From e5a27962232118214868665cd37417e15af4a813 Mon Sep 17 00:00:00 2001 From: Ilia Alshanetsky Date: Fri, 12 Jan 2007 01:50:43 +0000 Subject: [PATCH] MFB: Fixed bug #40098 (php_fopen_primary_script() not thread safe). Adjusted previous fixes for similar issue to handle sysconf() failures --- ext/posix/posix.c | 44 +++++++++++++++++++++++++++---------------- main/fopen_wrappers.c | 30 +++++++++++++++++++++-------- 2 files changed, 50 insertions(+), 24 deletions(-) diff --git a/ext/posix/posix.c b/ext/posix/posix.c index cff3cdab25..bf46c0cdb6 100644 --- a/ext/posix/posix.c +++ b/ext/posix/posix.c @@ -556,8 +556,8 @@ PHP_FUNCTION(posix_ttyname) zval **z_fd; char *p; int fd; -#if HAVE_TTYNAME_R - size_t buflen; +#if defined(ZTS) && defined(HAVE_TTYNAME_R) && defined(_SC_TTY_NAME_MAX) + long buflen; #endif if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "Z", &z_fd) == FAILURE) { @@ -574,8 +574,11 @@ PHP_FUNCTION(posix_ttyname) convert_to_long_ex(z_fd); fd = Z_LVAL_PP(z_fd); } -#if HAVE_TTYNAME_R +#if defined(ZTS) && defined(HAVE_TTYNAME_R) && defined(_SC_TTY_NAME_MAX) buflen = sysconf(_SC_TTY_NAME_MAX); + if (buflen < 1) { + RETURN_FALSE; + } p = emalloc(buflen); if (ttyname_r(fd, p, buflen)) { @@ -820,9 +823,9 @@ PHP_FUNCTION(posix_getgrnam) char *name; struct group *g; int name_len; -#if HAVE_GETGRNAM_R +#if defined(ZTS) && defined(HAVE_GETGRNAM_R) && defined(_SC_GETGR_R_SIZE_MAX) struct group gbuf; - int buflen; + long buflen; char *buf; #endif @@ -830,8 +833,11 @@ PHP_FUNCTION(posix_getgrnam) RETURN_FALSE; } -#if HAVE_GETGRNAM_R +#if defined(ZTS) && defined(HAVE_GETGRNAM_R) && defined(_SC_GETGR_R_SIZE_MAX) buflen = sysconf(_SC_GETGR_R_SIZE_MAX); + if (buflen < 1) { + RETURN_FALSE; + } buf = emalloc(buflen); g = &gbuf; @@ -853,7 +859,7 @@ PHP_FUNCTION(posix_getgrnam) php_error_docref(NULL TSRMLS_CC, E_WARNING, "unable to convert posix group to array"); RETVAL_FALSE; } -#if HAVE_GETGRNAM_R +#if defined(ZTS) && defined(HAVE_GETGRNAM_R) && defined(_SC_GETGR_R_SIZE_MAX) efree(buf); #endif } @@ -868,7 +874,7 @@ PHP_FUNCTION(posix_getgrgid) int ret; struct group _g; struct group *retgrptr; - int grbuflen; + long grbuflen; char *grbuf; #endif struct group *g; @@ -932,9 +938,9 @@ PHP_FUNCTION(posix_getpwnam) struct passwd *pw; char *name; int name_len; -#if defined(_SC_GETPW_R_SIZE_MAX) && defined(HAVE_GETPWNAM_R) +#if defined(ZTS) && defined(_SC_GETPW_R_SIZE_MAX) && defined(HAVE_GETPWNAM_R) struct passwd pwbuf; - int buflen; + long buflen; char *buf; #endif @@ -942,8 +948,11 @@ PHP_FUNCTION(posix_getpwnam) RETURN_FALSE; } -#if defined(_SC_GETPW_R_SIZE_MAX) && defined(HAVE_GETPWNAM_R) +#if defined(ZTS) && defined(_SC_GETPW_R_SIZE_MAX) && defined(HAVE_GETPWNAM_R) buflen = sysconf(_SC_GETPW_R_SIZE_MAX); + if (buflen < 1) { + RETURN_FALSE; + } buf = emalloc(buflen); pw = &pwbuf; @@ -965,7 +974,7 @@ PHP_FUNCTION(posix_getpwnam) php_error_docref(NULL TSRMLS_CC, E_WARNING, "unable to convert posix passwd struct to