MFH: fix invalid read with bzopen("","") and prevent filename from being empty (which causes endless loop somewhere is libbz2)

author: Antony Dovgal <tony2001@php.net> 2006-06-21 12:43:27 +0000
committer: Antony Dovgal <tony2001@php.net> 2006-06-21 12:43:27 +0000
commit: e7439fa200af3949b4e4fd55b24ce91e2aeb2968 (patch)
tree: 3d0aeb672a59f41149d5c448022deb61d4fe3898
parent: f496f5014a909c02f6e3355df226a8e3ffb36695 (diff)
download: php-git-e7439fa200af3949b4e4fd55b24ce91e2aeb2968.tar.gz
1 files changed, 7 insertions, 1 deletions
diff --git a/ext/bz2/bz2.c b/ext/bz2/bz2.c
index 1ba7083b8a..833d6ba7ae 100644
--- a/ext/bz2/bz2.c
+++ b/ext/bz2/bz2.c
@@ -359,7 +359,7 @@ PHP_FUNCTION(bzopen)
 	}
 	convert_to_string_ex(mode);
 
-	if (Z_STRVAL_PP(mode)[0] != 'r' && Z_STRVAL_PP(mode)[0] != 'w' && Z_STRVAL_PP(mode)[1] != '\0') {
+	if (Z_STRLEN_PP(mode) != 1 || (Z_STRVAL_PP(mode)[0] != 'r' && Z_STRVAL_PP(mode)[0] != 'w')) {
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "'%s' is not a valid mode for bzopen(). Only 'w' and 'r' are supported.", Z_STRVAL_PP(mode));
 		RETURN_FALSE;
 	}
@@ -367,6 +367,12 @@ PHP_FUNCTION(bzopen)
 	/* If it's not a resource its a string containing the filename to open */
 	if (Z_TYPE_PP(file) != IS_RESOURCE) {
 		convert_to_string_ex(file);
+
+		if (Z_STRLEN_PP(file) == 0) {
+			php_error_docref(NULL TSRMLS_CC, E_WARNING, "filename cannot be empty");
+			RETURN_FALSE;
+		}
+
 		stream = php_stream_bz2open(NULL,
 									Z_STRVAL_PP(file), 
 									Z_STRVAL_PP(mode),
author	Antony Dovgal <tony2001@php.net>	2006-06-21 12:43:27 +0000
committer	Antony Dovgal <tony2001@php.net>	2006-06-21 12:43:27 +0000
commit	e7439fa200af3949b4e4fd55b24ce91e2aeb2968 (patch)
tree	3d0aeb672a59f41149d5c448022deb61d4fe3898
parent	f496f5014a909c02f6e3355df226a8e3ffb36695 (diff)
download	php-git-e7439fa200af3949b4e4fd55b24ce91e2aeb2968.tar.gz