Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:36476 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 88667 invoked from network); 25 Mar 2008 09:20:53 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 25 Mar 2008 09:20:53 -0000 Authentication-Results: pb1.pair.com smtp.mail=dmitry@zend.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=dmitry@zend.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain zend.com designates 212.25.124.162 as permitted sender) X-PHP-List-Original-Sender: dmitry@zend.com X-Host-Fingerprint: 212.25.124.162 mail.zend.com Linux 2.5 (sometimes 2.4) (4) Received: from [212.25.124.162] ([212.25.124.162:35885] helo=mail.zend.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id E6/02-13911-3F3C8E74 for ; Tue, 25 Mar 2008 04:20:52 -0500 Received: (qmail 6480 invoked from network); 25 Mar 2008 09:20:48 -0000 Received: from unknown (HELO ?10.1.20.25?) (10.1.20.25) by cvs.zend.com with SMTP; 25 Mar 2008 09:20:48 -0000 Message-ID: <47E8C3EF.4080505@zend.com> Date: Tue, 25 Mar 2008 12:20:47 +0300 User-Agent: Thunderbird 2.0.0.9 (Windows/20071031) MIME-Version: 1.0 To: Greg Beaver CC: Andi Gutmans , internals Mailing List , Stas Malyshev References: <47E2F8FA.20107@chiaraquartet.net> <47E37C42.10308@zend.com> <698DE66518E7CA45812BD18E807866CE0165A762@us-ex1.zend.net> <47E8325C.5000901@chiaraquartet.net> In-Reply-To: <47E8325C.5000901@chiaraquartet.net> Content-Type: multipart/mixed; boundary="------------080305040404060406080003" Subject: Re: [PHP-DEV] REMINDER - stream wrappers in include_path From: dmitry@zend.com (Dmitry Stogov) --------------080305040404060406080003 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit I hope it's the last iteration, but check me anyway. The patch is based on latest Gregory's patch. - optimized out strncpy() calls - zend_resolve_path() replaced with php_resolve_path() - improved php_resolve_path() to resolve "file://..." - fixed possible double-free issue in _php_stream_open_wrapper_ex() Thanks. Dmitry. Greg Beaver wrote: > Andi Gutmans wrote: >> Can we please use strlcpy() instead of strncpy()? This is a coding >> standard we implemented years ago. > > obviously an easy change. FYI - this also needs to be fixed in > fopen_with_path_rel in PHP_5_2, as I copied most of the code from that > function. > > Greg --------------080305040404060406080003 Content-Type: text/plain; name="wrapper6.patch.txt" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="wrapper6.patch.txt" Index: main/fopen_wrappers.c =================================================================== RCS file: /repository/php-src/main/fopen_wrappers.c,v retrieving revision 1.175.2.3.2.13.2.9 diff -u -p -d -r1.175.2.3.2.13.2.9 fopen_wrappers.c --- main/fopen_wrappers.c 24 Mar 2008 09:30:41 -0000 1.175.2.3.2.13.2.9 +++ main/fopen_wrappers.c 25 Mar 2008 09:07:24 -0000 @@ -447,14 +447,22 @@ PHPAPI char *php_resolve_path(const char char resolved_path[MAXPATHLEN]; char trypath[MAXPATHLEN]; const char *ptr, *end, *p; + char *actual_path; + php_stream_wrapper *wrapper; if (!filename) { return NULL; } - /* Don't resolve paths which contain protocol */ + /* Don't resolve paths which contain protocol (except of file://) */ for (p = filename; isalnum((int)*p) || *p == '+' || *p == '-' || *p == '.'; p++); if ((*p == ':') && (p - filename > 1) && (p[1] == '/') && (p[2] == '/')) { + wrapper = php_stream_locate_url_wrapper(filename, &actual_path, STREAM_OPEN_FOR_INCLUDE TSRMLS_CC); + if (wrapper == &php_plain_files_wrapper) { + if (tsrm_realpath(actual_path, resolved_path TSRMLS_CC)) { + return estrdup(resolved_path); + } + } return NULL; } @@ -473,7 +481,15 @@ PHPAPI char *php_resolve_path(const char ptr = path; while (ptr && *ptr) { - end = strchr(ptr, DEFAULT_DIR_SEPARATOR); + /* Check for stream wrapper */ + int is_stream_wrapper = 0; + + for (p = ptr; isalnum((int)*p) || *p == '+' || *p == '-' || *p == '.'; p++); + if ((*p == ':') && (p - ptr > 1) && (p[1] == '/') && (p[2] == '/')) { + p += 3; + is_stream_wrapper = 1; + } + end = strchr(p, DEFAULT_DIR_SEPARATOR); if (end) { if ((end-ptr) + 1 + filename_length + 1 >= MAXPATHLEN) { ptr = end + 1; @@ -494,7 +510,23 @@ PHPAPI char *php_resolve_path(const char memcpy(trypath+len+1, filename, filename_length+1); ptr = NULL; } - if (tsrm_realpath(trypath, resolved_path TSRMLS_CC)) { + actual_path = trypath; + if (is_stream_wrapper) { + wrapper = php_stream_locate_url_wrapper(trypath, &actual_path, STREAM_OPEN_FOR_INCLUDE TSRMLS_CC); + if (!wrapper) { + continue; + } else if (wrapper != &php_plain_files_wrapper) { + if (wrapper->wops->url_stat) { + php_stream_statbuf ssb; + + if (SUCCESS == wrapper->wops->url_stat(wrapper, trypath, 