- Fixed bug #48719 parse_ini_*(): scanner mode is not checked for sanity)

author Jani Taskinen <jani@php.net>

Fri, 7 Aug 2009 15:44:37 +0000 (15:44 +0000)

committer Jani Taskinen <jani@php.net>

Fri, 7 Aug 2009 15:44:37 +0000 (15:44 +0000)
author Jani Taskinen <jani@php.net>
Fri, 7 Aug 2009 15:44:37 +0000 (15:44 +0000)
committer Jani Taskinen <jani@php.net>
Fri, 7 Aug 2009 15:44:37 +0000 (15:44 +0000)
diff --git a/NEWS b/NEWS

index 73f1e32106095b1894ea00d394a171e90793716a..659b63b436fa37f8e95d63bd6f4ea71066117c04 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -78,6 +78,8 @@ PHP                                                                        NEWS
    install location). (james dot cohen at digitalwindow dot com, Greg)
  - Fixed bug #48733 (CURLOPT_WRITEHEADER|CURLOPT_FILE|CURLOPT_STDERR warns on
    files that have been opened with r+). (Ilia)
+- Fixed bug #48719 (parse_ini_*(): scanner_mode parameter is not checked for
+  sanity). (Jani)
  - Fixed bug #48718 (FILTER_VALIDATE_EMAIL does not allow numbers in domain  
    components). (Ilia)
  - Fixed bug #48681 (openssl signature verification for tar archives broken).
diff --git a/Zend/zend_ini_scanner.l b/Zend/zend_ini_scanner.l

index 17be4b0ffa80575131703abc43a4306ba95ddec8..c5627d014be454836b45f647d91290ec8d82b47b 100644 (file)
--- a/Zend/zend_ini_scanner.l
+++ b/Zend/zend_ini_scanner.l
@@ -158,12 +158,28 @@ static void yy_scan_buffer(char *str, unsigned int len TSRMLS_DC)
  
  /* {{{ init_ini_scanner()
  */
-static void init_ini_scanner(TSRMLS_D)
+static int init_ini_scanner(int scanner_mode, zend_file_handle *fh TSRMLS_DC)
  {
+       /* Sanity check */
+       if (scanner_mode != ZEND_INI_SCANNER_NORMAL && scanner_mode != ZEND_INI_SCANNER_RAW) {
+               zend_error(E_WARNING, "Invalid scanner mode");
+               return FAILURE;
+       }
+
         SCNG(lineno) = 1;
-       SCNG(scanner_mode) = ZEND_INI_SCANNER_NORMAL;
+       SCNG(scanner_mode) = scanner_mode;
+       SCNG(yy_in) = fh;
+
+       if (fh != NULL) {
+               ini_filename = zend_strndup(fh->filename, strlen(fh->filename));
+       } else {
+               ini_filename = NULL;
+       }
+
         zend_stack_init(&SCNG(state_stack));
         BEGIN(INITIAL);
+
+       return SUCCESS;
  }
  /* }}} */
  
@@ -201,15 +217,14 @@ int zend_ini_open_file_for_scanning(zend_file_handle *fh, int scanner_mode TSRML
         char *buf;
         size_t size;
  
-       if (zend_stream_fixup(fh, &buf, &size TSRMLS_CC) == FAILURE) {
+       if (zend_stream_fixup(fh, &buf, &size TSRMLS_CC) == FAILURE ||
+               init_ini_scanner(scanner_mode, fh TSRMLS_CC) == FAILURE
+       ) {
                 return FAILURE;
         }
  
-       init_ini_scanner(TSRMLS_C);
-       SCNG(scanner_mode) = scanner_mode;
-       SCNG(yy_in) = fh;
         yy_scan_buffer(buf, size TSRMLS_CC);
-       ini_filename = zend_strndup(fh->filename, strlen(fh->filename));
+
         return SUCCESS;
  }
  /* }}} */
@@ -220,11 +235,12 @@ int zend_ini_prepare_string_for_scanning(char *str, int scanner_mode TSRMLS_DC)
  {
         int len = strlen(str);
  
-       init_ini_scanner(TSRMLS_C);
-       SCNG(scanner_mode) = scanner_mode;
-       SCNG(yy_in) = NULL;
+       if (init_ini_scanner(scanner_mode, NULL TSRMLS_CC) == FAILURE) {
+               return FAILURE;
+       }
+
         yy_scan_buffer(str, len TSRMLS_CC);
-       ini_filename = NULL;
+
         return SUCCESS;
  }
  /* }}} */
author	Jani Taskinen <jani@php.net>
	Fri, 7 Aug 2009 15:44:37 +0000 (15:44 +0000)
committer	Jani Taskinen <jani@php.net>
	Fri, 7 Aug 2009 15:44:37 +0000 (15:44 +0000)
NEWS		patch \| blob \| history
Zend/zend_ini_scanner.l		patch \| blob \| history