phpdbg: couple of network function return checks. Possible

overflow when copy the socket_path configuration.

diff --git a/ext/session/mod_files.c b/ext/session/mod_files.c
index 64a6c47e00e79c3703bf44412c3984369dfe131f..521fadd1ee070f5f9e002f7927fed099de3a121f 100644 (file)
--- a/ext/session/mod_files.c
+++ b/ext/session/mod_files.c
@@ -296,6 +296,7 @@ static int ps_files_cleanup_dir(const char *dirname, zend_long maxlifetime)
 
        if (dirname_len >= MAXPATHLEN) {
                php_error_docref(NULL, E_NOTICE, "ps_files_cleanup_dir: dirname(%s) is too long", dirname);
+               closedir(dir);
                return (0);
        }
 

diff --git a/sapi/phpdbg/phpdbg_wait.c b/sapi/phpdbg/phpdbg_wait.c
index c7dcd4fbd495ab5982ebc311cb1bfbf1b9dc59fd..5ef29e895e7327997f3fa4dcd7487b88517fb3b2 100644 (file)
--- a/sapi/phpdbg/phpdbg_wait.c
+++ b/sapi/phpdbg/phpdbg_wait.c
@@ -248,8 +248,10 @@ void phpdbg_webdata_decompress(char *msg, int len) {
                extension = (zend_extension *) zend_llist_get_first_ex(&zend_extensions, &pos);
                while (extension) {
                        extension = (zend_extension *) zend_llist_get_next_ex(&zend_extensions, &pos);
+                       if (extension == NULL){
+                               break;
+                       }
 
-                       /* php_serach_array() body should be in some ZEND_API function... */
                        ZEND_HASH_FOREACH_STR_KEY_PTR(Z_ARRVAL_P(zvp), strkey, name) {
                                if (Z_TYPE_P(name) == IS_STRING && !zend_binary_strcmp(extension->name, strlen(extension->name), Z_STRVAL_P(name), Z_STRLEN_P(name))) {
                                        break;
@@ -344,9 +346,16 @@ PHPDBG_COMMAND(wait) /* {{{ */
        if (PHPDBG_G(socket_server_fd) == -1) {
                int len;
                PHPDBG_G(socket_server_fd) = sl = socket(AF_UNIX, SOCK_STREAM, 0);
+               if (sl == -1) {
+                       phpdbg_error("wait", "type=\"nosocket\" import=\"fail\"", "Unable to open a socket to UNIX domain socket at %s defined by phpdbg.path ini setting", PHPDBG_G(socket_path));
+                       return FAILURE;
+               }
 
                local.sun_family = AF_UNIX;
-               strcpy(local.sun_path, PHPDBG_G(socket_path));
+               if (strlcpy(local.sun_path, PHPDBG_G(socket_path), sizeof(local.sun_path)) > sizeof(local.sun_path)) {
+                       phpdbg_error("wait", "type=\"nosocket\" import=\"fail\"", "Socket at %s defined by phpdbg.path ini setting is too long", PHPDBG_G(socket_path));
+                       return FAILURE;
+               }
                len = strlen(local.sun_path) + sizeof(local.sun_family);
                if (bind(sl, (struct sockaddr *)&local, len) == -1) {
                        phpdbg_error("wait", "type=\"nosocket\" import=\"fail\"", "Unable to connect to UNIX domain socket at %s defined by phpdbg.path ini setting", PHPDBG_G(socket_path));
@@ -362,6 +371,11 @@ PHPDBG_COMMAND(wait) /* {{{ */
 
        rlen = sizeof(remote);
        sr = accept(sl, (struct sockaddr *) &remote, (socklen_t *) &rlen);
+       if (sr == -1) {
+               phpdbg_error("wait", "type=\"nosocket\" import=\"fail\"", "Unable to create a connection to UNIX domain socket at %s defined by phpdbg.path ini setting", PHPDBG_G(socket_path));
+               close(PHPDBG_G(socket_server_fd));
+               return FAILURE;
+       }
 
        char msglen[5];
        int recvd = 4;