commit 597db443cd6ce76b0dce590b9f51b5d4d610325e

Author: John Bafford <john@bafford.com>
Date:   Mon Jan 11 17:17:44 2016 -0500

    MYSQLND_METHOD(mysqlnd_conn_data, get_scheme) should take socket_or_pipe by reference to allow modifications

    Fixes a read-from-null crash in mnd_pestrdup when trying to duplicate the socket filename. (Fixes regression in e81ecc80c)

diff --git a/ext/mysqlnd/mysqlnd_connection.c b/ext/mysqlnd/mysqlnd_connection.c
index b121cd7458a2199f585b65494f22bcd3987e34a9..2cefe755d8527161001b48e178cad6b306709eeb 100644 (file)
--- a/ext/mysqlnd/mysqlnd_connection.c
+++ b/ext/mysqlnd/mysqlnd_connection.c
@@ -534,29 +534,29 @@ MYSQLND_METHOD(mysqlnd_conn_data, connect_handshake)(MYSQLND_CONN_DATA * conn,
 }
 /* }}} */
 
-/* {{{ mysqlnd_conn_data::connect */
+/* {{{ mysqlnd_conn_data::get_scheme */
 static MYSQLND_STRING
-MYSQLND_METHOD(mysqlnd_conn_data, get_scheme)(MYSQLND_CONN_DATA * conn, MYSQLND_CSTRING hostname, MYSQLND_CSTRING socket_or_pipe, unsigned int port, zend_bool * unix_socket, zend_bool * named_pipe)
+MYSQLND_METHOD(mysqlnd_conn_data, get_scheme)(MYSQLND_CONN_DATA * conn, MYSQLND_CSTRING hostname, MYSQLND_CSTRING *socket_or_pipe, unsigned int port, zend_bool * unix_socket, zend_bool * named_pipe)
 {
        MYSQLND_STRING transport;
        DBG_ENTER("mysqlnd_conn_data::get_scheme");
 #ifndef PHP_WIN32
        if (hostname.l == sizeof("localhost") - 1 && !strncasecmp(hostname.s, "localhost", hostname.l)) {
-               DBG_INF_FMT("socket=%s", socket_or_pipe.s? socket_or_pipe.s:"n/a");
-               if (!socket_or_pipe.s) {
-                       socket_or_pipe.s = "/tmp/mysql.sock";
-                       socket_or_pipe.l = strlen(socket_or_pipe.s);
+               DBG_INF_FMT("socket=%s", socket_or_pipe->s? socket_or_pipe->s:"n/a");
+               if (!socket_or_pipe->s) {
+                       socket_or_pipe->s = "/tmp/mysql.sock";
+                       socket_or_pipe->l = strlen(socket_or_pipe->s);
                }
-               transport.l = mnd_sprintf(&transport.s, 0, "unix://%s", socket_or_pipe.s);
+               transport.l = mnd_sprintf(&transport.s, 0, "unix://%s", socket_or_pipe->s);
                *unix_socket = TRUE;
 #else
        if (hostname.l == sizeof(".") - 1 && hostname.s[0] == '.') {
                /* named pipe in socket */
-               if (!socket_or_pipe.s) {
-                       socket_or_pipe.s = "\\\\.\\pipe\\MySQL";
-                       socket_or_pipe.l = strlen(socket_or_pipe.s);
+               if (!socket_or_pipe->s) {
+                       socket_or_pipe->s = "\\\\.\\pipe\\MySQL";
+                       socket_or_pipe->l = strlen(socket_or_pipe->s);
                }
-               transport.l = mnd_sprintf(&transport.s, 0, "pipe://%s", socket_or_pipe.s);
+               transport.l = mnd_sprintf(&transport.s, 0, "pipe://%s", socket_or_pipe->s);
                *named_pipe = TRUE;
 #endif
        } else {
@@ -657,7 +657,7 @@ MYSQLND_METHOD(mysqlnd_conn_data, connect)(MYSQLND_CONN_DATA * conn,
                mysql_flags |= CLIENT_CONNECT_WITH_DB;
        }
 
-       transport = conn->m->get_scheme(conn, hostname, socket_or_pipe, port, &unix_socket, &named_pipe);
+       transport = conn->m->get_scheme(conn, hostname, &socket_or_pipe, port, &unix_socket, &named_pipe);
 
        mysql_flags = conn->m->get_updated_connect_flags(conn, mysql_flags);
 

diff --git a/ext/mysqlnd/mysqlnd_structs.h b/ext/mysqlnd/mysqlnd_structs.h
index 5bbb718cdc616f3143156edf7d699d32e2ad1e88..35a0f3b16c883458831f47e2d9ad692f370aa7b6 100644 (file)
--- a/ext/mysqlnd/mysqlnd_structs.h
+++ b/ext/mysqlnd/mysqlnd_structs.h
@@ -474,7 +474,7 @@ typedef enum_func_status    (*func_mysqlnd_conn_data__set_client_option_2d)(MYSQLND
 typedef size_t                         (*func_mysqlnd_conn_data__negotiate_client_api_capabilities)(MYSQLND_CONN_DATA * const conn, const size_t flags);
 typedef size_t                         (*func_mysqlnd_conn_data__get_client_api_capabilities)(const MYSQLND_CONN_DATA * const conn);
 
-typedef MYSQLND_STRING         (*func_mysqlnd_conn_data__get_scheme)(MYSQLND_CONN_DATA * conn, MYSQLND_CSTRING hostname, MYSQLND_CSTRING socket_or_pipe, unsigned int port, zend_bool * unix_socket, zend_bool * named_pipe);
+typedef MYSQLND_STRING         (*func_mysqlnd_conn_data__get_scheme)(MYSQLND_CONN_DATA * conn, MYSQLND_CSTRING hostname, MYSQLND_CSTRING *socket_or_pipe, unsigned int port, zend_bool * unix_socket, zend_bool * named_pipe);