From: Ilia Alshanetsky <iliaa@php.net>
Date: Sun, 2 May 2010 19:34:21 +0000 (+0000)
Subject: - Fixed a possible stack exaustion inside fnmatch(). Reporeted by Stefan Esser
X-Git-Tag: php-5.3.3RC1~225
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=90c336026eabac357d5479138ff54c7c23b7fca7;p=php

- Fixed a possible stack exaustion inside fnmatch(). Reporeted by Stefan Esser
---

diff --git a/NEWS b/NEWS
index 50c70a4b88..126644650a 100644
--- a/NEWS
+++ b/NEWS
@@ -23,6 +23,8 @@ PHP                                                                        NEWS
 - Fixed very rare memory leak in mysqlnd, when binding thousands of columns.
   (Andrey)
 
+- Fixed a possible stack exaustion inside fnmatch(). Reporeted by Stefan    
+  Esser (Ilia)
 - Fixed a possible dechunking filter buffer overflow. Reported by Stefan Esser.
   (Pierre)
 - Fixed a possible arbitrary memory access inside sqlite extension. Reported 
diff --git a/ext/standard/file.c b/ext/standard/file.c
index 704ef1231f..0c53689582 100644
--- a/ext/standard/file.c
+++ b/ext/standard/file.c
@@ -136,26 +136,12 @@ php_file_globals file_globals;
 
 /* {{{ ZTS-stuff / Globals / Prototypes */
 
-/* sharing globals is *evil* */
-static int le_stream_context = FAILURE;
 
-PHPAPI int php_le_stream_context(void)
-{
-	return le_stream_context;
-}
 /* }}} */
 
 /* {{{ Module-Stuff
 */
-static ZEND_RSRC_DTOR_FUNC(file_context_dtor)
-{
-	php_stream_context *context = (php_stream_context*)rsrc->ptr;
-	if (context->options) {
-		zval_ptr_dtor(&context->options);
-		context->options = NULL;
-	}
-	php_stream_context_free(context);
-}
+
 
 static void file_globals_ctor(php_file_globals *file_globals_p TSRMLS_DC)
 {
@@ -176,7 +162,6 @@ PHP_INI_END()
 
 PHP_MINIT_FUNCTION(file)
 {
-	le_stream_context = zend_register_list_destructors_ex(file_context_dtor, NULL, "stream-context", module_number);
 
 #ifdef ZTS
 	ts_allocate_id(&file_globals_id, sizeof(php_file_globals), (ts_allocate_ctor) file_globals_ctor, (ts_allocate_dtor) file_globals_dtor);
@@ -2521,6 +2506,10 @@ PHP_FUNCTION(fnmatch)
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Filename exceeds the maximum allowed length of %d characters", MAXPATHLEN);
 		RETURN_FALSE;
 	}
+	if (pattern_len >= MAXPATHLEN) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Pattern exceeds the maximum allowed length of %d characters", MAXPATHLEN);
+		RETURN_FALSE;
+	}
 
 	RETURN_BOOL( ! fnmatch( pattern, filename, flags ));
 }