]> granicus.if.org Git - php/commit
projects / php / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e7a4cf8) | patch
socket: fix bug #65260 (SCM_RIGHTS)
authorGustavo Lopes <glopes@nebm.ist.utl.pt>
Sun, 14 Jul 2013 23:44:38 +0000 (01:44 +0200)
committerGustavo Lopes <glopes@nebm.ist.utl.pt>
Mon, 15 Jul 2013 21:57:49 +0000 (23:57 +0200)
commite2744f1aa33da3afade2c454b008c0de65a72da9
treec6c8df36e3b92f01c97e5f95ca6d969eda6dc503tree | snapshot
parente7a4cf8d7ee68ade2901c1069f2af7ff14273333commit | diff
socket: fix bug #65260 (SCM_RIGHTS)

The data for messages of type SOL_SOCKET/SCM_RIGHTS was not being
passed correctly. There were actually two bugs: (1) the number of file
descriptors being passed was being read incorrectly (the length of the
cmsg array was being read instead of that of its 'data' element), as a
result it was generally being reported as always three elements
('level', 'type' and 'data') and (2) the allocated block for writing
the file descriptors was being acessed incorrectly because a 1-based
counter was being used as if it was 0-based.

Any of these two bugs would probably be enough to cause heap
corruption.
ext/sockets/conversions.c diff | blob | history
ext/sockets/tests/socket_cmsg_rights.phpt diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.