php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login | |
Patch php5.3.28-type-check-fix for *General Issues Bug #67720Patch version 2014-07-30 17:22 UTC Return to Bug #67720 | Download this patchThis patch is obsolete Obsoleted by patches: Patch Revisions:Developer: neweracracker@gmail.comFrom: Stanislav Malyshev <stas@php.net> Date: Sun, 27 Jul 2014 09:40:27 +0000 (-0700) Subject: Fix missing type checks in various functions --- diff --git a/ext/com_dotnet/com_com.c b/ext/com_dotnet/com_com.c index f77779d..500cabd 100644 --- a/ext/com_dotnet/com_com.c +++ b/ext/com_dotnet/com_com.c @@ -698,9 +698,9 @@ PHP_FUNCTION(com_event_sink) /* 0 => typelibname, 1 => dispname */ zval **tmp; - if (zend_hash_index_find(Z_ARRVAL_P(sink), 0, (void**)&tmp) == SUCCESS) + if (zend_hash_index_find(Z_ARRVAL_P(sink), 0, (void**)&tmp) == SUCCESS && Z_TYPE_PP(tmp) == IS_STRING) typelibname = Z_STRVAL_PP(tmp); - if (zend_hash_index_find(Z_ARRVAL_P(sink), 1, (void**)&tmp) == SUCCESS) + if (zend_hash_index_find(Z_ARRVAL_P(sink), 1, (void**)&tmp) == SUCCESS && Z_TYPE_PP(tmp) == IS_STRING) dispname = Z_STRVAL_PP(tmp); } else if (sink != NULL) { convert_to_string(sink); diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index 0ec2a9a..05d946a 100755 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -649,7 +649,7 @@ static time_t asn1_time_to_time_t(ASN1_UTCTIME * timestr TSRMLS_DC) /* {{{ */ return (time_t)-1; } - if (ASN1_STRING_length(timestr) != strlen(ASN1_STRING_data(timestr))) { + if (ASN1_STRING_length(timestr) != strlen((char *)ASN1_STRING_data(timestr))) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "illegal length in timestamp"); return (time_t)-1; } @@ -777,13 +777,13 @@ static int add_oid_section(struct php_x509_request * req TSRMLS_DC) /* {{{ */ req->config_filename, req->var, req->req_config TSRMLS_CC) == FAILURE) return FAILURE #define SET_OPTIONAL_STRING_ARG(key, varname, defval) \ - if (optional_args && zend_hash_find(Z_ARRVAL_P(optional_args), key, sizeof(key), (void**)&item) == SUCCESS) \ + if (optional_args && zend_hash_find(Z_ARRVAL_P(optional_args), key, sizeof(key), (void**)&item) == SUCCESS && Z_TYPE_PP(item) == IS_STRING) \ varname = Z_STRVAL_PP(item); \ else \ varname = defval #define SET_OPTIONAL_LONG_ARG(key, varname, defval) \ - if (optional_args && zend_hash_find(Z_ARRVAL_P(optional_args), key, sizeof(key), (void**)&item) == SUCCESS) \ + if (optional_args && zend_hash_find(Z_ARRVAL_P(optional_args), key, sizeof(key), (void**)&item) == SUCCESS && Z_TYPE_PP(item) == IS_LONG) \ varname = Z_LVAL_PP(item); \ else \ varname = defval @@ -1901,7 +1901,7 @@ PHP_FUNCTION(openssl_pkcs12_export_to_file) } /* parse extra config from args array, promote this to an extra function */ - if (args && zend_hash_find(Z_ARRVAL_P(args), "friendly_name", sizeof("friendly_name"), (void**)&item) == SUCCESS) + if (args && zend_hash_find(Z_ARRVAL_P(args), "friendly_name", sizeof("friendly_name"), (void**)&item) == SUCCESS && Z_TYPE_PP(item) == IS_STRING) friendly_name = Z_STRVAL_PP(item); /* certpbe (default RC2-40) keypbe (default 3DES) @@ -1979,7 +1979,7 @@ PHP_FUNCTION(openssl_pkcs12_export) } /* parse extra config from args array, promote this to an extra function */ - if (args && zend_hash_find(Z_ARRVAL_P(args), "friendly_name", sizeof("friendly_name"), (void**)&item) == SUCCESS) + if (args && zend_hash_find(Z_ARRVAL_P(args), "friendly_name", sizeof("friendly_name"), (void**)&item) == SUCCESS && Z_TYPE_PP(item) == IS_STRING) friendly_name = Z_STRVAL_PP(item); if (args && zend_hash_find(Z_ARRVAL_P(args), "extracerts", sizeof("extracerts"), (void**)&item) == SUCCESS) diff --git a/ext/openssl/tests/026.phpt b/ext/openssl/tests/026.phpt new file mode 100644 index 0000000..38d626d --- /dev/null +++ b/ext/openssl/tests/026.phpt @@ -0,0 +1,12 @@ +--TEST-- +Options type checks +--SKIPIF-- +<?php if (!extension_loaded("openssl")) print "skip"; ?> +--FILE-- +<?php +$x = openssl_pkey_new(); +$csr = openssl_csr_new(["countryName" => "DE"], $x, ["x509_extensions" => 0xDEADBEEF]); +?> +DONE +--EXPECT-- +DONE diff --git a/ext/session/session.c b/ext/session/session.c index 7d145c3..306aba3 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -362,7 +363,8 @@ PHPAPI char *php_session_create_id(PS_CREATE_SID_ARGS) /* {{{ */ if (zend_hash_find(&EG(symbol_table), "_SERVER", sizeof("_SERVER"), (void **) &array) == SUCCESS && Z_TYPE_PP(array) == IS_ARRAY && - zend_hash_find(Z_ARRVAL_PP(array), "REMOTE_ADDR", sizeof("REMOTE_ADDR"), (void **) &token) == SUCCESS + zend_hash_find(Z_ARRVAL_PP(array), "REMOTE_ADDR", sizeof("REMOTE_ADDR"), (void **) &token) == SUCCESS && + Z_TYPE_PP(token) == IS_STRING ) { remote_addr = Z_STRVAL_PP(token); } |
Copyright © 2001-2024 The PHP Group All rights reserved. |
Last updated: Sat Apr 27 13:01:30 2024 UTC |