diff options
| author | Dmitry Stogov <dmitry@php.net> | 2010-05-12 11:10:06 +0000 |
|---|---|---|
| committer | Dmitry Stogov <dmitry@php.net> | 2010-05-12 11:10:06 +0000 |
| commit | 4ae16d351c5e8078aac616a3d7e9b8c57f189d8c (patch) | |
| tree | b6f016ccd9a78ead002cb51d183a3844dd19a856 /Zend/zend_operators.c | |
| parent | 5fc060e6719a9508c081bbe5b955dee65d2e799e (diff) | |
| download | php-git-4ae16d351c5e8078aac616a3d7e9b8c57f189d8c.tar.gz | |
Fixed a possible information leak because of interruption of XOR operator
Diffstat (limited to 'Zend/zend_operators.c')
| -rw-r--r-- | Zend/zend_operators.c | 28 |
1 files changed, 21 insertions, 7 deletions
diff --git a/Zend/zend_operators.c b/Zend/zend_operators.c index abc7489dbf..4d69c622f3 100644 --- a/Zend/zend_operators.c +++ b/Zend/zend_operators.c @@ -965,8 +965,10 @@ ZEND_API int div_function(zval *result, zval *op1, zval *op2 TSRMLS_DC) /* {{{ * ZEND_API int mod_function(zval *result, zval *op1, zval *op2 TSRMLS_DC) /* {{{ */ { zval op1_copy, op2_copy; + long op1_lval; zendi_convert_to_long(op1, op1_copy, result); + op1_lval = Z_LVAL_P(op1); zendi_convert_to_long(op2, op2_copy, result); if (Z_LVAL_P(op2) == 0) { @@ -981,7 +983,7 @@ ZEND_API int mod_function(zval *result, zval *op1, zval *op2 TSRMLS_DC) /* {{{ * return SUCCESS; } - ZVAL_LONG(result, Z_LVAL_P(op1) % Z_LVAL_P(op2)); + ZVAL_LONG(result, op1_lval % Z_LVAL_P(op2)); return SUCCESS; } /* }}} */ @@ -989,10 +991,12 @@ ZEND_API int mod_function(zval *result, zval *op1, zval *op2 TSRMLS_DC) /* {{{ * ZEND_API int boolean_xor_function(zval *result, zval *op1, zval *op2 TSRMLS_DC) /* {{{ */ { zval op1_copy, op2_copy; + long op1_lval; zendi_convert_to_boolean(op1, op1_copy, result); + op1_lval = Z_LVAL_P(op1); zendi_convert_to_boolean(op2, op2_copy, result); - ZVAL_BOOL(result, Z_LVAL_P(op1) ^ Z_LVAL_P(op2)); + ZVAL_BOOL(result, op1_lval ^ Z_LVAL_P(op2)); return SUCCESS; } /* }}} */ @@ -1038,6 +1042,7 @@ ZEND_API int bitwise_not_function(zval *result, zval *op1 TSRMLS_DC) /* {{{ */ ZEND_API int bitwise_or_function(zval *result, zval *op1, zval *op2 TSRMLS_DC) /* {{{ */ { zval op1_copy, op2_copy; + long op1_lval; if (Z_TYPE_P(op1) == IS_STRING && Z_TYPE_P(op2) == IS_STRING) { zval *longer, *shorter; @@ -1066,9 +1071,10 @@ ZEND_API int bitwise_or_function(zval *result, zval *op1, zval *op2 TSRMLS_DC) / return SUCCESS; } zendi_convert_to_long(op1, op1_copy, result); + op1_lval = Z_LVAL_P(op1); zendi_convert_to_long(op2, op2_copy, result); - ZVAL_LONG(result, Z_LVAL_P(op1) | Z_LVAL_P(op2)); + ZVAL_LONG(result, op1_lval | Z_LVAL_P(op2)); return SUCCESS; } /* }}} */ @@ -1076,6 +1082,7 @@ ZEND_API int bitwise_or_function(zval *result, zval *op1, zval *op2 TSRMLS_DC) / ZEND_API int bitwise_and_function(zval *result, zval *op1, zval *op2 TSRMLS_DC) /* {{{ */ { zval op1_copy, op2_copy; + long op1_lval; if (Z_TYPE_P(op1) == IS_STRING && Z_TYPE_P(op2) == IS_STRING) { zval *longer, *shorter; @@ -1106,9 +1113,10 @@ ZEND_API int bitwise_and_function(zval *result, zval *op1, zval *op2 TSRMLS_DC) zendi_convert_to_long(op1, op1_copy, result); + op1_lval = Z_LVAL_P(op1); zendi_convert_to_long(op2, op2_copy, result); - ZVAL_LONG(result, Z_LVAL_P(op1) & Z_LVAL_P(op2)); + ZVAL_LONG(result, op1_lval & Z_LVAL_P(op2)); return SUCCESS; } /* }}} */ @@ -1116,6 +1124,7 @@ ZEND_API int bitwise_and_function(zval *result, zval *op1, zval *op2 TSRMLS_DC) ZEND_API int bitwise_xor_function(zval *result, zval *op1, zval *op2 TSRMLS_DC) /* {{{ */ { zval op1_copy, op2_copy; + long op1_lval; if (Z_TYPE_P(op1) == IS_STRING && Z_TYPE_P(op2) == IS_STRING) { zval *longer, *shorter; @@ -1145,9 +1154,10 @@ ZEND_API int bitwise_xor_function(zval *result, zval *op1, zval *op2 TSRMLS_DC) } zendi_convert_to_long(op1, op1_copy, result); + op1_lval = Z_LVAL_P(op1); zendi_convert_to_long(op2, op2_copy, result); - ZVAL_LONG(result, Z_LVAL_P(op1) ^ Z_LVAL_P(op2)); + ZVAL_LONG(result, op1_lval ^ Z_LVAL_P(op2)); return SUCCESS; } /* }}} */ @@ -1155,10 +1165,12 @@ ZEND_API int bitwise_xor_function(zval *result, zval *op1, zval *op2 TSRMLS_DC) ZEND_API int shift_left_function(zval *result, zval *op1, zval *op2 TSRMLS_DC) /* {{{ */ { zval op1_copy, op2_copy; + long op1_lval; zendi_convert_to_long(op1, op1_copy, result); + op1_lval = Z_LVAL_P(op1); zendi_convert_to_long(op2, op2_copy, result); - ZVAL_LONG(result, Z_LVAL_P(op1) << Z_LVAL_P(op2)); + ZVAL_LONG(result, op1_lval << Z_LVAL_P(op2)); return SUCCESS; } /* }}} */ @@ -1166,10 +1178,12 @@ ZEND_API int shift_left_function(zval *result, zval *op1, zval *op2 TSRMLS_DC) / ZEND_API int shift_right_function(zval *result, zval *op1, zval *op2 TSRMLS_DC) /* {{{ */ { zval op1_copy, op2_copy; + long op1_lval; zendi_convert_to_long(op1, op1_copy, result); + op1_lval = Z_LVAL_P(op1); zendi_convert_to_long(op2, op2_copy, result); - ZVAL_LONG(result, Z_LVAL_P(op1) >> Z_LVAL_P(op2)); + ZVAL_LONG(result, op1_lval >> Z_LVAL_P(op2)); return SUCCESS; } /* }}} */ |