From: Andrey Hristov Date: Wed, 13 Jan 2016 15:30:23 +0000 (+0100) Subject: commit 597db443cd6ce76b0dce590b9f51b5d4d610325e X-Git-Tag: php-7.1.0alpha1~617^2~63 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=4e8988b45af9036ffd0cc0b3f20ee67b257c9528;p=php commit 597db443cd6ce76b0dce590b9f51b5d4d610325e Author: John Bafford Date: Mon Jan 11 17:17:44 2016 -0500 MYSQLND_METHOD(mysqlnd_conn_data, get_scheme) should take socket_or_pipe by reference to allow modifications Fixes a read-from-null crash in mnd_pestrdup when trying to duplicate the socket filename. (Fixes regression in e81ecc80c) --- diff --git a/ext/mysqlnd/mysqlnd_connection.c b/ext/mysqlnd/mysqlnd_connection.c index b121cd7458..2cefe755d8 100644 --- a/ext/mysqlnd/mysqlnd_connection.c +++ b/ext/mysqlnd/mysqlnd_connection.c @@ -534,29 +534,29 @@ MYSQLND_METHOD(mysqlnd_conn_data, connect_handshake)(MYSQLND_CONN_DATA * conn, } /* }}} */ -/* {{{ mysqlnd_conn_data::connect */ +/* {{{ mysqlnd_conn_data::get_scheme */ static MYSQLND_STRING -MYSQLND_METHOD(mysqlnd_conn_data, get_scheme)(MYSQLND_CONN_DATA * conn, MYSQLND_CSTRING hostname, MYSQLND_CSTRING socket_or_pipe, unsigned int port, zend_bool * unix_socket, zend_bool * named_pipe) +MYSQLND_METHOD(mysqlnd_conn_data, get_scheme)(MYSQLND_CONN_DATA * conn, MYSQLND_CSTRING hostname, MYSQLND_CSTRING *socket_or_pipe, unsigned int port, zend_bool * unix_socket, zend_bool * named_pipe) { MYSQLND_STRING transport; DBG_ENTER("mysqlnd_conn_data::get_scheme"); #ifndef PHP_WIN32 if (hostname.l == sizeof("localhost") - 1 && !strncasecmp(hostname.s, "localhost", hostname.l)) { - DBG_INF_FMT("socket=%s", socket_or_pipe.s? socket_or_pipe.s:"n/a"); - if (!socket_or_pipe.s) { - socket_or_pipe.s = "/tmp/mysql.sock"; - socket_or_pipe.l = strlen(socket_or_pipe.s); + DBG_INF_FMT("socket=%s", socket_or_pipe->s? socket_or_pipe->s:"n/a"); + if (!socket_or_pipe->s) { + socket_or_pipe->s = "/tmp/mysql.sock"; + socket_or_pipe->l = strlen(socket_or_pipe->s); } - transport.l = mnd_sprintf(&transport.s, 0, "unix://%s", socket_or_pipe.s); + transport.l = mnd_sprintf(&transport.s, 0, "unix://%s", socket_or_pipe->s); *unix_socket = TRUE; #else if (hostname.l == sizeof(".") - 1 && hostname.s[0] == '.') { /* named pipe in socket */ - if (!socket_or_pipe.s) { - socket_or_pipe.s = "\\\\.\\pipe\\MySQL"; - socket_or_pipe.l = strlen(socket_or_pipe.s); + if (!socket_or_pipe->s) { + socket_or_pipe->s = "\\\\.\\pipe\\MySQL"; + socket_or_pipe->l = strlen(socket_or_pipe->s); } - transport.l = mnd_sprintf(&transport.s, 0, "pipe://%s", socket_or_pipe.s); + transport.l = mnd_sprintf(&transport.s, 0, "pipe://%s", socket_or_pipe->s); *named_pipe = TRUE; #endif } else { @@ -657,7 +657,7 @@ MYSQLND_METHOD(mysqlnd_conn_data, connect)(MYSQLND_CONN_DATA * conn, mysql_flags |= CLIENT_CONNECT_WITH_DB; } - transport = conn->m->get_scheme(conn, hostname, socket_or_pipe, port, &unix_socket, &named_pipe); + transport = conn->m->get_scheme(conn, hostname, &socket_or_pipe, port, &unix_socket, &named_pipe); mysql_flags = conn->m->get_updated_connect_flags(conn, mysql_flags); diff --git a/ext/mysqlnd/mysqlnd_structs.h b/ext/mysqlnd/mysqlnd_structs.h index 5bbb718cdc..35a0f3b16c 100644 --- a/ext/mysqlnd/mysqlnd_structs.h +++ b/ext/mysqlnd/mysqlnd_structs.h @@ -474,7 +474,7 @@ typedef enum_func_status (*func_mysqlnd_conn_data__set_client_option_2d)(MYSQLND typedef size_t (*func_mysqlnd_conn_data__negotiate_client_api_capabilities)(MYSQLND_CONN_DATA * const conn, const size_t flags); typedef size_t (*func_mysqlnd_conn_data__get_client_api_capabilities)(const MYSQLND_CONN_DATA * const conn); -typedef MYSQLND_STRING (*func_mysqlnd_conn_data__get_scheme)(MYSQLND_CONN_DATA * conn, MYSQLND_CSTRING hostname, MYSQLND_CSTRING socket_or_pipe, unsigned int port, zend_bool * unix_socket, zend_bool * named_pipe); +typedef MYSQLND_STRING (*func_mysqlnd_conn_data__get_scheme)(MYSQLND_CONN_DATA * conn, MYSQLND_CSTRING hostname, MYSQLND_CSTRING *socket_or_pipe, unsigned int port, zend_bool * unix_socket, zend_bool * named_pipe);