From: Jani Taskinen Date: Wed, 22 Aug 2007 14:59:45 +0000 (+0000) Subject: MFH:- Fixed bug #42365 (glob() crashes with invalid flags) X-Git-Tag: php-5.2.4RC3~10 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=8ab99847073dd11a46fec83ac16dfd845b1e40df;p=php MFH:- Fixed bug #42365 (glob() crashes with invalid flags) --- diff --git a/NEWS b/NEWS index 60684613d4..f5bc04ee3d 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,7 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? Aug 2007, PHP 5.2.4 +- Fixed bug #42365 (glob() crashes and/or accepts way too many flags). (Jani) - Fixed bug #42183 (classmap cause crashr in non-wsdl mode). (Dmitry) - Fixed bug #42009 (is_a() and is_subclass_of() should NOT call autoload, in the same way as "instanceof" operator). (Dmitry) diff --git a/ext/standard/dir.c b/ext/standard/dir.c index b7c8175bec..d78bc615f2 100644 --- a/ext/standard/dir.c +++ b/ext/standard/dir.c @@ -141,34 +141,56 @@ PHP_MINIT_FUNCTION(dir) REGISTER_STRING_CONSTANT("PATH_SEPARATOR", pathsep_str, CONST_CS|CONST_PERSISTENT); #ifdef HAVE_GLOB + #ifdef GLOB_BRACE REGISTER_LONG_CONSTANT("GLOB_BRACE", GLOB_BRACE, CONST_CS | CONST_PERSISTENT); +#else +# define GLOB_BRACE 0 #endif + #ifdef GLOB_MARK REGISTER_LONG_CONSTANT("GLOB_MARK", GLOB_MARK, CONST_CS | CONST_PERSISTENT); +#else +# define GLOB_MARK 0 #endif + #ifdef GLOB_NOSORT REGISTER_LONG_CONSTANT("GLOB_NOSORT", GLOB_NOSORT, CONST_CS | CONST_PERSISTENT); +#else +# define GLOB_NOSORT 0 #endif + #ifdef GLOB_NOCHECK REGISTER_LONG_CONSTANT("GLOB_NOCHECK", GLOB_NOCHECK, CONST_CS | CONST_PERSISTENT); +#else +# define GLOB_NOCHECK 0 #endif + #ifdef GLOB_NOESCAPE REGISTER_LONG_CONSTANT("GLOB_NOESCAPE", GLOB_NOESCAPE, CONST_CS | CONST_PERSISTENT); +#else +# define GLOB_NOESCAPE 0 #endif + #ifdef GLOB_ERR REGISTER_LONG_CONSTANT("GLOB_ERR", GLOB_ERR, CONST_CS | CONST_PERSISTENT); +#else +# define GLOB_ERR 0 #endif #ifndef GLOB_ONLYDIR -#define GLOB_ONLYDIR (1<<30) -#define GLOB_EMULATE_ONLYDIR -#define GLOB_FLAGMASK (~GLOB_ONLYDIR) +# define GLOB_ONLYDIR (1<<30) +# define GLOB_EMULATE_ONLYDIR +# define GLOB_FLAGMASK (~GLOB_ONLYDIR) #else -#define GLOB_FLAGMASK (~0) +# define GLOB_FLAGMASK (~0) #endif +/* This is used for checking validity of passed flags (passing invalid flags causes segfault in glob()!! */ +#define GLOB_AVAILABLE_FLAGS (0 | GLOB_BRACE | GLOB_MARK | GLOB_NOSORT | GLOB_NOCHECK | GLOB_NOESCAPE | GLOB_ERR | GLOB_ONLYDIR) + REGISTER_LONG_CONSTANT("GLOB_ONLYDIR", GLOB_ONLYDIR, CONST_CS | CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("GLOB_AVAILABLE_FLAGS", GLOB_AVAILABLE_FLAGS, CONST_CS | CONST_PERSISTENT); #endif /* HAVE_GLOB */ @@ -375,8 +397,14 @@ PHP_FUNCTION(glob) int n; int ret; - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|l", &pattern, &pattern_len, &flags) == FAILURE) + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|l", &pattern, &pattern_len, &flags) == FAILURE) { return; + } + + if ((GLOB_AVAILABLE_FLAGS & flags) != flags) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "At least one of the passed flags is invalid or not supported on this platform"); + RETURN_FALSE; + } #ifdef ZTS if (!IS_ABSOLUTE_PATH(pattern, pattern_len)) {