diff options
author | Joe Watkins <krakjoe@php.net> | 2018-11-13 12:59:50 +0100 |
---|---|---|
committer | Joe Watkins <krakjoe@php.net> | 2018-11-13 13:00:08 +0100 |
commit | 8a11c9ee7696bcf7d57014032333eb5eb5f42fab (patch) | |
tree | 15b9263d8a7faccf249e7fdcfa3275f4d8655714 | |
parent | f76be1a0d682fb11c706a789cce1dfb898041f30 (diff) | |
parent | ce4eb8997651e04fa9284ac3a7e1a2fb2da7df9e (diff) | |
download | php-git-8a11c9ee7696bcf7d57014032333eb5eb5f42fab.tar.gz |
Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
Validate length on socket_write
-rw-r--r-- | NEWS | 3 | ||||
-rw-r--r-- | ext/sockets/sockets.c | 15 | ||||
-rw-r--r-- | ext/sockets/tests/socket_send_params.phpt | 17 | ||||
-rw-r--r-- | ext/sockets/tests/socket_sendto_params.phpt | 17 | ||||
-rw-r--r-- | ext/sockets/tests/socket_write_params.phpt | 1 |
5 files changed, 53 insertions, 0 deletions
@@ -29,6 +29,9 @@ PHP NEWS (Cameron Porter) . Fixed bug #76348 (WSDL_CACHE_MEMORY causes Segmentation fault). (cmb) +- Sockets: + . Fixed bug #67619 (Validate length on socket_write). (thiagooak) + - Standard: . Fixed bug #77081 (ftruncate() changes seek pointer in c mode). (cmb, Anatol) diff --git a/ext/sockets/sockets.c b/ext/sockets/sockets.c index e8e689f83a..a962ba3219 100644 --- a/ext/sockets/sockets.c +++ b/ext/sockets/sockets.c @@ -1209,6 +1209,11 @@ PHP_FUNCTION(socket_write) return; } + if (length < 0) { + php_error_docref(NULL, E_WARNING, "Length cannot be negative"); + RETURN_FALSE; + } + if ((php_sock = (php_socket *)zend_fetch_resource(Z_RES_P(arg1), le_socket_name, le_socket)) == NULL) { RETURN_FALSE; } @@ -1751,6 +1756,11 @@ PHP_FUNCTION(socket_send) return; } + if (len < 0) { + php_error_docref(NULL, E_WARNING, "Length cannot be negative"); + RETURN_FALSE; + } + if ((php_sock = (php_socket *)zend_fetch_resource(Z_RES_P(arg1), le_socket_name, le_socket)) == NULL) { RETURN_FALSE; } @@ -1913,6 +1923,11 @@ PHP_FUNCTION(socket_sendto) return; } + if (len < 0) { + php_error_docref(NULL, E_WARNING, "Length cannot be negative"); + RETURN_FALSE; + } + if ((php_sock = (php_socket *)zend_fetch_resource(Z_RES_P(arg1), le_socket_name, le_socket)) == NULL) { RETURN_FALSE; } diff --git a/ext/sockets/tests/socket_send_params.phpt b/ext/sockets/tests/socket_send_params.phpt new file mode 100644 index 0000000000..44be133bf9 --- /dev/null +++ b/ext/sockets/tests/socket_send_params.phpt @@ -0,0 +1,17 @@ +--TEST-- +ext/sockets - socket_send - test with incorrect parameters +--SKIPIF-- +<?php + if (!extension_loaded('sockets')) { + die('skip sockets extension not available.'); + } +?> +--FILE-- +<?php + $rand = rand(1,999); + $s_c = socket_create_listen(31330+$rand); + $s_w = socket_send($s_c, "foo", -1, MSG_OOB); + socket_close($s_c); +?> +--EXPECTF-- +Warning: socket_send(): Length cannot be negative in %s on line %i diff --git a/ext/sockets/tests/socket_sendto_params.phpt b/ext/sockets/tests/socket_sendto_params.phpt new file mode 100644 index 0000000000..f232258ec0 --- /dev/null +++ b/ext/sockets/tests/socket_sendto_params.phpt @@ -0,0 +1,17 @@ +--TEST-- +ext/sockets - socket_sendto - test with incorrect parameters +--SKIPIF-- +<?php + if (!extension_loaded('sockets')) { + die('skip sockets extension not available.'); + } +?> +--FILE-- +<?php + $rand = rand(1,999); + $s_c = socket_create_listen(31330+$rand); + $s_w = socket_sendto($s_c, "foo", -1, MSG_OOB, '127.0.0.1'); + socket_close($s_c); +?> +--EXPECTF-- +Warning: socket_sendto(): Length cannot be negative in %s on line %i diff --git a/ext/sockets/tests/socket_write_params.phpt b/ext/sockets/tests/socket_write_params.phpt index 5a1a5a89ff..5c56c64915 100644 --- a/ext/sockets/tests/socket_write_params.phpt +++ b/ext/sockets/tests/socket_write_params.phpt @@ -17,6 +17,7 @@ fa@php.net $s_c = socket_create_listen(31330+$rand); $s_w = socket_write($s_c); $s_w = socket_write($s_c, "foo"); + $s_w = socket_write($s_c, "foo", -1); socket_close($s_c); ?> --EXPECTF-- |