Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:39760 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 22287 invoked from network); 8 Aug 2008 17:23:04 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 8 Aug 2008 17:23:04 -0000 Authentication-Results: pb1.pair.com header.from=pierre.php@gmail.com; sender-id=pass; domainkeys=bad Authentication-Results: pb1.pair.com smtp.mail=pierre.php@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.198.224 as permitted sender) DomainKey-Status: bad X-DomainKeys: Ecelerity dk_validate implementing draft-delany-domainkeys-base-01 X-PHP-List-Original-Sender: pierre.php@gmail.com X-Host-Fingerprint: 209.85.198.224 rv-out-0506.google.com Received: from [209.85.198.224] ([209.85.198.224:21049] helo=rv-out-0506.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 64/78-01800-6F08C984 for ; Fri, 08 Aug 2008 13:23:03 -0400 Received: by rv-out-0506.google.com with SMTP id g37so1095407rvb.23 for ; Fri, 08 Aug 2008 10:23:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=ejRGogz57yCX3pI2UNPyOmTv8ulZp+Esrs6zAPznO0Y=; b=s3gKinJymTuiNeSwRNTgCmDNbYhjOLWhYpOnw1dvZtKVoNlOpxIDl5LXF0XOirNeMH +4CztCMLkh2jG6oEau3HiUNugJ6/8rXpTTDIMWRxommKa8LRxgi1eGxK8zgK0vWkbl3O wPP/bu/ZgAsOpvqfQa6oWbfPvSrvGnY5ZUzKk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=ooasD+KRwZ46htOioNKOPn0NNga1MgcC2Z5qLBjXVYSrUrRkHXQsPXnyaxhGNDiS0w NC04CtwFsuUP0pNV7lpATmWKjP5KkAeb04Fud2CCMIBxrOWRyuBl83LJTlb4kKOS0oat vhaalmJ0ZMbp+9vwW3xeJdVMJAzQH2eJMm8AY= Received: by 10.141.78.14 with SMTP id f14mr1562709rvl.119.1218216180284; Fri, 08 Aug 2008 10:23:00 -0700 (PDT) Received: by 10.141.185.2 with HTTP; Fri, 8 Aug 2008 10:23:00 -0700 (PDT) Message-ID: Date: Fri, 8 Aug 2008 19:23:00 +0200 To: "Dmitry Stogov" Cc: "Hannes Magnusson" , "Arnaud Le Blanc" , internals@lists.php.net, "Rasmus Lerdorf" , "Felipe Pena" , "Christian Stocker" , "Andi Gutmans" , "Stanislav Malyshev" In-Reply-To: <489C6BBA.8030101@zend.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <4899C4B4.3060902@liip.ch> <1218138548.5346.3.camel@felipe> <489B5285.1070000@lerdorf.com> <200808072237.01841.arnaud.lb@gmail.com> <7f3ed2c30808080011l3c62d416k7fd9b4dd455df99e@mail.gmail.com> <489C6BBA.8030101@zend.com> Subject: Re: [PHP-DEV] include bug in 5.3 From: pierre.php@gmail.com ("Pierre Joye") Hi Dmitry, On Fri, Aug 8, 2008 at 5:52 PM, Dmitry Stogov wrote: > Hi, > > The attached patch is going to fix the problem. > It implements its own realpath() function, so we won't depend on system > anymore. It also improve realpath cache usage by caching intermediate > results. > > I tested it on Linux and Windows only and it seems to work without > problems. It breaks one test related to clearstatcache() function, but > this break is expected. > > Could you please test it. I can test it asap on various windows, probably on Monday. After a quick review, it seems that FindClose is missing in the two buffer overflow check. > - state->cwd_length += ptr_length; > +#ifdef TSRM_WIN32 > + if ((hFind = FindFirstFile(to, &data)) != INVALID_HANDLE_VALUE) { > +fprintf(stderr, "1 %s (%d)\n", to, len); > + j = strlen(data.cFileName); > + > + i = len; > + while (!IS_SLASH(to[i-1])) { > + i--; > + } > + if (i + j >= MAXPATHLEN-1) { > + /*buffer overflow */ FindClose(hFind); > + return NULL; > + } > + if (CWDG(realpath_cache_size_limit)) { > + memcpy(tmp, to, i); > + memcpy(tmp + i, data.cFileName, j + 1); > + realpath_cache_add(to, len, tmp, i + j, t TSRMLS_CC); > + } > + ret -= (j + 1); > + if (ret < buf) { > + /* buffer overflow */ FindClose(hFind); > + return NULL; > + } > + *ret = DEFAULT_SLASH; > + memcpy(ret+1, data.cFileName, j); > + FindClose(hFind); > + len = i - 1; > + to[len] = 0; > +fprintf(stderr, "2 %s - %s\n", to, ret); > + continue; > + } else { > + if (use_realpath == CWD_REALPATH) { > + return NULL; > + } else { > + goto next_dir; > } > - ptr = tsrm_strtok_r(NULL, TOKENIZER_STRING, &tok); > } Thanks for your work! -- Pierre http://blog.thepimp.net | http://www.libgd.org