archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-15 13:38:49 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
php-src/main/php_open_temporary_file.c
Anatol Belski 49d9b3013f Move cwd_state and path related routines to size_t 
Having `int` there is no real profit in the size or speed, while unsigned
improves security and overall integration. ZPP supplied strings can
be then accepted directly and structs can be still handled with smaller
unsigned types for size reasons, which is safe. Yet some related places
are to go.

basic move tsrm_realpath_r to size_t

fix conditions and sync with affected places

touch ocurrences of php_sys_readlink usage

follow up on phar path handling

remove duplicated check

move zend_resolve_path and related pieces to size_t

touch yet resolve path related places

remove cast

missing pieces

missing piece

yet cleanups for php_sys_readlink for ssize_t

fix wrong return
2017-07-27 20:11:21 +02:00

355 lines
9.6 KiB
C
Raw Blame History

/*
+----------------------------------------------------------------------+
| PHP Version 7 |
+----------------------------------------------------------------------+
| Copyright (c) 1997-2017 The PHP Group |
+----------------------------------------------------------------------+
| This source file is subject to version 3.01 of the PHP license, |
| that is bundled with this package in the file LICENSE, and is |
| available through the world-wide-web at the following url: |
| http://www.php.net/license/3_01.txt |
| If you did not receive a copy of the PHP license and are unable to |
| obtain it through the world-wide-web, please send a note to |
| license@php.net so we can mail you a copy immediately. |
+----------------------------------------------------------------------+
| Author: Zeev Suraski <zeev@zend.com> |
+----------------------------------------------------------------------+
*/
/* $Id$ */
#include "php.h"
#include "php_open_temporary_file.h"
#include <errno.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#ifdef PHP_WIN32
#define O_RDONLY _O_RDONLY
#include "win32/param.h"
#include "win32/winutil.h"
#else
#include <sys/param.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#if HAVE_ARPA_INET_H
#include <arpa/inet.h>
#endif
#endif
#ifdef HAVE_SYS_TIME_H
#include <sys/time.h>
#endif
#ifdef HAVE_SYS_FILE_H
#include <sys/file.h>
#endif
#if !defined(P_tmpdir)
#define P_tmpdir ""
#endif
/* {{{ php_do_open_temporary_file */
/* Loosely based on a tempnam() implementation by UCLA */
/*
* Copyright (c) 1988, 1993
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
static int php_do_open_temporary_file(const char *path, const char *pfx, zend_string **opened_path_p)
{
char *trailing_slash;
#ifdef PHP_WIN32
char *opened_path = NULL;
size_t opened_path_len;
wchar_t *cwdw, *pfxw, pathw[MAXPATHLEN];
#else
char opened_path[MAXPATHLEN];
#endif
char cwd[MAXPATHLEN];
cwd_state new_state;
int fd = -1;
#ifndef HAVE_MKSTEMP
int open_flags = O_CREAT | O_TRUNC | O_RDWR
#ifdef PHP_WIN32
| _O_BINARY
#endif
;
#endif
if (!path || !path[0]) {
return -1;
}
#ifdef PHP_WIN32
if (!php_win32_check_trailing_space(pfx, strlen(pfx))) {
SetLastError(ERROR_INVALID_NAME);
return -1;
}
#endif
if (!VCWD_GETCWD(cwd, MAXPATHLEN)) {
cwd[0] = '\0';
}
new_state.cwd = estrdup(cwd);
new_state.cwd_length = strlen(cwd);
if (virtual_file_ex(&new_state, path, NULL, CWD_REALPATH)) {
efree(new_state.cwd);
return -1;
}
if (IS_SLASH(new_state.cwd[new_state.cwd_length - 1])) {
trailing_slash = "";
} else {
trailing_slash = "/";
}
#ifndef PHP_WIN32
if (snprintf(opened_path, MAXPATHLEN, "%s%s%sXXXXXX", new_state.cwd, trailing_slash, pfx) >= MAXPATHLEN) {
efree(new_state.cwd);
return -1;
}
#endif
#ifdef PHP_WIN32
cwdw = php_win32_ioutil_any_to_w(new_state.cwd);
pfxw = php_win32_ioutil_any_to_w(pfx);
if (!cwdw || !pfxw) {
free(cwdw);
free(pfxw);
efree(new_state.cwd);
return -1;
}
if (GetTempFileNameW(cwdw, pfxw, 0, pathw)) {
opened_path = php_win32_ioutil_conv_w_to_any(pathw, PHP_WIN32_CP_IGNORE_LEN, &opened_path_len);
if (!opened_path || opened_path_len >= MAXPATHLEN) {
free(cwdw);
free(pfxw);
efree(new_state.cwd);
return -1;
}
assert(strlen(opened_path) == opened_path_len);
