|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2013-03-27 21:25 UTC] mjpelmear at gmail dot com
Description: ------------ Calls to php_ssh2_sftp_dirstream_read() result in a segfault (in php_basename()) when libssh2_sftp_readdir() returns an error state. The problem seems to be that libssh2_sftp_readdir() returns a signed integer, but php_ssh2_sftp_dirstream_read() assigns the result to a size_t (unsigned), which is then treated as a signed integer. The attached patch simply changes bytesread to be an int instead of size_t (making it match the libssh2 prototype). The remainder of the function plays nicely with this change. I would argue that some type of feedback should also be provided when this occurs. I ran across this issue with an older version of libssh2 and a specific sftp server (globalscape), when the remote directory has more than a small number of files in it, so I have not attached a test script since it would be difficult to recreate. However, the bug would affect any case where libssh2_sftp_readdir() returned an error condition. Actual result: -------------- Segfault Patchesssh2-0.12_php_ssh2_sftp_dirstream_read-fix_segfault.patch (last revision 2013-03-27 21:26 UTC by mjpelmear at gmail dot com)Pull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Sat Dec 21 16:01:28 2024 UTC |
I recreated this issue with libssh2-1.2.9 and a GlobalSCAPE Secure FTP Server (v3.3.1 Build 04.28.2008.1). To recreate, you must have a large number of files in the remote directory (We ran into it with 160 files in the directory, or with even less in older versions of libssh2. FileZilla 3.3.1 is not able to list the contents of the directory either, but at least does not segfault.): // change these as needed $host = '123.123.123.123'; $port = '22'; $username = 'username'; $password = 'password'; $dir = '/'; $res = ssh2_connect( $host, $port ); if( !$res ) throw new Exception( 'Could not connect to server.' ); ssh2_auth_password( $res, $username, $password ); echo ssh2_fingerprint($res).PHP_EOL; $sftp = ssh2_sftp($res); if( !$sftp ) throw new Exception( 'Could not open sftp stream in ssh session' ); $dir = ssh2_sftp_realpath( $sftp, $path ); if( !$dir ) throw new Exception( 'bad path (1)' ); $resource_path = 'ssh2.sftp://' . $sftp . $dir; $dp = opendir( $resource_path ); if( !$dp ) throw new Exception( 'bad path (2)' ); $retval = array(); while( FALSE !== ($file = readdir($dp)) ) { if( $file{0} == '.' || $file == '..' ) continue; $fp = $dir . (substr($dir,strlen($dir)-1,1) == '/' ? '' : '/') . $file; $file_path = ssh2_sftp_realpath( $sftp, $fp ); // SEGFAULT HERE WHEN TESTING WITH THE SPECIFIED CONDITIONS }