array"); RETVAL_FALSE; } -#if defined(_SC_GETPW_R_SIZE_MAX) && defined(HAVE_GETPWNAM_R) +#if defined(ZTS) && defined(_SC_GETPW_R_SIZE_MAX) && defined(HAVE_GETPWNAM_R) efree(buf); #endif } @@ -976,10 +985,10 @@ PHP_FUNCTION(posix_getpwnam) PHP_FUNCTION(posix_getpwuid) { long uid; -#if defined(_SC_GETPW_R_SIZE_MAX) && defined(HAVE_GETPWUID_R) +#if defined(ZTS) && defined(_SC_GETPW_R_SIZE_MAX) && defined(HAVE_GETPWUID_R) struct passwd _pw; struct passwd *retpwptr = NULL; - int pwbuflen; + long pwbuflen; char *pwbuf; int ret; #endif @@ -988,8 +997,11 @@ PHP_FUNCTION(posix_getpwuid) if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "l", &uid) == FAILURE) { RETURN_FALSE; } -#if defined(_SC_GETPW_R_SIZE_MAX) && defined(HAVE_GETPWUID_R) +#if defined(ZTS) && defined(_SC_GETPW_R_SIZE_MAX) && defined(HAVE_GETPWUID_R) pwbuflen = sysconf(_SC_GETPW_R_SIZE_MAX); + if (pwbuflen < 1) { + RETURN_FALSE; + } pwbuf = emalloc(pwbuflen); ret = getpwuid_r(uid, &_pw, pwbuf, pwbuflen, &retpwptr); @@ -1012,7 +1024,7 @@ PHP_FUNCTION(posix_getpwuid) php_error_docref(NULL TSRMLS_CC, E_WARNING, "unable to convert posix passwd struct to array"); RETVAL_FALSE; } -#if defined(_SC_GETPW_R_SIZE_MAX) && defined(HAVE_GETPWUID_R) +#if defined(ZTS) && defined(_SC_GETPW_R_SIZE_MAX) && defined(HAVE_GETPWUID_R) efree(pwbuf); #endif } diff --git a/main/fopen_wrappers.c b/main/fopen_wrappers.c index 40a3f126cf..1f9fec2ccf 100644 --- a/main/fopen_wrappers.c +++ b/main/fopen_wrappers.c @@ -272,23 +272,37 @@ PHPAPI int php_fopen_primary_script(zend_file_handle *file_handle TSRMLS_DC) filename = SG(request_info).path_translated; path_info = SG(request_info).request_uri; #if HAVE_PWD_H - if (PG(user_dir) && *PG(user_dir) - && path_info && '/' == path_info[0] && '~' == path_info[1]) { - - char user[32]; - struct passwd *pw; + if (PG(user_dir) && *PG(user_dir) && path_info && '/' == path_info[0] && '~' == path_info[1]) { char *s = strchr(path_info + 2, '/'); filename = NULL; /* discard the original filename, it must not be used */ if (s) { /* if there is no path name after the file, do not bother */ - /* to try open the directory */ + char user[32]; /* to try open the directory */ + struct passwd *pw; +#if defined(ZTS) && defined(HAVE_GETPWNAM_R) && defined(_SC_GETPW_R_SIZE_MAX) + long pwbuflen = sysconf(_SC_GETPW_R_SIZE_MAX); + char *pwbuf; + + if (pwbuflen < 1) { + return FAILURE; + } + + pwbuf = emalloc(pwbuflen); +#endif length = s - (path_info + 2); - if (length > (int)sizeof(user) - 1) + if (length > (int)sizeof(user) - 1) { length = sizeof(user) - 1; + } memcpy(user, path_info + 2, length); user[length] = '\0'; - +#if defined(ZTS) && defined(HAVE_GETPWNAM_R) && defined(_SC_GETPW_R_SIZE_MAX) + if (getpwnam_r(user, &pwstruc, pwbuf, pwbuflen, &pw)) { + efree(pwbuf); + return FAILURE; + } +#else pw = getpwnam(user); +#endif if (pw && pw->pw_dir) { filename = emalloc(strlen(PG(user_dir)) + strlen(path_info) + strlen(pw->pw_dir) + 4); if (filename) { -- 2.40.0