Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:50200 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 53328 invoked from network); 15 Nov 2010 05:44:06 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 15 Nov 2010 05:44:06 -0000 Authentication-Results: pb1.pair.com smtp.mail=rasmus@lerdorf.com; spf=permerror; sender-id=unknown Authentication-Results: pb1.pair.com header.from=rasmus@lerdorf.com; sender-id=unknown Received-SPF: error (pb1.pair.com: domain lerdorf.com from 209.85.213.42 cause and error) X-PHP-List-Original-Sender: rasmus@lerdorf.com X-Host-Fingerprint: 209.85.213.42 mail-yw0-f42.google.com Received: from [209.85.213.42] ([209.85.213.42:45059] helo=mail-yw0-f42.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id DE/2B-43700-3A8C0EC4 for ; Mon, 15 Nov 2010 00:44:04 -0500 Received: by ywj3 with SMTP id 3so923432ywj.29 for ; Sun, 14 Nov 2010 21:44:01 -0800 (PST) Received: by 10.151.148.5 with SMTP id a5mr8742392ybo.93.1289799841076; Sun, 14 Nov 2010 21:44:01 -0800 (PST) Received: from Anonymous.local (c-98-234-184-167.hsd1.ca.comcast.net [98.234.184.167]) by mx.google.com with ESMTPS id m22sm4365951yha.5.2010.11.14.21.43.59 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sun, 14 Nov 2010 21:44:00 -0800 (PST) Message-ID: <4CE0C89D.5020604@lerdorf.com> Date: Sun, 14 Nov 2010 21:43:57 -0800 User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.12) Gecko/20101027 Lightning/1.0b2 Thunderbird/3.1.6 MIME-Version: 1.0 To: Andi Gutmans CC: internals References: <4CE03E41.9030805@lerdorf.com> <8757232E56758B42B2EE4F9D2CA019C9086B69@US-EX2.zend.net> In-Reply-To: <8757232E56758B42B2EE4F9D2CA019C9086B69@US-EX2.zend.net> X-Enigmail-Version: 1.1.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: [PHP-DEV] Adding path_len to all stream functions in trunk From: rasmus@lerdorf.com (Rasmus Lerdorf) Right, but the root of the problem is where to do the invalidation check of bogus file path strings. Like checking for bogus null bytes in them. Right now: file_exists($file . '.txt'); and file_exists($file); will check the same file if $file has a \0 stuck onto the end. This can lead to security problems. So, either we need to put some sort of check ahead of any and all calls that pass paths to the filesystem functions, or we need to change those filesystem functions to do the check natively. For the second option to work, we obviously need to pass in more than a naked char *. My worry with the first option is that we then push this out to every extension and it gets pretty messy. However, doing it this way would let us do it without breaking binary compatibility in 5.3. -Rasmus On 11/14/10 9:35 PM, Andi Gutmans wrote: > Hi Rasmus, > > Hope I understood the problem correctly. If not, this answer won't make sense :) > I do not see a major problem in passing path_len but wonder how much it'd actually solve as we end up calling OS APIs that do not accept path_len, no? I assume we don't want to start searching all these strings for invalid chars before we pass them to the OS. > > Andi > >> -----Original Message----- >> From: Rasmus Lerdorf [mailto:rasmus@lerdorf.com] >> Sent: Sunday, November 14, 2010 11:54 AM >> To: internals >> Subject: [PHP-DEV] Adding path_len to all stream functions in trunk >> >> I think we need to pass along the string length to all the stream functions to >> maintain binary string safety through this code. This would fix annoying >> problems like http://bugs.php.net/39863 and a bunch of similar issues. >> Obviously not something we can do in 5.3 without breaking binary compatibility >> though. Although we might be able to do something if we assume only chars >> valid in the current charset is valid in file paths. >> >> Anybody have any other thoughts on this one? >> >> -Rasmus >> >> -- >> PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: >> http://www.php.net/unsub.php >