From: Sara Golemon Date: Mon, 27 Jan 2003 19:51:50 +0000 (+0000) Subject: Fix potential buffer overflow. X-Git-Tag: PHP_5_0_dev_before_13561_fix~19 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=d0cb097c52da5034c4d93098e05f29e38fcf5325;p=php Fix potential buffer overflow. --- diff --git a/ext/ftp/ftp.c b/ext/ftp/ftp.c index 96e2a7f299..0180c4f598 100644 --- a/ext/ftp/ftp.c +++ b/ext/ftp/ftp.c @@ -538,23 +538,31 @@ ftp_rmdir(ftpbuf_t *ftp, const char *dir) /* {{{ ftp_chmod */ int -ftp_chmod(ftpbuf_t *ftp, const int mode, const char *filename) +ftp_chmod(ftpbuf_t *ftp, const int mode, const char *filename, const int filename_len) { - char buffer[1024]; + char *buffer; - if (ftp == NULL) { + if (ftp == NULL || filename_len <= 0) { + return 0; + } + + if (!(buffer = emalloc(32 + filename_len + 1))) { return 0; } sprintf(buffer, "CHMOD %o %s", mode, filename); if (!ftp_putcmd(ftp, "SITE", buffer)) { + efree(buffer); return 0; } + efree(buffer); + if (!ftp_getresp(ftp) || ftp->resp != 200) { return 0; } + return 1; } /* }}} */ diff --git a/ext/ftp/ftp.h b/ext/ftp/ftp.h index 35bf12bffb..19233a5d6c 100644 --- a/ext/ftp/ftp.h +++ b/ext/ftp/ftp.h @@ -136,7 +136,7 @@ char* ftp_mkdir(ftpbuf_t *ftp, const char *dir); int ftp_rmdir(ftpbuf_t *ftp, const char *dir); /* Set permissions on a file */ -int ftp_chmod(ftpbuf_t *ftp, const int mode, const char *filename); +int ftp_chmod(ftpbuf_t *ftp, const int mode, const char *filename, const int filename_len); /* returns a NULL-terminated array of filenames in the given path * or NULL on error. the return array must be freed (but don't diff --git a/ext/ftp/php_ftp.c b/ext/ftp/php_ftp.c index b8fc548b1e..d43211ad39 100644 --- a/ext/ftp/php_ftp.c +++ b/ext/ftp/php_ftp.c @@ -396,7 +396,7 @@ PHP_FUNCTION(ftp_chmod) ZEND_FETCH_RESOURCE(ftp, ftpbuf_t*, &z_ftp, -1, le_ftpbuf_name, le_ftpbuf); - if (!ftp_chmod(ftp, mode, filename)) { + if (!ftp_chmod(ftp, mode, filename, filename_len)) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "%s", ftp->inbuf); RETURN_FALSE; }