From: Anatol Belski <ab@php.net>
Date: Mon, 27 Nov 2017 13:09:59 +0000 (+0100)
Subject: Keep up with Linux extension to POSIX.1-2001 getcwd()
X-Git-Tag: php-7.3.0alpha1~936
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=4a2ccd908be193fdc34a91306febb7153cc461eb;p=php

Keep up with Linux extension to POSIX.1-2001 getcwd()

If both buf and size are zero, the buf is allocated as big as required.
Otherwise, the size is still to respect.

Fix var name

Improve error check

Ensure the end buffer length is not bigger than requested
---

diff --git a/win32/ioutil.h b/win32/ioutil.h
index 01e8e2319b..c470fdbb1c 100644
--- a/win32/ioutil.h
+++ b/win32/ioutil.h
@@ -473,7 +473,12 @@ __forceinline static char *php_win32_ioutil_getcwd(char *buf, size_t len)
 	size_t tmp_bufa_len;
 	DWORD err = 0;
 
-	if (php_win32_ioutil_getcwd_w(tmp_bufw, len) == NULL) {
+	if (len > PHP_WIN32_IOUTIL_MAXPATHLEN) {
+		SET_ERRNO_FROM_WIN32_CODE(ERROR_BAD_LENGTH);
+		return NULL;
+	}
+
+	if (php_win32_ioutil_getcwd_w(tmp_bufw, len ? len : PHP_WIN32_IOUTIL_MAXPATHLEN) == NULL) {
 		err = GetLastError();
 		SET_ERRNO_FROM_WIN32_CODE(err);
 		return NULL;
@@ -488,17 +493,16 @@ __forceinline static char *php_win32_ioutil_getcwd(char *buf, size_t len)
 		free(tmp_bufa);
 		SET_ERRNO_FROM_WIN32_CODE(ERROR_BAD_LENGTH);
 		return NULL;
+	} else if (tmp_bufa_len + 1 > len) {
+		free(tmp_bufa);
+		SET_ERRNO_FROM_WIN32_CODE(ERROR_INSUFFICIENT_BUFFER);
+		return NULL;
 	}
 
-	if (!buf) {
+	if (!buf && !len) {
 		/* If buf was NULL, the result has to be freed outside here. */
 		buf = tmp_bufa;
 	} else {
-		if (tmp_bufa_len + 1 > len) {
-			free(tmp_bufa);
-			SET_ERRNO_FROM_WIN32_CODE(ERROR_INSUFFICIENT_BUFFER);
-			return NULL;
-		}
 		memmove(buf, tmp_bufa, tmp_bufa_len + 1);
 		free(tmp_bufa);
 	}