From 4a2ccd908be193fdc34a91306febb7153cc461eb Mon Sep 17 00:00:00 2001 From: Anatol Belski Date: Mon, 27 Nov 2017 14:09:59 +0100 Subject: [PATCH] Keep up with Linux extension to POSIX.1-2001 getcwd() If both buf and size are zero, the buf is allocated as big as required. Otherwise, the size is still to respect. Fix var name Improve error check Ensure the end buffer length is not bigger than requested --- win32/ioutil.h | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/win32/ioutil.h b/win32/ioutil.h index 01e8e2319b..c470fdbb1c 100644 --- a/win32/ioutil.h +++ b/win32/ioutil.h @@ -473,7 +473,12 @@ __forceinline static char *php_win32_ioutil_getcwd(char *buf, size_t len) size_t tmp_bufa_len; DWORD err = 0; - if (php_win32_ioutil_getcwd_w(tmp_bufw, len) == NULL) { + if (len > PHP_WIN32_IOUTIL_MAXPATHLEN) { + SET_ERRNO_FROM_WIN32_CODE(ERROR_BAD_LENGTH); + return NULL; + } + + if (php_win32_ioutil_getcwd_w(tmp_bufw, len ? len : PHP_WIN32_IOUTIL_MAXPATHLEN) == NULL) { err = GetLastError(); SET_ERRNO_FROM_WIN32_CODE(err); return NULL; @@ -488,17 +493,16 @@ __forceinline static char *php_win32_ioutil_getcwd(char *buf, size_t len) free(tmp_bufa); SET_ERRNO_FROM_WIN32_CODE(ERROR_BAD_LENGTH); return NULL; + } else if (tmp_bufa_len + 1 > len) { + free(tmp_bufa); + SET_ERRNO_FROM_WIN32_CODE(ERROR_INSUFFICIENT_BUFFER); + return NULL; } - if (!buf) { + if (!buf && !len) { /* If buf was NULL, the result has to be freed outside here. */ buf = tmp_bufa; } else { - if (tmp_bufa_len + 1 > len) { - free(tmp_bufa); - SET_ERRNO_FROM_WIN32_CODE(ERROR_INSUFFICIENT_BUFFER); - return NULL; - } memmove(buf, tmp_bufa, tmp_bufa_len + 1); free(tmp_bufa); } -- 2.50.1