| 1 |
|
| 2 |
https://bugzilla.redhat.com/show_bug.cgi?id=690905 |
| 3 |
|
| 4 |
http://svn.php.net/viewvc/?view=revision&revision=308734 |
| 5 |
|
| 6 |
--- php-5.3.3/ext/standard/ftp_fopen_wrapper.c.cve1469 |
| 7 |
+++ php-5.3.3/ext/standard/ftp_fopen_wrapper.c |
| 8 |
@@ -72,6 +72,12 @@ |
| 9 |
#define FTPS_ENCRYPT_DATA 1 |
| 10 |
#define GET_FTP_RESULT(stream) get_ftp_result((stream), tmp_line, sizeof(tmp_line) TSRMLS_CC) |
| 11 |
|
| 12 |
+typedef struct _php_ftp_dirstream_data { |
| 13 |
+ php_stream *datastream; |
| 14 |
+ php_stream *controlstream; |
| 15 |
+ php_stream *dirstream; |
| 16 |
+} php_ftp_dirstream_data; |
| 17 |
+ |
| 18 |
/* {{{ get_ftp_result |
| 19 |
*/ |
| 20 |
static inline int get_ftp_result(php_stream *stream, char *buffer, size_t buffer_size TSRMLS_DC) |
| 21 |
@@ -97,12 +103,12 @@ static int php_stream_ftp_stream_stat(ph |
| 22 |
*/ |
| 23 |
static int php_stream_ftp_stream_close(php_stream_wrapper *wrapper, php_stream *stream TSRMLS_DC) |
| 24 |
{ |
| 25 |
- php_stream *controlstream = (php_stream *)stream->wrapperdata; |
| 26 |
+ php_stream *controlstream = stream->wrapperthis; |
| 27 |
|
| 28 |
if (controlstream) { |
| 29 |
php_stream_write_string(controlstream, "QUIT\r\n"); |
| 30 |
php_stream_close(controlstream); |
| 31 |
- stream->wrapperdata = NULL; |
| 32 |
+ stream->wrapperthis = NULL; |
| 33 |
} |
| 34 |
return 0; |
| 35 |
} |
| 36 |
@@ -187,7 +193,7 @@ static php_stream *php_ftp_fopen_connect |
| 37 |
|| php_stream_xport_crypto_enable(stream, 1 TSRMLS_CC) < 0) { |
| 38 |
php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "Unable to activate SSL mode"); |
| 39 |
php_stream_close(stream); |
| 40 |
- stream = NULL; |
| 41 |
+ stream->wrapperthis = NULL; |
| 42 |
goto connect_errexit; |
| 43 |
} |
| 44 |
|
| 45 |
@@ -564,7 +570,7 @@ php_stream * php_stream_url_wrap_ftp(php |
| 46 |
} |
| 47 |
|
| 48 |
/* remember control stream */ |
| 49 |
- datastream->wrapperdata = (zval *)stream; |
| 50 |
+ datastream->wrapperthis = stream; |
| 51 |
|
| 52 |
php_url_free(resource); |
| 53 |
return datastream; |
| 54 |
@@ -588,11 +594,13 @@ errexit: |
| 55 |
static size_t php_ftp_dirstream_read(php_stream *stream, char *buf, size_t count TSRMLS_DC) |
| 56 |
{ |
| 57 |
php_stream_dirent *ent = (php_stream_dirent *)buf; |
| 58 |
- php_stream *innerstream = (php_stream *)stream->abstract; |
| 59 |
+ php_stream *innerstream; |
| 60 |
size_t tmp_len; |
| 61 |
char *basename; |
| 62 |
size_t basename_len; |
| 63 |
|
| 64 |
+ innerstream = ((php_ftp_dirstream_data *)stream->abstract)->datastream; |
| 65 |
+ |
| 66 |
if (count != sizeof(php_stream_dirent)) { |
| 67 |
return 0; |
| 68 |
} |
| 69 |
@@ -636,13 +644,18 @@ static size_t php_ftp_dirstream_read(php |
| 70 |
*/ |
| 71 |
static int php_ftp_dirstream_close(php_stream *stream, int close_handle TSRMLS_DC) |
| 72 |
{ |
| 73 |
- php_stream *innerstream = (php_stream *)stream->abstract; |
| 74 |
+ php_ftp_dirstream_data *data = stream->abstract; |
| 75 |
|
| 76 |
- if (innerstream->wrapperdata) { |
| 77 |
- php_stream_close((php_stream *)innerstream->wrapperdata); |
| 78 |
- innerstream->wrapperdata = NULL; |
| 79 |
- } |
| 80 |
- php_stream_close((php_stream *)stream->abstract); |
| 81 |
+ /* close control connection */ |
| 82 |
+ if (data->controlstream) { |
| 83 |
+ php_stream_close(data->controlstream); |
| 84 |
+ data->controlstream = NULL; |
| 85 |
+ } |
| 86 |
+ /* close data connection */ |
| 87 |
+ php_stream_close(data->datastream); |
| 88 |
+ data->datastream = NULL; |
| 89 |
+ |
| 90 |
+ efree(data); |
| 91 |
stream->abstract = NULL; |
| 92 |
|
| 93 |
return 0; |
| 94 |
@@ -668,6 +681,7 @@ static php_stream_ops php_ftp_dirstream_ |
| 95 |
php_stream * php_stream_ftp_opendir(php_stream_wrapper *wrapper, char *path, char *mode, int options, char **opened_path, php_stream_context *context STREAMS_DC TSRMLS_DC) |
| 96 |
{ |
| 97 |
php_stream *stream, *reuseid, *datastream = NULL; |
| 98 |
+ php_ftp_dirstream_data *dirsdata; |
| 99 |
php_url *resource = NULL; |
| 100 |
int result = 0, use_ssl, use_ssl_on_data = 0; |
| 101 |
char *hoststart = NULL, tmp_line[512]; |
| 102 |
@@ -727,11 +741,14 @@ php_stream * php_stream_ftp_opendir(php_ |
| 103 |
goto opendir_errexit; |
| 104 |
} |
| 105 |
|
| 106 |
- /* remember control stream */ |
| 107 |
- datastream->wrapperdata = (zval *)stream; |
| 108 |
- |
| 109 |
php_url_free(resource); |
| 110 |
- return php_stream_alloc(&php_ftp_dirstream_ops, datastream, 0, mode); |
| 111 |
+ |
| 112 |
+ dirsdata = emalloc(sizeof *dirsdata); |
| 113 |
+ dirsdata->datastream = datastream; |
| 114 |
+ dirsdata->controlstream = stream; |
| 115 |
+ dirsdata->dirstream = php_stream_alloc(&php_ftp_dirstream_ops, dirsdata, 0, mode); |
| 116 |
+ |
| 117 |
+ return dirsdata->dirstream; |
| 118 |
|
| 119 |
opendir_errexit: |
| 120 |
if (resource) { |
Parent Directory
| 
Revision Log
| 
Revision Graph
