Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:39761 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 23876 invoked from network); 8 Aug 2008 17:28:42 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 8 Aug 2008 17:28:42 -0000 Authentication-Results: pb1.pair.com header.from=dmitry@zend.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=dmitry@zend.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain zend.com designates 212.25.124.163 as permitted sender) X-PHP-List-Original-Sender: dmitry@zend.com X-Host-Fingerprint: 212.25.124.163 il-gw1.zend.com Windows 2000 SP4, XP SP1 Received: from [212.25.124.163] ([212.25.124.163:17280] helo=il-gw1.zend.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id DA/C8-01800-8428C984 for ; Fri, 08 Aug 2008 13:28:41 -0400 Received: from tpl.home ([10.1.1.1]) by il-gw1.zend.com with Microsoft SMTPSVC(6.0.3790.3959); Fri, 8 Aug 2008 20:29:25 +0300 Message-ID: <489C823A.4020707@zend.com> Date: Fri, 08 Aug 2008 21:28:26 +0400 User-Agent: Thunderbird 2.0.0.14 (X11/20080501) MIME-Version: 1.0 To: Pierre Joye CC: Hannes Magnusson , Arnaud Le Blanc , internals@lists.php.net, Rasmus Lerdorf , Felipe Pena , Christian Stocker , Andi Gutmans , Stanislav Malyshev References: <4899C4B4.3060902@liip.ch> <1218138548.5346.3.camel@felipe> <489B5285.1070000@lerdorf.com> <200808072237.01841.arnaud.lb@gmail.com> <7f3ed2c30808080011l3c62d416k7fd9b4dd455df99e@mail.gmail.com> <489C6BBA.8030101@zend.com> In-Reply-To: X-Enigmail-Version: 0.95.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 08 Aug 2008 17:29:26.0371 (UTC) FILETIME=[4E397B30:01C8F97C] Subject: Re: [PHP-DEV] include bug in 5.3 From: dmitry@zend.com (Dmitry Stogov) Hi Pierre, Thank you for feedback. I already noticed the missing FindClose() and several other issues. I'll send updated patch on weekend, but the sooner I get info if bug is fixed on FreeBSD the better. Thanks. Dmitry. Pierre Joye wrote: > Hi Dmitry, > > On Fri, Aug 8, 2008 at 5:52 PM, Dmitry Stogov wrote: >> Hi, >> >> The attached patch is going to fix the problem. >> It implements its own realpath() function, so we won't depend on system >> anymore. It also improve realpath cache usage by caching intermediate >> results. >> >> I tested it on Linux and Windows only and it seems to work without >> problems. It breaks one test related to clearstatcache() function, but >> this break is expected. >> >> Could you please test it. > > I can test it asap on various windows, probably on Monday. > > After a quick review, it seems that FindClose is missing in the two > buffer overflow check. > >> - state->cwd_length += ptr_length; >> +#ifdef TSRM_WIN32 >> + if ((hFind = FindFirstFile(to, &data)) != INVALID_HANDLE_VALUE) { >> +fprintf(stderr, "1 %s (%d)\n", to, len); >> + j = strlen(data.cFileName); >> + >> + i = len; >> + while (!IS_SLASH(to[i-1])) { >> + i--; >> + } >> + if (i + j >= MAXPATHLEN-1) { >> + /*buffer overflow */ > > FindClose(hFind); > >> + return NULL; >> + } >> + if (CWDG(realpath_cache_size_limit)) { >> + memcpy(tmp, to, i); >> + memcpy(tmp + i, data.cFileName, j + 1); >> + realpath_cache_add(to, len, tmp, i + j, t TSRMLS_CC); >> + } >> + ret -= (j + 1); >> + if (ret < buf) { >> + /* buffer overflow */ > > FindClose(hFind); > >> + return NULL; >> + } >> + *ret = DEFAULT_SLASH; >> + memcpy(ret+1, data.cFileName, j); >> + FindClose(hFind); >> + len = i - 1; >> + to[len] = 0; >> +fprintf(stderr, "2 %s - %s\n", to, ret); >> + continue; >> + } else { >> + if (use_realpath == CWD_REALPATH) { >> + return NULL; >> + } else { >> + goto next_dir; >> } >> - ptr = tsrm_strtok_r(NULL, TOKENIZER_STRING, &tok); >> } > > Thanks for your work!