return;
}
}
-
+
+ if (strlen(filename) != filename_len) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Filename cannot contain null bytes");
+ RETURN_FALSE;
+ }
+
if (zend_hash_find(Z_OBJPROP_P(z_descriptor), "descriptor", sizeof("descriptor"), (void **)&tmp) == FAILURE) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to find descriptor property");
RETURN_FALSE;
RETURN_FALSE;
}
}
-
+
+ if (strlen(filename) != filename_len) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Filename cannot contain null bytes");
+ RETURN_FALSE;
+ }
+
if (zend_hash_find(Z_OBJPROP_P(z_descriptor), "descriptor", sizeof("descriptor"), (void **)&tmp) == FAILURE) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to find descriptor property");
RETURN_FALSE;
}
/* }}} */
-/* {{{ proto resource oci_parse(resource connection, string query)
- Parse a query and return a statement */
+/* {{{ proto resource oci_parse(resource connection, string statement)
+ Parse a SQL or PL/SQL statement and return a statement resource */
PHP_FUNCTION(oci_parse)
{
zval *z_connection;
<active>no</active>
</lead>
- <date>2010-11-10</date>
+ <date>2010-11-16</date>
<time>15:00:00</time>
<version>
- <release>1.4.4</release>
- <api>1.4.4</api>
+ <release>1.4.5</release>
+ <api>1.4.5</api>
</version>
<stability>
- <release>stable</release>
+ <release>devel</release>
<api>stable</api>
</stability>
<license uri="http://www.php.net/license">PHP</license>
<notes>
- Fixed bug #53284 (Valgrind warnings in oci_set_* functions)
- Enhancement - improve startup failure error messages
+ Protect against null bytes in LOB filenames (http://news.php.net/php.internals/50202)
</notes>
<contents>
<dir name="/">
<file name="lob_temp1.phpt" role="test" />
<file name="lob_temp.phpt" role="test" />
<file name="minfo.phpt" role="test" />
+ <file name="null_byte_1.phpt" role="test" />
+ <file name="null_byte_2.phpt" role="test" />
<file name="num.phpt" role="test" />
<file name="oci8safemode.phpt" role="test" />
<file name="oci_execute_segfault.phpt" role="test" />
</extsrcrelease>
<changelog>
+<release>
+ <version>
+ <release>1.4.4</release>
+ <api>1.4.4</api>
+ </version>
+ <stability>
+ <release>stable</release>
+ <api>stable</api>
+ </stability>
+ <license uri="http://www.php.net/license">PHP</license>
+ <notes>
+ Fixed bug #53284 (Valgrind warnings in oci_set_* functions)
+ Enhancement - improve startup failure error messages
+ </notes>
+</release>
+
<release>
<version>
<release>1.4.3</release>
*/
#undef PHP_OCI8_VERSION
#endif
-#define PHP_OCI8_VERSION "1.4.4"
+#define PHP_OCI8_VERSION "1.4.5-devel"
extern zend_module_entry oci8_module_entry;
#define phpext_oci8_ptr &oci8_module_entry
--- /dev/null
+--TEST--
+Protect against null bytes in LOB filenames (http://news.php.net/php.internals/50202)
+--SKIPIF--
+<?php if (!extension_loaded('oci8')) die ("skip no oci8 extension"); ?>
+--INI--
+display_errors = On
+error_reporting = E_WARNING
+--FILE--
+<?php
+
+require(dirname(__FILE__).'/connect.inc');
+
+// Run Test
+
+echo "Test 1: Import\n";
+
+$lob = oci_new_descriptor($c, OCI_D_LOB);
+$r = $lob->savefile("/tmp/abc\0def");
+var_dump($r);
+
+echo "Test 2: Export\n";
+
+$r = $lob->export("/tmp/abc\0def");
+var_dump($r);
+
+?>
+===DONE===
+<?php exit(0); ?>
+--EXPECTF--
+Test 1: Import
+
+Warning: OCI-Lob::savefile(): Filename cannot contain null bytes in %snull_byte_1.php on line %d
+bool(false)
+Test 2: Export
+
+Warning: OCI-Lob::export(): Filename cannot contain null bytes in %snull_byte_1.php on line %d
+bool(false)
+===DONE===
--- /dev/null
+--TEST--
+Null bytes in SQL statements
+--SKIPIF--
+<?php if (!extension_loaded('oci8')) die ("skip no oci8 extension"); ?>
+--INI--
+display_errors = On
+error_reporting = E_WARNING
+--FILE--
+<?php
+
+require(dirname(__FILE__).'/connect.inc');
+
+// Run Test
+
+echo "Test 1: Valid use of a null byte\n";
+
+$s = oci_parse($c, "select * \0from dual");
+oci_execute($s);
+oci_fetch_all($s, $res);
+var_dump($res);
+
+echo "Test 2: Invalid use of a null byte\n";
+
+$s = oci_parse($c, "select * from du\0al");
+oci_execute($s);
+
+echo "Test 3: Using a null byte in a bind variable name\n";
+
+$s = oci_parse($c, "select * from dual where :bv = 1");
+$bv = 1;
+oci_bind_by_name($s, ":bv\0:bv", $bv);
+oci_execute($s);
+
+echo "Test 4: Using a null byte in a bind variable value causing WHERE clause to fail\n";
+
+$s = oci_parse($c, "select * from dual where :bv = 'abc'");
+$bv = 'abc\0abc';
+oci_bind_by_name($s, ":bv", $bv);
+oci_execute($s);
+oci_fetch_all($s, $res);
+var_dump($res);
+
+?>
+===DONE===
+<?php exit(0); ?>
+--EXPECTF--
+Test 1: Valid use of a null byte
+array(1) {
+ ["DUMMY"]=>
+ array(1) {
+ [0]=>
+ string(1) "X"
+ }
+}
+Test 2: Invalid use of a null byte
+
+Warning: oci_execute(): ORA-00942: %s in %snull_byte_2.php on line %d
+Test 3: Using a null byte in a bind variable name
+
+Warning: oci_bind_by_name(): ORA-01036: %s in %snull_byte_2.php on line %d
+
+Warning: oci_execute(): ORA-01008: %s in %snull_byte_2.php on line %d
+Test 4: Using a null byte in a bind variable value causing WHERE clause to fail
+array(1) {
+ ["DUMMY"]=>
+ array(0) {
+ }
+}
+===DONE===
projects / php / commitdiff