From: Ilia Alshanetsky <iliaa@php.net>
Date: Tue, 23 May 2006 23:23:40 +0000 (+0000)
Subject: MFH: Fixed handling of extremely long paths inside tempnam() function.
X-Git-Tag: php-4.4.3~10
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=f6753e96e352aa44464a9c93d033c76ffd5bd7c3;p=php

MFH: Fixed handling of extremely long paths inside tempnam() function.
---

diff --git a/NEWS b/NEWS
index 0b92cc2485..0d02ce22c6 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,7 @@
 PHP 4                                                                      NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? 2006, Version 4.4.3
+- Fixed handling of extremely long paths inside tempnam() function. (Ilia)
 
 21 May 2006, Version 4.4.3RC1
 - Added control character checks for cURL extension's open_basedir/safe_mode
diff --git a/main/php_open_temporary_file.c b/main/php_open_temporary_file.c
index 93daa91495..e870db76f1 100644
--- a/main/php_open_temporary_file.c
+++ b/main/php_open_temporary_file.c
@@ -115,17 +115,16 @@ static int php_do_open_temporary_file(const char *path, const char *pfx, char **
 
 	path_len = strlen(path);
 
-	if (!(opened_path = emalloc(MAXPATHLEN))) {
-		return -1;
-	}
-
 	if (!path_len || IS_SLASH(path[path_len - 1])) {
 		trailing_slash = "";
 	} else {
 		trailing_slash = "/";
 	}
 
-	(void)snprintf(opened_path, MAXPATHLEN, "%s%s%sXXXXXX", path, trailing_slash, pfx);
+	if (spprintf(&opened_path, 0, "%s%s%sXXXXXX", path, trailing_slash, pfx) >= MAXPATHLEN) {
+		efree(opened_path);
+		return -1;
+	}
 
 #ifdef PHP_WIN32
 	if (GetTempFileName(path, pfx, 0, opened_path)) {