I hope it's the last iteration, but check me anyway.
The patch is based on latest Gregory's patch.
- optimized out strncpy() calls
- zend_resolve_path() replaced with php_resolve_path()
- improved php_resolve_path() to resolve "file://..."
- fixed possible double-free issue in _php_stream_open_wrapper_ex()
Thanks. Dmitry.
Greg Beaver wrote:
Andi Gutmans wrote:
Can we please use strlcpy() instead of strncpy()? This is a coding
standard we implemented years ago.
obviously an easy change. FYI - this also needs to be fixed in
fopen_with_path_rel in PHP_5_2, as I copied most of the code from that
function.
Greg
Index: main/fopen_wrappers.c
===================================================================
RCS file: /repository/php-src/main/fopen_wrappers.c,v
retrieving revision 1.175.2.3.2.13.2.9
diff -u -p -d -r1.175.2.3.2.13.2.9 fopen_wrappers.c
--- main/fopen_wrappers.c 24 Mar 2008 09:30:41 -0000
1.175.2.3.2.13.2.9
+++ main/fopen_wrappers.c 25 Mar 2008 09:07:24 -0000
@@ -447,14 +447,22 @@ PHPAPI char *php_resolve_path(const char
char resolved_path[MAXPATHLEN];
char trypath[MAXPATHLEN];
const char *ptr, *end, *p;
+ char *actual_path;
+ php_stream_wrapper *wrapper;
if (!filename) {
return NULL;
}
- /* Don't resolve paths which contain protocol */
+ /* Don't resolve paths which contain protocol (except of file://) */
for (p = filename; isalnum((int)*p) || *p == '+' || *p == '-' || *p ==
'.'; p++);
if ((*p == ':') && (p - filename > 1) && (p[1] == '/') && (p[2] ==
'/')) {
+ wrapper = php_stream_locate_url_wrapper(filename, &actual_path,
STREAM_OPEN_FOR_INCLUDE TSRMLS_CC);
+ if (wrapper == &php_plain_files_wrapper) {
+ if (tsrm_realpath(actual_path, resolved_path
TSRMLS_CC)) {
+ return estrdup(resolved_path);
+ }
+ }
return NULL;
}
@@ -473,7 +481,15 @@ PHPAPI char *php_resolve_path(const char
ptr = path;
while (ptr && *ptr) {
- end = strchr(ptr, DEFAULT_DIR_SEPARATOR);
+ /* Check for stream wrapper */
+ int is_stream_wrapper = 0;
+
+ for (p = ptr; isalnum((int)*p) || *p == '+' || *p == '-' || *p
== '.'; p++);
+ if ((*p == ':') && (p - ptr > 1) && (p[1] == '/') && (p[2] ==
'/')) {
+ p += 3;
+ is_stream_wrapper = 1;
+ }
+ end = strchr(p, DEFAULT_DIR_SEPARATOR);
if (end) {
if ((end-ptr) + 1 + filename_length + 1 >= MAXPATHLEN) {
ptr = end + 1;
@@ -494,7 +510,23 @@ PHPAPI char *php_resolve_path(const char
memcpy(trypath+len+1, filename, filename_length+1);
ptr = NULL;
}
- if (tsrm_realpath(trypath, resolved_path TSRMLS_CC)) {
+ actual_path = trypath;
+ if (is_stream_wrapper) {
+ wrapper = php_stream_locate_url_wrapper(trypath,
&actual_path, STREAM_OPEN_FOR_INCLUDE TSRMLS_CC);
+ if (!wrapper) {
+ continue;
+ } else if (wrapper != &php_plain_files_wrapper) {
+ if (wrapper->wops->url_stat) {
+ php_stream_statbuf ssb;
+
+ if (SUCCESS ==
wrapper->wops->url_stat(wrapper, trypath, 0, &ssb, NULL TSRMLS_CC)) {
+ return estrdup(trypath);
+ }
+ }
+ continue;
+ }
+ }
+ if (tsrm_realpath(actual_path, resolved_path TSRMLS_CC)) {
return estrdup(resolved_path);
}
} /* end provided path */
@@ -511,7 +543,27 @@ PHPAPI char *php_resolve_path(const char
exec_fname_length + 1 + filename_length + 1 < MAXPATHLEN) {
memcpy(trypath, exec_fname, exec_fname_length + 1);
memcpy(trypath+exec_fname_length + 1, filename,
filename_length+1);
- if (tsrm_realpath(trypath, resolved_path TSRMLS_CC)) {
+ actual_path = trypath;
+
+ /* Check for stream wrapper */
+ for (p = trypath; isalnum((int)*p) || *p == '+' || *p
== '-' || *p == '.'; p++);
+ if ((*p == ':') && (p - trypath > 1) && (p[1] == '/')
&& (p[2] == '/')) {
+ wrapper =
php_stream_locate_url_wrapper(trypath, &actual_path, STREAM_OPEN_FOR_INCLUDE
TSRMLS_CC);
+ if (!wrapper) {
+ return NULL;
+ } else if (wrapper != &php_plain_files_wrapper)
{
+ if (wrapper->wops->url_stat) {
