From: Antony Dovgal <tony2001@php.net>
Date: Wed, 21 Jun 2006 12:43:27 +0000 (+0000)
Subject: MFH: fix invalid read with bzopen("","") and prevent filename from being empty (which... 
X-Git-Tag: php-5.2.0RC1~266
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=e7439fa200af3949b4e4fd55b24ce91e2aeb2968;p=php

MFH: fix invalid read with bzopen("","") and prevent filename from being empty (which causes endless loop somewhere is libbz2)
---

diff --git a/ext/bz2/bz2.c b/ext/bz2/bz2.c
index 1ba7083b8a..833d6ba7ae 100644
--- a/ext/bz2/bz2.c
+++ b/ext/bz2/bz2.c
@@ -359,7 +359,7 @@ PHP_FUNCTION(bzopen)
 	}
 	convert_to_string_ex(mode);
 
-	if (Z_STRVAL_PP(mode)[0] != 'r' && Z_STRVAL_PP(mode)[0] != 'w' && Z_STRVAL_PP(mode)[1] != '\0') {
+	if (Z_STRLEN_PP(mode) != 1 || (Z_STRVAL_PP(mode)[0] != 'r' && Z_STRVAL_PP(mode)[0] != 'w')) {
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "'%s' is not a valid mode for bzopen(). Only 'w' and 'r' are supported.", Z_STRVAL_PP(mode));
 		RETURN_FALSE;
 	}
@@ -367,6 +367,12 @@ PHP_FUNCTION(bzopen)
 	/* If it's not a resource its a string containing the filename to open */
 	if (Z_TYPE_PP(file) != IS_RESOURCE) {
 		convert_to_string_ex(file);
+
+		if (Z_STRLEN_PP(file) == 0) {
+			php_error_docref(NULL TSRMLS_CC, E_WARNING, "filename cannot be empty");
+			RETURN_FALSE;
+		}
+
 		stream = php_stream_bz2open(NULL,
 									Z_STRVAL_PP(file), 
 									Z_STRVAL_PP(mode),