archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-15 21:48:51 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fix GH-16390: dba_open() can segfault for "pathless" streams

Browse source 
`dba_open()` accepts arbitrary stream wrapper paths, but unless no
locking (`-`) is specified, we try to determine the underlying file
path.  If that fails, we need to error out.

Closes GH-16498.
This commit is contained in:
Christoph M. Becker 2024-10-18 21:00:29 +02:00
parent 9ca68e037c
commit d3b0efe9d7
No known key found for this signature in database
GPG key ID: D66C9593118BCCB6
3 changed files with 26 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

3
NEWS
View file

@ -23,6 +23,9 @@ PHP NEWS
(cmb) (cmb)
. Fixed bug GH-16037 (Assertion failure in ext/date/php_date.c). (Derick) . Fixed bug GH-16037 (Assertion failure in ext/date/php_date.c). (Derick)
- DBA:
. Fixed bug GH-16390 (dba_open() can segfault for "pathless" streams). (cmb)
- DOM: - DOM:
. Fixed bug GH-16316 (DOMXPath breaks when not initialized properly). . Fixed bug GH-16316 (DOMXPath breaks when not initialized properly).
(nielsdos) (nielsdos)

11
ext/dba/dba.c
View file

@ -772,11 +772,18 @@ restart:
info->lock.fp = php_stream_open_wrapper(lock_name, lock_file_mode, STREAM_MUST_SEEK|REPORT_ERRORS|IGNORE_PATH|persistent_flag, &opened_path); info->lock.fp = php_stream_open_wrapper(lock_name, lock_file_mode, STREAM_MUST_SEEK|REPORT_ERRORS|IGNORE_PATH|persistent_flag, &opened_path);
if (info->lock.fp) { if (info->lock.fp) {
if (is_db_lock) { if (is_db_lock) {
if (opened_path) {
/* replace the path info with the real path of the opened file */ /* replace the path info with the real path of the opened file */
pefree(info->path, persistent); pefree(info->path, persistent);
info->path = pestrndup(ZSTR_VAL(opened_path), ZSTR_LEN(opened_path), persistent); info->path = pestrndup(ZSTR_VAL(opened_path), ZSTR_LEN(opened_path), persistent);
} else {
error = "Unable to determine path for locking";
} }
}
}
if (opened_path) {
zend_string_release_ex(opened_path, 0); zend_string_release_ex(opened_path, 0);
opened_path = NULL;
} }
} }
if (!is_db_lock) { if (!is_db_lock) {
@ -788,10 +795,10 @@ restart:
FREE_PERSISTENT_RESOURCE_KEY(); FREE_PERSISTENT_RESOURCE_KEY();
RETURN_FALSE; RETURN_FALSE;
} }
if (!php_stream_supports_lock(info->lock.fp)) { if (!error && !php_stream_supports_lock(info->lock.fp)) {
error = "Stream does not support locking"; error = "Stream does not support locking";
} }
if (php_stream_lock(info->lock.fp, lock_mode)) { if (!error && php_stream_lock(info->lock.fp, lock_mode)) {
error = "Unable to establish lock"; /* force failure exit */ error = "Unable to establish lock"; /* force failure exit */
} }
} }

11
ext/dba/tests/gh16390.phpt Normal file
View file

@ -0,0 +1,11 @@
--TEST--
GH-16390 (dba_open() can segfault for "pathless" streams)
--EXTENSIONS--
dba
--FILE--
<?php
$file = 'data:text/plain;z=y;uri=eviluri;mediatype=wut?;mediatype2=hello,somedata';
$db = dba_open($file, 'c', 'inifile');
?>
--EXPECTF--
Warning: dba_open(): Driver initialization failed for handler: inifile: Unable to determine path for locking in %s on line %d