From 436e339bc77759a7a78c4447d7772f7d8e9e4073 Mon Sep 17 00:00:00 2001 From: Wez Furlong Date: Sun, 17 Mar 2002 13:19:27 +0000 Subject: [PATCH] Fix for Bug #16121: make unix socket names binary safe. # Could be applied to 4.2 branch, but I don't have a working copy, and # I don't think it's amazingly critical. --- ext/standard/fsock.c | 2 +- main/network.c | 16 ++++++++++++++-- main/php_network.h | 2 +- 3 files changed, 16 insertions(+), 4 deletions(-) diff --git a/ext/standard/fsock.c b/ext/standard/fsock.c index ce9da8d34b..0cb188936d 100644 --- a/ext/standard/fsock.c +++ b/ext/standard/fsock.c @@ -219,7 +219,7 @@ static void php_fsockopen_stream(INTERNAL_FUNCTION_PARAMETERS, int persistent) #endif } else - stream = php_stream_sock_open_unix(host, persistent, &tv); + stream = php_stream_sock_open_unix(host, host_len, persistent, &tv); if (stream && persistent) { zend_hash_update(&FG(ht_persistent_socks), hashkey, strlen(hashkey) + 1, diff --git a/main/network.c b/main/network.c index 93e0f2bbce..eff1666344 100644 --- a/main/network.c +++ b/main/network.c @@ -447,7 +447,7 @@ PHPAPI php_stream *php_stream_sock_open_host(const char *host, unsigned short po return php_stream_sock_open_from_socket(socket, persistent); } -PHPAPI php_stream *php_stream_sock_open_unix(const char *path, int persistent, struct timeval *timeout) +PHPAPI php_stream *php_stream_sock_open_unix(const char *path, int pathlen, int persistent, struct timeval *timeout) { #if defined(AF_UNIX) int socketd; @@ -459,7 +459,19 @@ PHPAPI php_stream *php_stream_sock_open_unix(const char *path, int persistent, s memset(&unix_addr, 0, sizeof(unix_addr)); unix_addr.sun_family = AF_UNIX; - strlcpy(unix_addr.sun_path, path, sizeof(unix_addr.sun_path)); + + /* we need to be binary safe for the on systems that support an abstract + * namespace */ + if (pathlen >= sizeof(unix_addr.sun_path)) { + /* On linux, when the path begins with a NUL byte we are + * referring to an abstract namespace. In theory we should + * allow an extra byte below, since we don't need the NULL. + * BUT, to get into this branch of code, the name is too long, + * so we don't care. */ + pathlen = sizeof(unix_addr.sun_path) - 1; + } + + memcpy(unix_addr.sun_path, path, pathlen); if (php_connect_nonb(socketd, (struct sockaddr *) &unix_addr, sizeof(unix_addr), timeout) == SOCK_CONN_ERR) return NULL; diff --git a/main/php_network.h b/main/php_network.h index a9a4bc1623..2170d80b31 100644 --- a/main/php_network.h +++ b/main/php_network.h @@ -106,7 +106,7 @@ PHPAPI php_stream *php_stream_sock_open_from_socket(int socket, int persistent); /* open a connection to a host using php_hostconnect and return a stream */ PHPAPI php_stream *php_stream_sock_open_host(const char *host, unsigned short port, int socktype, int timeout, int persistent); -PHPAPI php_stream *php_stream_sock_open_unix(const char *path, int persistent, struct timeval *timeout); +PHPAPI php_stream *php_stream_sock_open_unix(const char *path, int pathlen, int persistent, struct timeval *timeout); PHPAPI void php_stream_sock_set_timeout(php_stream *stream, struct timeval *timeout); PHPAPI int php_stream_sock_set_blocking(php_stream *stream, int mode); -- 2.40.0