Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:50353
Return-Path: <pierre.php@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 4398 invoked from network); 18 Nov 2010 15:27:39 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 18 Nov 2010 15:27:39 -0000
Authentication-Results: pb1.pair.com smtp.mail=pierre.php@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=pierre.php@gmail.com; sender-id=pass; domainkeys=bad
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.161.42 as permitted sender)
DomainKey-Status: bad
X-DomainKeys: Ecelerity dk_validate implementing draft-delany-domainkeys-base-01
X-PHP-List-Original-Sender: pierre.php@gmail.com
X-Host-Fingerprint: 209.85.161.42 mail-fx0-f42.google.com  
Received: from [209.85.161.42] ([209.85.161.42:40903] helo=mail-fx0-f42.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id D3/17-01108-9E545EC4 for <internals@lists.php.net>; Thu, 18 Nov 2010 10:27:37 -0500
Received: by fxm16 with SMTP id 16so1210708fxm.29
        for <internals@lists.php.net>; Thu, 18 Nov 2010 07:27:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:mime-version:received:received:in-reply-to
         :references:date:message-id:subject:from:to:cc:content-type
         :content-transfer-encoding;
        bh=xjoR8Z3JEG/+/ZxvKE1kJbPOlwPp2nmxBF4fLg62ggQ=;
        b=jRruEIcD6fXoCxHpd5XI6AXylhC4DDdb5SOtiN9X3STQplIPHqSnajVFBv3i7eki/C
         c9n7hZkjjgeUyBVgQo8pgTMFgO0MRf8NbaNbze/l0SGvN6bBGETfy3Y1bN0dP81pOLb4
         zR4ILm+ARLh10m+9g8vMKILODscHntf6QZiF0=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type:content-transfer-encoding;
        b=TXw+DmBHJKsB7Ezq299qtBiupOjGREpuR0GlAe5wah0vYr5VSzG9QvzRzIkTrJQk/3
         qFTwQwxqJ6iyBUt0B8onNyDL5KEBBvDWO/E6XJTgO8LUOceunYEbeFIxTC8tk27PYdhg
         /SV+f8loSaxrcn9wMfWLOUshNeH9JMZM0ZqOc=
MIME-Version: 1.0
Received: by 10.223.70.131 with SMTP id d3mr683964faj.73.1290094054633; Thu,
 18 Nov 2010 07:27:34 -0800 (PST)
Received: by 10.223.83.142 with HTTP; Thu, 18 Nov 2010 07:27:34 -0800 (PST)
In-Reply-To: <4CE10E8E.3070901@lerdorf.com>
References: <4CE03E41.9030805@lerdorf.com>
	<8757232E56758B42B2EE4F9D2CA019C9086B69@US-EX2.zend.net>
	<4CE10E8E.3070901@lerdorf.com>
Date: Thu, 18 Nov 2010 16:27:34 +0100
Message-ID: <AANLkTim9kjNTh1fj+hLctjprCc0DD5m=VegX7m8r9JpK@mail.gmail.com>
To: Rasmus Lerdorf <rasmus@lerdorf.com>
Cc: Andi Gutmans <andi@zend.com>, internals <internals@lists.php.net>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Subject: Re: [PHP-DEV] Adding path_len to all stream functions in trunk
From: pierre.php@gmail.com (Pierre Joye)

hi,

Patch applied in 5.3. I will do in trunk next week.

Cheers,

On Mon, Nov 15, 2010 at 11:42 AM, Rasmus Lerdorf <rasmus@lerdorf.com> wrote=
:
> Ok, I went through all the 5.3 code. =A0This should fix the null poisonin=
g
> problems in 5.3 without breaking binary compatibility:
>
> http://progphp.com/nullpatch.txt
>
> There are quite a few places where we can't solve it centrally, so
> perhaps we need to take the same approach in trunk.
>
> This should take care of every issue mentioned here:
>
> http://www.madirish.net/?article=3D436
>
> along with a number of bug reports.
>
> I think the only outstanding issue with the patch is whether to show an
> error message when we hit a null in a filesystem path string. =A0With the
> Zend part of the patch, right now the error is slightly misleading for
> code like this:
>
> $file =3D "foo.php\0";
> include $file . ".png";
>
> This will output:
>
> PHP Warning: =A0include(): Failed opening 'foo.php' for inclusion
> (include_path=3D'.:') in foo on line 3
>
> Without this patch, this code will of course simply include the foo.php
> file and ignore the .png extension.
>
> -Rasmus
>
> On 11/14/10 9:35 PM, Andi Gutmans wrote:
>> Hi Rasmus,
>>
>> Hope I understood the problem correctly. If not, this answer won't make =
sense :)
>> I do not see a major problem in passing path_len but wonder how much it'=
d actually solve as we end up calling OS APIs that do not accept path_len, =
no? I assume we don't want to start searching all these strings for invalid=
 chars before we pass them to the OS.
>>
>> Andi
>>
>>> -----Original Message-----
>>> From: Rasmus Lerdorf [mailto:rasmus@lerdorf.com]
>>> Sent: Sunday, November 14, 2010 11:54 AM
>>> To: internals
>>> Subject: [PHP-DEV] Adding path_len to all stream functions in trunk
>>>
>>> I think we need to pass along the string length to all the stream funct=
ions to
>>> maintain binary string safety through this code. =A0This would fix anno=
ying
>>> problems like http://bugs.php.net/39863 and a bunch of similar issues.
>>> Obviously not something we can do in 5.3 without breaking binary compat=
ibility
>>> though. =A0Although we might be able to do something if we assume only =
chars
>>> valid in the current charset is valid in file paths.
>>>
>>> Anybody have any other thoughts on this one?
>>>
>>> -Rasmus
>>>
>>> --
>>> PHP Internals - PHP Runtime Development Mailing List To unsubscribe, vi=
sit:
>>> http://www.php.net/unsub.php
>>
>
>
> --
> PHP Internals - PHP Runtime Development Mailing List
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>



--=20
Pierre

@pierrejoye | http://blog.thepimp.net | http://www.libgd.org