/* Some versions of windows set the temp file to be read-only,
* which means that opening it will fail... */
if (VCWD_CHMOD(opened_path, 0600)) {
free(cwdw);
free(pfxw);
efree(new_state.cwd);
free(opened_path);
return -1;
}
fd = VCWD_OPEN_MODE(opened_path, open_flags, 0600);
}
free(cwdw);
free(pfxw);
#elif defined(HAVE_MKSTEMP)
fd = mkstemp(opened_path);
#else
if (mktemp(opened_path)) {
fd = VCWD_OPEN(opened_path, open_flags);
}
#endif
#ifdef PHP_WIN32
if (fd != -1 && opened_path_p) {
*opened_path_p = zend_string_init(opened_path, opened_path_len, 0);
}
free(opened_path);
#else
if (fd != -1 && opened_path_p) {
*opened_path_p = zend_string_init(opened_path, strlen(opened_path), 0);
}
#endif
efree(new_state.cwd);
return fd;
}
/* }}} */
/*
* Determine where to place temporary files.
*/
PHPAPI const char* php_get_temporary_directory(void)
{
/* Did we determine the temporary directory already? */
if (PG(php_sys_temp_dir)) {
return PG(php_sys_temp_dir);
}
/* Is there a temporary directory "sys_temp_dir" in .ini defined? */
{
char *sys_temp_dir = PG(sys_temp_dir);
if (sys_temp_dir) {
size_t len = strlen(sys_temp_dir);
if (len >= 2 && sys_temp_dir[len - 1] == DEFAULT_SLASH) {
PG(php_sys_temp_dir) = estrndup(sys_temp_dir, len - 1);
return PG(php_sys_temp_dir);
} else if (len >= 1 && sys_temp_dir[len - 1] != DEFAULT_SLASH) {
PG(php_sys_temp_dir) = estrndup(sys_temp_dir, len);
return PG(php_sys_temp_dir);
}
}
}
#ifdef PHP_WIN32
/* We can't count on the environment variables TEMP or TMP,
* and so must make the Win32 API call to get the default
* directory for temporary files. Note this call checks
* the environment values TMP and TEMP (in order) first.
*/
{
wchar_t sTemp[MAXPATHLEN];
char *tmp;
size_t len = GetTempPathW(MAXPATHLEN, sTemp);
if (!len) {
return NULL;
}
if (NULL == (tmp = php_win32_ioutil_conv_w_to_any(sTemp, len, &len))) {
return NULL;
}
PG(php_sys_temp_dir) = estrndup(tmp, len - 1);
free(tmp);
return PG(php_sys_temp_dir);
}
#else
/* On Unix use the (usual) TMPDIR environment variable. */
{
char* s = getenv("TMPDIR");
if (s && *s) {
size_t len = strlen(s);
if (s[len - 1] == DEFAULT_SLASH) {
PG(php_sys_temp_dir) = estrndup(s, len - 1);
} else {
PG(php_sys_temp_dir) = estrndup(s, len);
}
return PG(php_sys_temp_dir);
}
}
#ifdef P_tmpdir
/* Use the standard default temporary directory. */
if (P_tmpdir) {
PG(php_sys_temp_dir) = estrdup(P_tmpdir);
return PG(php_sys_temp_dir);
}
#endif
/* Shouldn't ever(!) end up here ... last ditch default. */
PG(php_sys_temp_dir) = estrdup("/tmp");
return PG(php_sys_temp_dir);
#endif
}
/* {{{ php_open_temporary_file
*
* Unlike tempnam(), the supplied dir argument takes precedence
* over the TMPDIR environment variable
* This function should do its best to return a file pointer to a newly created
* unique file, on every platform.
*/
PHPAPI int php_open_temporary_fd_ex(const char *dir, const char *pfx, zend_string **opened_path_p, uint32_t flags)
{
int fd;
const char *temp_dir;
if (!pfx) {
pfx = "tmp.";
}
if (opened_path_p) {
*opened_path_p = NULL;
}
if (!dir || *dir == '\0') {
def_tmp:
temp_dir = php_get_temporary_directory();
if (temp_dir && *temp_dir != '\0' && (!(flags & PHP_TMP_FILE_OPEN_BASEDIR_CHECK) || !php_check_open_basedir(temp_dir))) {
return php_do_open_temporary_file(temp_dir, pfx, opened_path_p);
} else {
return -1;
}
}
/* Try the directory given as parameter. */
fd = php_do_open_temporary_file(dir, pfx, opened_path_p);
if (fd == -1) {
/* Use default temporary directory. */
if (!(flags & PHP_TMP_FILE_SILENT)) {
php_error_docref(NULL, E_NOTICE, "file created in the system's temporary directory");
}
goto def_tmp;
}
return fd;
}
PHPAPI int php_open_temporary_fd(const char *dir, const char *pfx, zend_string **opened_path_p)
{
return php_open_temporary_fd_ex(dir, pfx, opened_path_p, 0);
}
PHPAPI FILE *php_open_temporary_file(const char *dir, const char *pfx, zend_string **opened_path_p)
{
FILE *fp;
int fd = php_open_temporary_fd(dir, pfx, opened_path_p);
if (fd == -1) {
return NULL;
}
fp = fdopen(fd, "r+b");
if (fp == NULL) {
close(fd);
}
return fp;
}
/* }}} */
/*
* Local variables:
* tab-width: 4
* c-basic-offset: 4
* End:
* vim600: sw=4 ts=4 fdm=marker
* vim<600: sw=4 ts=4
*/
Reference in a new issue View git blame Copy permalink