From: Alex Dowad Date: Sat, 9 May 2020 16:16:45 +0000 (+0200) Subject: Don't leak memory if wrong resource type is passed to proc_open X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b983580dd78cbc7e4f0ddb56671f8b4b6631fb3e;p=php Don't leak memory if wrong resource type is passed to proc_open proc_open can accept stream resources in the descriptorspec, like this: proc_open("command", array(0 => $resource), $pipes); Previously, if a resource which was *not* of type "stream" was passed, proc_open would return without freeing dynamically allocated memory. It's fixed now. --- diff --git a/ext/standard/proc_open.c b/ext/standard/proc_open.c index 186501acbd..5a574cb2ff 100644 --- a/ext/standard/proc_open.c +++ b/ext/standard/proc_open.c @@ -933,12 +933,14 @@ PHP_FUNCTION(proc_open) if (Z_TYPE_P(descitem) == IS_RESOURCE) { /* should be a stream - try and dup the descriptor */ - php_stream *stream; + php_stream *stream = (php_stream*)zend_fetch_resource(Z_RES_P(descitem), "stream", php_file_le_stream()); + if (stream == NULL) { + goto exit_fail; + } + php_socket_t fd; php_file_descriptor_t desc; - php_stream_from_zval(stream, descitem); - if (FAILURE == php_stream_cast(stream, PHP_STREAM_AS_FD, (void **)&fd, REPORT_ERRORS)) { goto exit_fail; } diff --git a/ext/standard/tests/file/proc_open_with_wrong_resource_type.phpt b/ext/standard/tests/file/proc_open_with_wrong_resource_type.phpt new file mode 100644 index 0000000000..f48c7b8720 --- /dev/null +++ b/ext/standard/tests/file/proc_open_with_wrong_resource_type.phpt @@ -0,0 +1,14 @@ +--TEST-- +proc_open does not leak memory when called with wrong resource type in descriptorspec +--FILE-- + $context), $pipes); + echo "Not reached"; + } catch (TypeError $e) { + echo $e->getMessage(), "\n"; + } +?> +--EXPECT-- +proc_open(): supplied resource is not a valid stream resource