Protect against null bytes in LOB filenames (rasmus)

1 files changed, 14 insertions, 4 deletions

diff --git a/ext/oci8/oci8_interface.c b/ext/oci8/oci8_interface.c
index b9e79f9fe9..3143d492ba 100644
--- a/ext/oci8/oci8_interface.c
+++ b/ext/oci8/oci8_interface.c
@@ -242,7 +242,12 @@ PHP_FUNCTION(oci_lob_import)
 			return;
 		}	
 	}
-	
+
+	if (strlen(filename) != filename_len) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Filename cannot contain null bytes");
+		RETURN_FALSE;  
+	}
+
 	if (zend_hash_find(Z_OBJPROP_P(z_descriptor), "descriptor", sizeof("descriptor"), (void **)&tmp) == FAILURE) {
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to find descriptor property");
 		RETURN_FALSE;
@@ -894,7 +899,12 @@ PHP_FUNCTION(oci_lob_export)
 			RETURN_FALSE;
 		}
 	}
-	
+
+	if (strlen(filename) != filename_len) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Filename cannot contain null bytes");
+		RETURN_FALSE;  
+	}
+
 	if (zend_hash_find(Z_OBJPROP_P(z_descriptor), "descriptor", sizeof("descriptor"), (void **)&tmp) == FAILURE) {
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to find descriptor property");
 		RETURN_FALSE;
@@ -1662,8 +1672,8 @@ PHP_FUNCTION(oci_num_fields)
 }
 /* }}} */
 
-/* {{{ proto resource oci_parse(resource connection, string query)
-   Parse a query and return a statement */
+/* {{{ proto resource oci_parse(resource connection, string statement)
+   Parse a SQL or PL/SQL statement and return a statement resource */
 PHP_FUNCTION(oci_parse)
 {
 	zval *z_connection;