Added safety checks to the code

diff --git a/ext/standard/user_filters.c b/ext/standard/user_filters.c
index 31d623a364d8ee46edf4d7bdbd37fb661ede49a4..60beea5c1c5a85a839b7560fd8a24d2834c42b27 100644 (file)
--- a/ext/standard/user_filters.c
+++ b/ext/standard/user_filters.c
@@ -256,6 +256,7 @@ static php_stream_filter *user_filter_factory_create(const char *filtername,
        zval *obj, *zfilter;
        zval func_name;
        zval *retval = NULL;
+       int len;
        
        /* some sanity checks */
        if (persistent) {
@@ -264,9 +265,10 @@ static php_stream_filter *user_filter_factory_create(const char *filtername,
                return NULL;
        }
 
+       len = strlen(filtername);
+
        /* determine the classname/class entry */
-       if (FAILURE == zend_hash_find(BG(user_filter_map), (char*)filtername,
-                               strlen(filtername) + 1, (void**)&fdat)) {
+       if (FAILURE == zend_hash_find(BG(user_filter_map), (char*)filtername, len + 1, (void**)&fdat)) {
                char *period;
 
                /* Userspace Filters using ambiguous wildcards could cause problems.
@@ -275,10 +277,10 @@ static php_stream_filter *user_filter_factory_create(const char *filtername,
            TODO: Allow failed userfilter creations to continue
                  scanning through the list */
                if ((period = strrchr(filtername, '.'))) {
-                       char *wildcard;
+                       char *wildcard = emalloc(len + 3);
 
                        /* Search for wildcard matches instead */
-                       wildcard = estrdup(filtername);
+                       memcpy(wildname, filtername, len + 1); /* copy \0 */
                        period = wildcard + (period - filtername);
                        while (period) {
                                *period = '\0';