0, &ssb, NULL TSRMLS_CC)) { + return estrdup(trypath); + } + } + continue; + } + } + if (tsrm_realpath(actual_path, resolved_path TSRMLS_CC)) { return estrdup(resolved_path); } } /* end provided path */ @@ -511,7 +543,27 @@ PHPAPI char *php_resolve_path(const char exec_fname_length + 1 + filename_length + 1 < MAXPATHLEN) { memcpy(trypath, exec_fname, exec_fname_length + 1); memcpy(trypath+exec_fname_length + 1, filename, filename_length+1); - if (tsrm_realpath(trypath, resolved_path TSRMLS_CC)) { + actual_path = trypath; + + /* Check for stream wrapper */ + for (p = trypath; isalnum((int)*p) || *p == '+' || *p == '-' || *p == '.'; p++); + if ((*p == ':') && (p - trypath > 1) && (p[1] == '/') && (p[2] == '/')) { + wrapper = php_stream_locate_url_wrapper(trypath, &actual_path, STREAM_OPEN_FOR_INCLUDE TSRMLS_CC); + if (!wrapper) { + return NULL; + } else if (wrapper != &php_plain_files_wrapper) { + if (wrapper->wops->url_stat) { + php_stream_statbuf ssb; + + if (SUCCESS == wrapper->wops->url_stat(wrapper, trypath, 0, &ssb, NULL TSRMLS_CC)) { + return estrdup(trypath); + } + } + return NULL; + } + } + + if (tsrm_realpath(actual_path, resolved_path TSRMLS_CC)) { return estrdup(resolved_path); } } Index: main/php_streams.h =================================================================== RCS file: /repository/php-src/main/php_streams.h,v retrieving revision 1.103.2.1.2.4.2.2 diff -u -p -d -r1.103.2.1.2.4.2.2 php_streams.h --- main/php_streams.h 31 Dec 2007 07:17:17 -0000 1.103.2.1.2.4.2.2 +++ main/php_streams.h 25 Mar 2008 09:07:25 -0000 @@ -511,6 +511,9 @@ END_EXTERN_C() /* don't check allow_url_fopen and allow_url_include */ #define STREAM_DISABLE_URL_PROTECTION 0x00002000 +/* assume the path passed in exists and is fully expanded, avoiding syscalls */ +#define STREAM_ASSUME_REALPATH 0x00004000 + /* Antique - no longer has meaning */ #define IGNORE_URL_WIN 0 Index: main/streams/plain_wrapper.c =================================================================== RCS file: /repository/php-src/main/streams/plain_wrapper.c,v retrieving revision 1.52.2.6.2.23.2.5 diff -u -p -d -r1.52.2.6.2.23.2.5 plain_wrapper.c --- main/streams/plain_wrapper.c 31 Dec 2007 07:17:17 -0000 1.52.2.6.2.23.2.5 +++ main/streams/plain_wrapper.c 25 Mar 2008 09:07:25 -0000 @@ -892,9 +892,13 @@ PHPAPI php_stream *_php_stream_fopen(con } return NULL; } - - if ((realpath = expand_filepath(filename, NULL TSRMLS_CC)) == NULL) { - return NULL; + + if (options & STREAM_ASSUME_REALPATH) { + realpath = estrdup(filename); + } else { + if ((realpath = expand_filepath(filename, NULL TSRMLS_CC)) == NULL) { + return NULL; + } } if (persistent) { Index: main/streams/streams.c =================================================================== RCS file: /repository/php-src/main/streams/streams.c,v retrieving revision 1.82.2.6.2.18.2.6 diff -u -p -d -r1.82.2.6.2.18.2.6 streams.c --- main/streams/streams.c 24 Mar 2008 16:28:35 -0000 1.82.2.6.2.18.2.6 +++ main/streams/streams.c 25 Mar 2008 09:07:25 -0000 @@ -1754,6 +1754,7 @@ PHPAPI php_stream *_php_stream_open_wrap php_stream_wrapper *wrapper = NULL; char *path_to_open; int persistent = options & STREAM_OPEN_PERSISTENT; + char *resolved_path = NULL; char *copy_of_path = NULL; @@ -1765,11 +1766,23 @@ PHPAPI php_stream *_php_stream_open_wrap return NULL; } - path_to_open = path; + if (options & USE_PATH) { + resolved_path = php_resolve_path(path, strlen(path), PG(include_path) TSRMLS_CC); + if (resolved_path) { + path = resolved_path; + /* we've found this file, don't re-check include_path or run realpath */ + options |= STREAM_ASSUME_REALPATH; + options &= ~USE_PATH; + } + } + path_to_open = path; wrapper = php_stream_locate_url_wrapper(path, &path_to_open, options TSRMLS_CC); if (options & STREAM_USE_URL && (!wrapper || !wrapper->is_url)) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "This function may only be used against URLs"); + if (resolved_path) { + efree(resolved_path); + } return NULL; } @@ -1816,12 +1829,18 @@ PHPAPI php_stream *_php_stream_open_wrap (options & STREAM_WILL_CAST) ? PHP_STREAM_PREFER_STDIO : PHP_STREAM_NO_PREFERENCE)) { case PHP_STREAM_UNCHANGED: + if (resolved_path) { + efree(resolved_path); + } return stream; case PHP_STREAM_RELEASED: if (newstream->orig_path) { pefree(newstream->orig_path, persistent); } newstream->orig_path = pestrdup(path, persistent); + if (resolved_path) { + efree(resolved_path); + } return newstream; default: php_stream_close(stream); @@ -1860,6 +1879,9 @@ PHPAPI php_stream *_php_stream_open_wrap pefree(copy_of_path, persistent); } #endif + if (resolved_path) { + efree(resolved_path); + } return stream; } /* }}} */ --------------080305040404060406080003--