diff options
| author | David Carlier <devnexen@gmail.com> | 2016-06-28 07:48:58 +0100 | 
|---|---|---|
| committer | Stanislav Malyshev <stas@php.net> | 2016-09-04 23:18:51 -0700 | 
| commit | 19350b6b7398edc9cc92e169aaf717585aa6ff11 (patch) | |
| tree | 688de85773eccc7c6e0cf2b39fa732d6449a66a0 /sapi/phpdbg/phpdbg_wait.c | |
| parent | a2fdf0f4135f5a29e613c1c6c53d378dc6ff7bed (diff) | |
| download | php-git-19350b6b7398edc9cc92e169aaf717585aa6ff11.tar.gz | |
phpdbg: couple of network function return checks. Possible
overflow when copy the socket_path configuration.
Diffstat (limited to 'sapi/phpdbg/phpdbg_wait.c')
| -rw-r--r-- | sapi/phpdbg/phpdbg_wait.c | 18 | 
1 files changed, 16 insertions, 2 deletions
| diff --git a/sapi/phpdbg/phpdbg_wait.c b/sapi/phpdbg/phpdbg_wait.c index c7dcd4fbd4..5ef29e895e 100644 --- a/sapi/phpdbg/phpdbg_wait.c +++ b/sapi/phpdbg/phpdbg_wait.c @@ -248,8 +248,10 @@ void phpdbg_webdata_decompress(char *msg, int len) {  		extension = (zend_extension *) zend_llist_get_first_ex(&zend_extensions, &pos);  		while (extension) {  			extension = (zend_extension *) zend_llist_get_next_ex(&zend_extensions, &pos); +			if (extension == NULL){ +				break; +			} -			/* php_serach_array() body should be in some ZEND_API function... */  			ZEND_HASH_FOREACH_STR_KEY_PTR(Z_ARRVAL_P(zvp), strkey, name) {  				if (Z_TYPE_P(name) == IS_STRING && !zend_binary_strcmp(extension->name, strlen(extension->name), Z_STRVAL_P(name), Z_STRLEN_P(name))) {  					break; @@ -344,9 +346,16 @@ PHPDBG_COMMAND(wait) /* {{{ */  	if (PHPDBG_G(socket_server_fd) == -1) {  		int len;  		PHPDBG_G(socket_server_fd) = sl = socket(AF_UNIX, SOCK_STREAM, 0); +		if (sl == -1) { +			phpdbg_error("wait", "type=\"nosocket\" import=\"fail\"", "Unable to open a socket to UNIX domain socket at %s defined by phpdbg.path ini setting", PHPDBG_G(socket_path)); +			return FAILURE; +		}  		local.sun_family = AF_UNIX; -		strcpy(local.sun_path, PHPDBG_G(socket_path)); +		if (strlcpy(local.sun_path, PHPDBG_G(socket_path), sizeof(local.sun_path)) > sizeof(local.sun_path)) { +			phpdbg_error("wait", "type=\"nosocket\" import=\"fail\"", "Socket at %s defined by phpdbg.path ini setting is too long", PHPDBG_G(socket_path)); +			return FAILURE; +		}  		len = strlen(local.sun_path) + sizeof(local.sun_family);  		if (bind(sl, (struct sockaddr *)&local, len) == -1) {  			phpdbg_error("wait", "type=\"nosocket\" import=\"fail\"", "Unable to connect to UNIX domain socket at %s defined by phpdbg.path ini setting", PHPDBG_G(socket_path)); @@ -362,6 +371,11 @@ PHPDBG_COMMAND(wait) /* {{{ */  	rlen = sizeof(remote);  	sr = accept(sl, (struct sockaddr *) &remote, (socklen_t *) &rlen); +	if (sr == -1) { +		phpdbg_error("wait", "type=\"nosocket\" import=\"fail\"", "Unable to create a connection to UNIX domain socket at %s defined by phpdbg.path ini setting", PHPDBG_G(socket_path)); +		close(PHPDBG_G(socket_server_fd)); +		return FAILURE; +	}  	char msglen[5];  	int recvd = 4; | 
