From: Ilia Alshanetsky <iliaa@php.net>
Date: Tue, 4 Sep 2007 12:51:49 +0000 (+0000)
Subject: Fixed possible buffer overflows inside the fnmatch() and glob() functions
X-Git-Tag: php-5.2.5RC1~222
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=72f910c012a3982d5b77193fbda7b908a95c3607;p=php

Fixed possible buffer overflows inside the fnmatch() and glob() functions
---

diff --git a/NEWS b/NEWS
index 3b10039cf2..f85873d8a9 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,9 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? 20??, PHP 5.2.5
+- Fixed possible buffer overflows inside the fnmatch() and glob() functions 
+  reported by Laurent gaffie (Ilia)
+
 - Upgraded PCRE to version 7.3 (Nuno)
 - Added optional parameter $provide_object to debug_backtrace(). (Sebastian)
 
diff --git a/ext/standard/dir.c b/ext/standard/dir.c
index d78bc615f2..1ad24d77ae 100644
--- a/ext/standard/dir.c
+++ b/ext/standard/dir.c
@@ -401,6 +401,11 @@ PHP_FUNCTION(glob)
 		return;
 	}
 
+	if (pattern_len >= MAXPATHLEN) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Pattern exceeds the maximum allowed length of %d characters", MAXPATHLEN);
+		RETURN_FALSE;
+	}
+
 	if ((GLOB_AVAILABLE_FLAGS & flags) != flags) {
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "At least one of the passed flags is invalid or not supported on this platform");
 		RETURN_FALSE;
diff --git a/ext/standard/file.c b/ext/standard/file.c
index 04d4dc3434..c54ce62313 100644
--- a/ext/standard/file.c
+++ b/ext/standard/file.c
@@ -2518,6 +2518,11 @@ PHP_FUNCTION(fnmatch)
 		== FAILURE) 
 		return;
 	
+	if (filename_len >= MAXPATHLEN) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Filename exceeds the maximum allowed length of %d characters", MAXPATHLEN);
+		RETURN_FALSE;
+	}
+
 	RETURN_BOOL( ! fnmatch( pattern, filename, flags ));
 }
 /* }}} */