014 18:57:31 -0800 | |
| branch | s11u1-sru |
| changeset 2926 | 73b93bcb8a2c |
| permissions | -rw-r--r-- |
|
2926
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
1 |
From |
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
2 |
http://git.php.net/?p=php-src.git;a=commitdiff;h=fc74503792b1ee92e4b813690890f3ed38fa3ad5 |
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
3 |
improve overflow checks |
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
4 |
|
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
5 |
--- php-5.2.17/main/streams/streams.c_orig 2010-01-06 04:54:53.000000000 -0800 |
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
6 |
+++ php-5.2.17/main/streams/streams.c 2013-07-09 10:14:05.583023604 -0700 |
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
7 |
@@ -2083,8 +2083,8 @@ |
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
8 |
php_stream *stream; |
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
9 |
php_stream_dirent sdp; |
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
10 |
char **vector = NULL; |
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
11 |
- int vector_size = 0; |
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
12 |
- int nfiles = 0; |
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
13 |
+ unsigned int vector_size = 0; |
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
14 |
+ unsigned int nfiles = 0; |
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
15 |
|
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
16 |
if (!namelist) {
|
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
17 |
return FAILURE; |
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
18 |
@@ -2100,9 +2100,14 @@ |
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
19 |
if (vector_size == 0) {
|
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
20 |
vector_size = 10; |
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
21 |
} else {
|
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
22 |
+ if(vector_size*2 < vector_size) {
|
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
23 |
+ /* overflow */ |
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
24 |
+ efree(vector); |
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
25 |
+ return FAILURE; |
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
26 |
+ } |
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
27 |
vector_size *= 2; |
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
28 |
} |
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
29 |
- vector = (char **) erealloc(vector, vector_size * sizeof(char *)); |
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
30 |
+ vector = (char **) safe_erealloc(vector, vector_size, sizeof(char *), 0); |
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
31 |
} |
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
32 |
|
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
33 |
vector[nfiles] = estrdup(sdp.d_name); |
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
34 |
|
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
35 |
|
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
36 |
From |
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
37 |
http://git.php.net/?p=php-src.git;a=commitdiff;h=055ecbc62878e86287d742c7246c21606cee8183 |
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
38 |
Improve check for :memory: pseudo-filename in SQlite |
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
39 |
php5.2 doesn't have sqlite3 so apply fix to sqlite. |
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
40 |
|
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
41 |
--- php-5.2.17/ext/pdo_sqlite/sqlite_driver.c_orig 2010-06-20 07:12:06.000000000 -0700 |
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
42 |
+++ php-5.2.17/ext/pdo_sqlite/sqlite_driver.c 2013-06-10 10:28:40.178224391 -0700 |
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
43 |
@@ -642,7 +642,7 @@ |
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
44 |
|
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
45 |
static char *make_filename_safe(const char *filename TSRMLS_DC) |
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
46 |
{
|
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
47 |
- if (*filename && strncmp(filename, ":memory:", sizeof(":memory:")-1)) {
|
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
48 |
+ if (*filename && memcmp(filename, ":memory:", sizeof(":memory:"))) {
|
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
49 |
char *fullpath = expand_filepath(filename, NULL TSRMLS_CC); |
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
50 |
|
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
51 |
if (!fullpath) {
|
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
52 |
--- php-5.2.17/ext/sqlite/sqlite.c_orig 2010-04-28 05:10:10.000000000 -0700 |
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
53 |
+++ php-5.2.17/ext/sqlite/sqlite.c 2013-06-10 11:08:25.397573242 -0700 |
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
54 |
@@ -747,7 +747,7 @@ |
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
55 |
return SQLITE_OK; |
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
56 |
#ifdef SQLITE_ATTACH |
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
57 |
case SQLITE_ATTACH: |
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
58 |
- if (strncmp(arg3, ":memory:", sizeof(":memory:") - 1)) {
|
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
59 |
+ if (memcmp(arg3, ":memory:", sizeof(":memory:"))) {
|
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
60 |
TSRMLS_FETCH(); |
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
61 |
if (PG(safe_mode) && (!php_checkuid(arg3, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
|
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
62 |
return SQLITE_DENY; |
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
63 |
@@ -1230,7 +1230,7 @@ |
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
64 |
ZVAL_NULL(errmsg); |
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
65 |
} |
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
66 |
|
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
67 |
- if (strncmp(filename, ":memory:", sizeof(":memory:") - 1)) {
|
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
68 |
+ if (memcmp(filename, ":memory:", sizeof(":memory:")) != 0) {
|
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
69 |
/* resolve the fully-qualified path name to use as the hash key */ |
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
70 |
if (!(fullpath = expand_filepath(filename, NULL TSRMLS_CC))) {
|
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
71 |
RETURN_FALSE; |
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
72 |
@@ -1306,7 +1306,7 @@ |
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
73 |
ZVAL_NULL(errmsg); |
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
74 |
} |
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
75 |
|
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
76 |
- if (strncmp(filename, ":memory:", sizeof(":memory:") - 1)) {
|
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
77 |
+ if (memcmp(filename, ":memory:", sizeof(":memory:")) != 0) {
|
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
78 |
/* resolve the fully-qualified path name to use as the hash key */ |
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
79 |
if (!(fullpath = expand_filepath(filename, NULL TSRMLS_CC))) {
|
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
80 |
php_std_error_handling(); |
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
81 |
@@ -1358,7 +1358,7 @@ |
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
82 |
ZVAL_NULL(errmsg); |
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
83 |
} |
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
84 |
|
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
85 |
- if (strncmp(filename, ":memory:", sizeof(":memory:") - 1)) {
|
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
86 |
+ if (memcmp(filename, ":memory:", sizeof(":memory:")) != 0) {
|
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
87 |
/* resolve the fully-qualified path name to use as the hash key */ |
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
88 |
if (!(fullpath = expand_filepath(filename, NULL TSRMLS_CC))) {
|
|
73b93bcb8a2c
16658678 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
89 |
php_std_error_handling(); |