As is, whenever `proc_open()` needs to invoke the shell, cmd.exe is
looked up in the usual executable search path. That implies that any
cmd.exe which is placed in the current working directory (which is not
necessarily what is reported by `getcwd()` for ZTS builds), will be
used. This is a known attack vector, and Microsoft recommends to
always use the fully qualified path to cmd.exe.
To prevent any cmd.exe in the current working directory to be used, but
to still allow users to use a drop in replacement for cmd.exe, we
search only the `PATH` for cmd.exe (and pass the fully qualified path
to `CreateProcessW`), instead of relying on automatic executable search
by passing the base name only.
To be able to easily test this, we provide a minimalist C file which
will be build as test_helper, and used by the new test case.
[1] <https://msrc.microsoft.com/blog/2014/04/ms14-019-fixing-a-binary-hijacking-via-cmd-or-bat-file/>
Closes GH-17043.
While similar errors are already reported via `strerror()` on other
platforms, this has apparently overlooked for Windows, where only the
error code has been reported so far.
We adapt the affected test cases, but since there is no PHP userland
function which allows us to get the current system locale, we work
around.
Closes GH-15687.
While clang is picky about these, MSVC doesn't seem to care and would
only report the calls to undeclared functions as errors during link
time. Still, obviously, MSVC is fine with having the declarations
during compile time.
The old code checked for suffixes but didn't take into account trailing
whitespace. Furthermore, there is peculiar behaviour with trailing dots
too. This all happens because of the special path-handling code inside
CreateProcessW.
By studying Wine's code, we can see that CreateProcessInternalW calls
get_file_name [1] in our case because we haven't provided an application
name. That code gets the first whitespace-delimited string into app_name
excluding the quotes. It's then passed to create_process_params [2]
where there is the path handling code that transforms the command line
argument to an image path [3]. Inside Wine, the extension check if
performed after these transformations [4]. By doing the same thing in
PHP we match the behaviour and can properly match the extension even in
the given edge cases.
[1] 166895ae3a/dlls/kernelbase/process.c (L542-L543)
[2] 166895ae3a/dlls/kernelbase/process.c (L565)
[3] 166895ae3a/dlls/kernelbase/process.c (L150-L151)
[4] 166895ae3a/dlls/kernelbase/process.c (L647-L654)
While __php_mempcpy is only used by ext/standard/crypt_sha*, the
mempcpy "pattern" is used everywhere.
This commit removes __php_mempcpy, adds zend_mempcpy and transforms
open-coded parts into function calls.
As the size of the PHP process increases, forking gets slower and memory
consumption increases, degrading the performance in varying degrees.
This patch makes proc_open use posix_spawn only on systems which is known to be
safe, faster than the HAVE_FORK path and have posix_spawn_file_actions_addchdir_np(3)
action.
Non scientific benchmark shows running php own's test suite on linux completes
dozens of seconds faster, the impact is probably higher on systems where
posix_spawn is a syscall.
Closes GH-7933
* ext/oci8: use zend_string_equals()
Eliminate duplicate code.
* main/php_variables: use zend_string_equals_literal()
Eliminate duplicate code.
* Zend/zend_string: add zend_string_equals_cstr()
Allows eliminating duplicate code.
* Zend, ext/{opcache,standard}, main/output: use zend_string_equals_cstr()
Eliminate duplicate code.
* Zend/zend_string: add zend_string_starts_with()
* ext/{opcache,phar,spl,standard}: use zend_string_starts_with()
This adds missing length checks to several callers, e.g. in
cache_script_in_shared_memory(). This is important when the
zend_string is shorter than the string parameter, when memcmp()
happens to check backwards; this can result in an out-of-bounds memory
access.
* Convert int return types to zend_result in proc_open.c
* Use bool instead of int type
* Use HashTable directly instead of zval
* Convert command field of process handle to zend_string
* proc_open() micro-optimization for Windows
Prevents some calls to strlen() on Windows
1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as 3.0 states "php 5.1.1, 4.1.1, and earlier".
3. In some license comments is "at through the world-wide-web" while most is without "at", so deleted.
4. fixed indentation in some files before |
We're starting to see a mix between uses of zend_bool and bool.
Replace all usages with the standard bool type everywhere.
Of course, zend_bool is retained as an alias.
