Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:90820 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 64566 invoked from network); 22 Jan 2016 04:59:59 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 22 Jan 2016 04:59:59 -0000 Authentication-Results: pb1.pair.com header.from=yohgaki@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=yohgaki@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.160.172 as permitted sender) X-PHP-List-Original-Sender: yohgaki@gmail.com X-Host-Fingerprint: 209.85.160.172 mail-yk0-f172.google.com Received: from [209.85.160.172] ([209.85.160.172:35624] helo=mail-yk0-f172.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 0F/60-59180-C47B1A65 for ; Thu, 21 Jan 2016 23:59:57 -0500 Received: by mail-yk0-f172.google.com with SMTP id s126so49485410ykf.2 for ; Thu, 21 Jan 2016 20:59:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=4p8JPrJe0sVfzn/KcdK4l/qgpGDMTbOkC6kcXpaCPH0=; b=Qtx/P7iaR3P6rkRQ9us5J+6s8nxyGDtThoVhUJbtCbppU7yZh78ZOdXuTakpvs2evc 6c9VEtDtR79OxIbV1w/zuLh87PZ1YH7ox+9lZTX3m1yC0kSw7hWAnnB41uNQgmwJMxmC IyZ7N19GCs8TgluXu7fWD9+OOMJZfbHJW0g/pY1B72qNbEoERSaQxKZ65Kz+9Zqupovu U7MVJgBabIhr2BEqAatmpsSXhySc0QAFZOAFZBLfI5HkxYJBSRJr76on58nPnp8pMLwF EUOvkXSQ2sTTCRBGt1nmEZRR6OqpUI1c/XaQW320hsO0DRX8ah7H/7BEmuWSWR9gFT9n b5Ng== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc:content-type; bh=4p8JPrJe0sVfzn/KcdK4l/qgpGDMTbOkC6kcXpaCPH0=; b=L/mJHak3CWO+IOWtjEvmQtZ9zpKIwy8XSy1N4ppNxiv2cvrGz5UbziBeNAMcm39JXy iSDsQTEHz2SDAnLNomNBO7CVPZwnqbrR6fPubXTJ/r3EbSuV9I6j3EUWUYaCRtmjzrI5 i7v98D6jMct6p0rNttDV9COKiIEFivvjh+e4IffKrNFbd2d9XvBZVTAnQTczC5oKxIoI /RG3AhDdVOXpRFw+tvE5xKR1jSYeJ6e5gReWALfHZWGj4L+0XfzPGo9+X5v1rab0j0Xy XJ+GfnExT0dE8cjVAOcAVPiacf0HgBmHeRtya9yhQf/XTGNTxcHp0Q1d9y1YXjCaOTH3 QD6Q== X-Gm-Message-State: AG10YOS+9yHx73tVpXMamKPh1GXJE7bXvx9vAag6G+QlL3cx0sapZad2pUMRST/1sz6GLQRzWRgJr0OAdMg+Ew== X-Received: by 10.37.59.20 with SMTP id i20mr484078yba.27.1453438793302; Thu, 21 Jan 2016 20:59:53 -0800 (PST) MIME-Version: 1.0 Sender: yohgaki@gmail.com Received: by 10.129.88.139 with HTTP; Thu, 21 Jan 2016 20:59:13 -0800 (PST) In-Reply-To: References: <9D.00.64206.7C430A65@pb1.pair.com> Date: Fri, 22 Jan 2016 13:59:13 +0900 X-Google-Sender-Auth: 0U6O24MZ6Z-SXwPxoxauskfuut4 Message-ID: To: Umberto Salsi Cc: "internals@lists.php.net" Content-Type: text/plain; charset=UTF-8 Subject: Re: [PHP-DEV] Severe safety fail in file access and stream filters From: yohgaki@ohgaki.net (Yasuo Ohgaki) Hi, On Fri, Jan 22, 2016 at 1:03 PM, Yasuo Ohgaki wrote: > On Thu, Jan 21, 2016 at 10:30 AM, Umberto Salsi wrote: >> I recently discovered several failures in error detection involving >> file access, stream compression and source inclusion that may bring the >> program to process missing or invalid data (very severe safety bug) or >> simply crash without apparent reason. I reported all these issues with >> their test script trying to do as much as I can to really understand >> what happen here. I think it's the time for some real internal expert >> to take over these issues and kindly reply to the following questions: >> >> 1. Is there something very basic I'm missing? I'm doing something wrong? >> >> 2. If yes, what can I do to fix so that i/o errors can be detected? >> >> 3. If no, why i/o errors do not propagate through the engine, but are >> mostly ignored? and why the user's program does not get signaled >> about this, and keeps receiving empty strings or garbage instead? > > Plain file stream reads data by php_stdiop_read() > > http://lxr.php.net/xref/PHP_5_6/main/streams/plain_wrapper.c#338 > > As you can see there is no way to return errors from it. We need > errno like error handling for PHP streams to propagate errors as well > as more robust code for unexpected. > > So answer for 3 is "we need volunteers" for improvement, I suppose. > Anyone? Since I replied, I'll write an implementation idea. We may add "error" and "clear_error" stream ops in php_stream_ops. /* operations on streams that are file-handles */ typedef struct _php_stream_ops { /* stdio like functions - these are mandatory! */ size_t (*write)(php_stream *stream, const char *buf, size_t count TSRMLS_DC); size_t (*read)(php_stream *stream, char *buf, size_t count TSRMLS_DC); int (*close)(php_stream *stream, int close_handle TSRMLS_DC); int (*flush)(php_stream *stream TSRMLS_DC); const char *label; /* label for this ops structure */ /* these are optional */ int (*seek)(php_stream *stream, off_t offset, int whence, off_t *newoffset TSRMLS_DC); int (*cast)(php_stream *stream, int castas, void **ret TSRMLS_DC); int (*stat)(php_stream *stream, php_stream_statbuf *ssb TSRMLS_DC); int (*set_option)(php_stream *stream, int option, int value, void *ptrparam TSRMLS_DC); } php_stream_ops; "error" adds whatever errors from stream to an array. "clear_error" cleanups the array when stream is closed. There should be an API to get errors in the array. This is easy change. Difficult part is making codes more robust against unexpected for all streams. Regards, -- Yasuo Ohgaki yohgaki@ohgaki.net