Fix for Bug #16121: make unix socket names binary safe.

# Could be applied to 4.2 branch, but I don't have a working copy, and
# I don't think it's amazingly critical.

diff --git a/ext/standard/fsock.c b/ext/standard/fsock.c
index ce9da8d34b374f21d392571783f17f68ca416ceb..0cb188936d4bfdeb05e149587121bfdf075953db 100644 (file)
--- a/ext/standard/fsock.c
+++ b/ext/standard/fsock.c
@@ -219,7 +219,7 @@ static void php_fsockopen_stream(INTERNAL_FUNCTION_PARAMETERS, int persistent)
 #endif
                
        } else  
-               stream = php_stream_sock_open_unix(host, persistent, &tv);
+               stream = php_stream_sock_open_unix(host, host_len, persistent, &tv);
 
        if (stream && persistent)       {
                zend_hash_update(&FG(ht_persistent_socks), hashkey, strlen(hashkey) + 1,

diff --git a/main/network.c b/main/network.c
index 93e0f2bbceb7018482794b54785ed0c05f10d66c..eff166634403eb47e00f8d9ed4f83b8549912893 100644 (file)
--- a/main/network.c
+++ b/main/network.c
@@ -447,7 +447,7 @@ PHPAPI php_stream *php_stream_sock_open_host(const char *host, unsigned short po
        return php_stream_sock_open_from_socket(socket, persistent);
 }
 
-PHPAPI php_stream *php_stream_sock_open_unix(const char *path, int persistent, struct timeval *timeout)
+PHPAPI php_stream *php_stream_sock_open_unix(const char *path, int pathlen, int persistent, struct timeval *timeout)
 {
 #if defined(AF_UNIX)
        int socketd;
@@ -459,7 +459,19 @@ PHPAPI php_stream *php_stream_sock_open_unix(const char *path, int persistent, s
 
        memset(&unix_addr, 0, sizeof(unix_addr));
        unix_addr.sun_family = AF_UNIX;
-       strlcpy(unix_addr.sun_path, path, sizeof(unix_addr.sun_path));
+
+       /* we need to be binary safe for the on systems that support an abstract
+        * namespace */
+       if (pathlen >= sizeof(unix_addr.sun_path)) {
+               /* On linux, when the path begins with a NUL byte we are
+                * referring to an abstract namespace.  In theory we should
+                * allow an extra byte below, since we don't need the NULL.
+                * BUT, to get into this branch of code, the name is too long,
+                * so we don't care. */
+               pathlen = sizeof(unix_addr.sun_path) - 1;
+       }
+       
+       memcpy(unix_addr.sun_path, path, pathlen);
 
        if (php_connect_nonb(socketd, (struct sockaddr *) &unix_addr, sizeof(unix_addr), timeout) == SOCK_CONN_ERR) 
                return NULL;

diff --git a/main/php_network.h b/main/php_network.h
index a9a4bc16234a03ac6d44107614256df3b86afc09..2170d80b31f989b11ee1ca8f83d56cff9f286fd4 100644 (file)
--- a/main/php_network.h
+++ b/main/php_network.h
@@ -106,7 +106,7 @@ PHPAPI php_stream *php_stream_sock_open_from_socket(int socket, int persistent);
 /* open a connection to a host using php_hostconnect and return a stream */
 PHPAPI php_stream *php_stream_sock_open_host(const char *host, unsigned short port,
                int socktype, int timeout, int persistent);
-PHPAPI php_stream *php_stream_sock_open_unix(const char *path, int persistent, struct timeval *timeout);
+PHPAPI php_stream *php_stream_sock_open_unix(const char *path, int pathlen, int persistent, struct timeval *timeout);
 
 PHPAPI void php_stream_sock_set_timeout(php_stream *stream, struct timeval *timeout);
 PHPAPI int php_stream_sock_set_blocking(php_stream *stream, int mode);