From 0ab0cf61db1a87cc1f9ce76a772ea081ef5e0235 Mon Sep 17 00:00:00 2001 From: Antony Dovgal Date: Mon, 5 Jun 2006 07:34:00 +0000 Subject: [PATCH] fix OCIPasswordChange() parameters (patch by pholdaway at technocom-wireless dot com) prevent username. password and new password from being empty --- ext/oci8/oci8.c | 4 ++-- ext/oci8/oci8_interface.c | 26 ++++++++++++++++++++++++++ 2 files changed, 28 insertions(+), 2 deletions(-) diff --git a/ext/oci8/oci8.c b/ext/oci8/oci8.c index 8e66cac992..30d287d460 100644 --- a/ext/oci8/oci8.c +++ b/ext/oci8/oci8.c @@ -1264,7 +1264,7 @@ open: if (new_password) { /* try to change password if new one was provided {{{ */ - OCI_G(errcode) = PHP_OCI_CALL(OCIPasswordChange, (connection->svc, OCI_G(err), (text *)username, username_len+1, (text *)password, password_len+1, (text *)new_password, new_password_len+1, OCI_AUTH)); + OCI_G(errcode) = PHP_OCI_CALL(OCIPasswordChange, (connection->svc, OCI_G(err), (text *)username, username_len, (text *)password, password_len, (text *)new_password, new_password_len, OCI_AUTH)); if (OCI_G(errcode) != OCI_SUCCESS) { php_oci_error(OCI_G(err), OCI_G(errcode) TSRMLS_CC); @@ -1496,7 +1496,7 @@ static int php_oci_connection_close(php_oci_connection *connection TSRMLS_DC) Change password for the user with the username given */ int php_oci_password_change(php_oci_connection *connection, char *user, int user_len, char *pass_old, int pass_old_len, char *pass_new, int pass_new_len TSRMLS_DC) { - connection->errcode = PHP_OCI_CALL(OCIPasswordChange, (connection->svc, connection->err, (text *)user, user_len+1, (text *)pass_old, pass_old_len+1, (text *)pass_new, pass_new_len+1, OCI_DEFAULT)); + connection->errcode = PHP_OCI_CALL(OCIPasswordChange, (connection->svc, connection->err, (text *)user, user_len, (text *)pass_old, pass_old_len, (text *)pass_new, pass_new_len, OCI_DEFAULT)); if (connection->errcode != OCI_SUCCESS) { php_oci_error(connection->err, connection->errcode TSRMLS_CC); diff --git a/ext/oci8/oci8_interface.c b/ext/oci8/oci8_interface.c index 150d6acf8f..3ce60ff05c 100644 --- a/ext/oci8/oci8_interface.c +++ b/ext/oci8/oci8_interface.c @@ -1679,12 +1679,38 @@ PHP_FUNCTION(oci_password_change) if (zend_parse_parameters_ex(ZEND_PARSE_PARAMS_QUIET, ZEND_NUM_ARGS() TSRMLS_CC, "rsss", &z_connection, &user, &user_len, &pass_old, &pass_old_len, &pass_new, &pass_new_len) == SUCCESS) { PHP_OCI_ZVAL_TO_CONNECTION(z_connection, connection); + if (!user_len) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "username cannot be empty"); + RETURN_FALSE; + } + if (!pass_old_len) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "old password cannot be empty"); + RETURN_FALSE; + } + if (!pass_new_len) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "new password cannot be empty"); + RETURN_FALSE; + } + if (php_oci_password_change(connection, user, user_len, pass_old, pass_old_len, pass_new, pass_new_len TSRMLS_CC)) { RETURN_FALSE; } RETURN_TRUE; } else if (zend_parse_parameters_ex(ZEND_PARSE_PARAMS_QUIET, ZEND_NUM_ARGS() TSRMLS_CC, "ssss", &dbname, &dbname_len, &user, &user_len, &pass_old, &pass_old_len, &pass_new, &pass_new_len) == SUCCESS) { + if (!user_len) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "username cannot be empty"); + RETURN_FALSE; + } + if (!pass_old_len) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "old password cannot be empty"); + RETURN_FALSE; + } + if (!pass_new_len) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "new password cannot be empty"); + RETURN_FALSE; + } + connection = php_oci_do_connect_ex(user, user_len, pass_old, pass_old_len, pass_new, pass_new_len, dbname, dbname_len, NULL, OCI_DEFAULT, 0, 0 TSRMLS_CC); if (!connection) { RETURN_FALSE; -- 2.50.1