+ php_stream_statbuf ssb;
+
+ if (SUCCESS ==
wrapper->wops->url_stat(wrapper, trypath, 0, &ssb, NULL TSRMLS_CC)) {
+ return estrdup(trypath);
+ }
+ }
+ return NULL;
+ }
+ }
+
+ if (tsrm_realpath(actual_path, resolved_path
TSRMLS_CC)) {
return estrdup(resolved_path);
}
}
Index: main/php_streams.h
===================================================================
RCS file: /repository/php-src/main/php_streams.h,v
retrieving revision 1.103.2.1.2.4.2.2
diff -u -p -d -r1.103.2.1.2.4.2.2 php_streams.h
--- main/php_streams.h 31 Dec 2007 07:17:17 -0000 1.103.2.1.2.4.2.2
+++ main/php_streams.h 25 Mar 2008 09:07:25 -0000
@@ -511,6 +511,9 @@ END_EXTERN_C()
/* don't check allow_url_fopen and allow_url_include */
#define STREAM_DISABLE_URL_PROTECTION 0x00002000
+/* assume the path passed in exists and is fully expanded, avoiding syscalls */
+#define STREAM_ASSUME_REALPATH 0x00004000
+
/* Antique - no longer has meaning */
#define IGNORE_URL_WIN 0
Index: main/streams/plain_wrapper.c
===================================================================
RCS file: /repository/php-src/main/streams/plain_wrapper.c,v
retrieving revision 1.52.2.6.2.23.2.5
diff -u -p -d -r1.52.2.6.2.23.2.5 plain_wrapper.c
--- main/streams/plain_wrapper.c 31 Dec 2007 07:17:17 -0000
1.52.2.6.2.23.2.5
+++ main/streams/plain_wrapper.c 25 Mar 2008 09:07:25 -0000
@@ -892,9 +892,13 @@ PHPAPI php_stream *_php_stream_fopen(con
}
return NULL;
}
-
- if ((realpath = expand_filepath(filename, NULL TSRMLS_CC)) == NULL) {
- return NULL;
+
+ if (options & STREAM_ASSUME_REALPATH) {
+ realpath = estrdup(filename);
+ } else {
+ if ((realpath = expand_filepath(filename, NULL TSRMLS_CC)) ==
NULL) {
+ return NULL;
+ }
}
if (persistent) {
Index: main/streams/streams.c
===================================================================
RCS file: /repository/php-src/main/streams/streams.c,v
retrieving revision 1.82.2.6.2.18.2.6
diff -u -p -d -r1.82.2.6.2.18.2.6 streams.c
--- main/streams/streams.c 24 Mar 2008 16:28:35 -0000
1.82.2.6.2.18.2.6
+++ main/streams/streams.c 25 Mar 2008 09:07:25 -0000
@@ -1754,6 +1754,7 @@ PHPAPI php_stream *_php_stream_open_wrap
php_stream_wrapper *wrapper = NULL;
char *path_to_open;
int persistent = options & STREAM_OPEN_PERSISTENT;
+ char *resolved_path = NULL;
char *copy_of_path = NULL;
@@ -1765,11 +1766,23 @@ PHPAPI php_stream *_php_stream_open_wrap
return NULL;
}
- path_to_open = path;
+ if (options & USE_PATH) {
+ resolved_path = php_resolve_path(path, strlen(path),
PG(include_path) TSRMLS_CC);
+ if (resolved_path) {
+ path = resolved_path;
+ /* we've found this file, don't re-check include_path
or run realpath */
+ options |= STREAM_ASSUME_REALPATH;
+ options &= ~USE_PATH;
+ }
+ }
+ path_to_open = path;
wrapper = php_stream_locate_url_wrapper(path, &path_to_open, options
TSRMLS_CC);
if (options & STREAM_USE_URL && (!wrapper || !wrapper->is_url)) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "This function may
only be used against URLs");
+ if (resolved_path) {
+ efree(resolved_path);
+ }
return NULL;
}
@@ -1816,12 +1829,18 @@ PHPAPI php_stream *_php_stream_open_wrap
(options & STREAM_WILL_CAST)
? PHP_STREAM_PREFER_STDIO :
PHP_STREAM_NO_PREFERENCE)) {
case PHP_STREAM_UNCHANGED:
+ if (resolved_path) {
+ efree(resolved_path);
+ }
return stream;
case PHP_STREAM_RELEASED:
if (newstream->orig_path) {
pefree(newstream->orig_path,
persistent);
}
newstream->orig_path = pestrdup(path,
persistent);
+ if (resolved_path) {
+ efree(resolved_path);
+ }
return newstream;
default:
php_stream_close(stream);
@@ -1860,6 +1879,9 @@ PHPAPI php_stream *_php_stream_open_wrap
pefree(copy_of_path, persistent);
}
#endif
+ if (resolved_path) {
+ efree(resolved_path);
+ }
return stream;
}
/* }}} */
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
