archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-15 21:48:51 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fix #63208: BSTR to PHP string conversion not binary safe

Browse source 
A `BSTR` is similar to a `zend_string`; it stores the length of the
string just before the actual string, and thus the string may contain
NUL bytes.  However, `php_com_olestring_to_string()` is supposed to
deal with arbitrary `OLECHAR*`s which may not be `BSTR`s, so we
introduce `php_com_bstr_to_string()` and use it for the only case where
we actually have to deal with `BSTR`s which may contain NUL bytes.

Contrary to `php_com_olestring_to_string()` we return a `zend_string`,
so we can save the re-allocation when converting to a `zval`.

We also cater to `php_com_string_to_olestring()` not being binary safe,
with basically the same fix we did for `php_com_olestring_to_string()`.
This commit is contained in:
Christoph M. Becker 2020-06-29 17:38:14 +02:00
parent 816b4c1235
commit a385cfa7ad
5 changed files with 80 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

17
ext/com_dotnet/com_variant.c
View file

@ -96,7 +96,6 @@ bogus:
PHP_COM_DOTNET_API void php_com_variant_from_zval(VARIANT *v, zval *z, int codepage)
{
OLECHAR *olestring;
php_com_dotnet_object *obj;
zend_uchar ztype = IS_NULL;
@ -164,13 +163,7 @@ PHP_COM_DOTNET_API void php_com_variant_from_zval(VARIANT *v, zval *z, int codep
case IS_STRING:
V_VT(v) = VT_BSTR;
olestring = php_com_string_to_olestring(Z_STRVAL_P(z), Z_STRLEN_P(z), codepage);
if (CP_UTF8 == codepage) {
V_BSTR(v) = SysAllocStringByteLen((char*)olestring, (UINT)(wcslen(olestring) * sizeof(OLECHAR)));
} else {
V_BSTR(v) = SysAllocStringByteLen((char*)olestring, (UINT)(Z_STRLEN_P(z) * sizeof(OLECHAR)));
}
efree(olestring);
V_BSTR(v) = php_com_string_to_bstr(Z_STR_P(z), codepage);
break;
case IS_RESOURCE:
@ -236,12 +229,8 @@ PHP_COM_DOTNET_API int php_com_zval_from_variant(zval *z, VARIANT *v, int codepa
case VT_BSTR:
olestring = V_BSTR(v);
if (olestring) {
size_t len;
char *str = php_com_olestring_to_string(olestring,
&len, codepage);
ZVAL_STRINGL(z, str, len);
// TODO: avoid reallocation???
efree(str);
zend_string *str = php_com_bstr_to_string(olestring, codepage);
ZVAL_STR(z, str);
olestring = NULL;
}
break;