|
1 From |
|
2 http://git.php.net/?p=php-src.git;a=commitdiff;h=fc74503792b1ee92e4b813690890f3ed38fa3ad5 |
|
3 improve overflow checks |
|
4 |
|
5 --- php-5.2.17/main/streams/streams.c_orig 2010-01-06 04:54:53.000000000 -0800 |
|
6 +++ php-5.2.17/main/streams/streams.c 2013-07-09 10:14:05.583023604 -0700 |
|
7 @@ -2083,8 +2083,8 @@ |
|
8 php_stream *stream; |
|
9 php_stream_dirent sdp; |
|
10 char **vector = NULL; |
|
11 - int vector_size = 0; |
|
12 - int nfiles = 0; |
|
13 + unsigned int vector_size = 0; |
|
14 + unsigned int nfiles = 0; |
|
15 |
|
16 if (!namelist) { |
|
17 return FAILURE; |
|
18 @@ -2100,9 +2100,14 @@ |
|
19 if (vector_size == 0) { |
|
20 vector_size = 10; |
|
21 } else { |
|
22 + if(vector_size*2 < vector_size) { |
|
23 + /* overflow */ |
|
24 + efree(vector); |
|
25 + return FAILURE; |
|
26 + } |
|
27 vector_size *= 2; |
|
28 } |
|
29 - vector = (char **) erealloc(vector, vector_size * sizeof(char *)); |
|
30 + vector = (char **) safe_erealloc(vector, vector_size, sizeof(char *), 0); |
|
31 } |
|
32 |
|
33 vector[nfiles] = estrdup(sdp.d_name); |
|
34 |
|
35 |
|
36 From |
|
37 http://git.php.net/?p=php-src.git;a=commitdiff;h=055ecbc62878e86287d742c7246c21606cee8183 |
|
38 Improve check for :memory: pseudo-filename in SQlite |
|
39 php5.2 doesn't have sqlite3 so apply fix to sqlite. |
|
40 |
|
41 --- php-5.2.17/ext/pdo_sqlite/sqlite_driver.c_orig 2010-06-20 07:12:06.000000000 -0700 |
|
42 +++ php-5.2.17/ext/pdo_sqlite/sqlite_driver.c 2013-06-10 10:28:40.178224391 -0700 |
|
43 @@ -642,7 +642,7 @@ |
|
44 |
|
45 static char *make_filename_safe(const char *filename TSRMLS_DC) |
|
46 { |
|
47 - if (*filename && strncmp(filename, ":memory:", sizeof(":memory:")-1)) { |
|
48 + if (*filename && memcmp(filename, ":memory:", sizeof(":memory:"))) { |
|
49 char *fullpath = expand_filepath(filename, NULL TSRMLS_CC); |
|
50 |
|
51 if (!fullpath) { |
|
52 --- php-5.2.17/ext/sqlite/sqlite.c_orig 2010-04-28 05:10:10.000000000 -0700 |
|
53 +++ php-5.2.17/ext/sqlite/sqlite.c 2013-06-10 11:08:25.397573242 -0700 |
|
54 @@ -747,7 +747,7 @@ |
|
55 return SQLITE_OK; |
|
56 #ifdef SQLITE_ATTACH |
|
57 case SQLITE_ATTACH: |
|
58 - if (strncmp(arg3, ":memory:", sizeof(":memory:") - 1)) { |
|
59 + if (memcmp(arg3, ":memory:", sizeof(":memory:"))) { |
|
60 TSRMLS_FETCH(); |
|
61 if (PG(safe_mode) && (!php_checkuid(arg3, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { |
|
62 return SQLITE_DENY; |
|
63 @@ -1230,7 +1230,7 @@ |
|
64 ZVAL_NULL(errmsg); |
|
65 } |
|
66 |
|
67 - if (strncmp(filename, ":memory:", sizeof(":memory:") - 1)) { |
|
68 + if (memcmp(filename, ":memory:", sizeof(":memory:")) != 0) { |
|
69 /* resolve the fully-qualified path name to use as the hash key */ |
|
70 if (!(fullpath = expand_filepath(filename, NULL TSRMLS_CC))) { |
|
71 RETURN_FALSE; |
|
72 @@ -1306,7 +1306,7 @@ |
|
73 ZVAL_NULL(errmsg); |
|
74 } |
|
75 |
|
76 - if (strncmp(filename, ":memory:", sizeof(":memory:") - 1)) { |
|
77 + if (memcmp(filename, ":memory:", sizeof(":memory:")) != 0) { |
|
78 /* resolve the fully-qualified path name to use as the hash key */ |
|
79 if (!(fullpath = expand_filepath(filename, NULL TSRMLS_CC))) { |
|
80 php_std_error_handling(); |
|
81 @@ -1358,7 +1358,7 @@ |
|
82 ZVAL_NULL(errmsg); |
|
83 } |
|
84 |
|
85 - if (strncmp(filename, ":memory:", sizeof(":memory:") - 1)) { |
|
86 + if (memcmp(filename, ":memory:", sizeof(":memory:")) != 0) { |
|
87 /* resolve the fully-qualified path name to use as the hash key */ |
|
88 if (!(fullpath = expand_filepath(filename, NULL TSRMLS_CC))) { |
|
89 php_std_error_handling(); |