From: Ilia Alshanetsky <iliaa@php.net>
Date: Mon, 15 Sep 2003 23:49:41 +0000 (+0000)
Subject: MFH: Fixed bug #25106 (Added more stringent checks on bzopen() mode).
X-Git-Tag: php-4.3.4RC1~54
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=d0d8c4a6a37536680bc177e9f93c036ed2939688;p=php

MFH: Fixed bug #25106 (Added more stringent checks on bzopen() mode).
---

diff --git a/NEWS b/NEWS
index 6807c22d53..9d72ea272c 100644
--- a/NEWS
+++ b/NEWS
@@ -37,6 +37,7 @@ PHP 4                                                                      NEWS
 - Fixed bug #25211 (image.c compile failure with AIX). (Marcus)
 - Fixed bug #25166 (WDDX serializer handler missing in win32). (Jani)
 - Fixed bug #25109 (Possible crash when fetching field names in pgsql). (Ilia)
+- Fixed bug #25106 (Added more stringent checks on bzopen() mode). (Ilia)
 - Fixed bug #25218 ("deflate" compressed pages had a gzip header). (Stefan)
 - Fixed bug #23326 (ext/domxml: Attributes via append_child not supported).
   (Melvyn)
diff --git a/ext/bz2/bz2.c b/ext/bz2/bz2.c
index 2fc287f14b..67c08c9170 100644
--- a/ext/bz2/bz2.c
+++ b/ext/bz2/bz2.c
@@ -165,9 +165,12 @@ PHP_BZ2_API php_stream *_php_stream_bz2open(php_stream_wrapper *wrapper,
 	if (strncasecmp("compress.bzip2://", path, 17) == 0) {
 		path += 17;
 	}
+	if (mode[0] != 'w' && mode[0] != 'r' && mode[1] != '\0') {
+		return NULL;
+	}
 
 #ifdef VIRTUAL_DIR
-	virtual_filepath(path, &path_copy TSRMLS_CC);
+	virtual_filepath_ex(path, &path_copy, NULL TSRMLS_CC);
 #else
 	path_copy = path;
 #endif  
@@ -190,6 +193,12 @@ PHP_BZ2_API php_stream *_php_stream_bz2open(php_stream_wrapper *wrapper,
 				bz_file = BZ2_bzdopen(fd, mode);
 			}
 		}
+		/* remove the file created by php_stream_open_wrapper(), it is not needed since BZ2 functions
+		 * failed.
+		 */
+		if (!bz_file && mode[0] == 'w') {
+			VCWD_UNLINK(*opened_path);
+		}
 	}
 	
 	if (bz_file) {
@@ -302,7 +311,12 @@ PHP_FUNCTION(bzopen)
 		WRONG_PARAM_COUNT;
 	}
 	convert_to_string_ex(mode);
-	
+
+	if (Z_STRVAL_PP(mode)[0] != 'r' && Z_STRVAL_PP(mode)[0] != 'w' && Z_STRVAL_PP(mode)[1] != '\0') {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "'%s' is not a valid mode for bzopen(). Only 'w' and 'r' are supported.", Z_STRVAL_PP(mode));
+		RETURN_FALSE;
+	}
+
 	/* If it's not a resource its a string containing the filename to open */
 	if (Z_TYPE_PP(file) != IS_RESOURCE) {
 		convert_to_string_ex(file);