[Libguestfs] [PATCH 1/4] php: fix invalid memory access with OptString
Pino Toscano
ptoscano at redhat.com
Tue Feb 10 15:42:52 UTC 2015
OptString maps to a "s!" argument, which makes zend_parse_parameters not
touch the variables (char* and length) when NULL is passed as parameter.
Hence, set both to NULL/0, and check for non-NULL char* variable before
checking its length.
---
generator/php.ml | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/generator/php.ml b/generator/php.ml
index 0ef6541..1384451 100644
--- a/generator/php.ml
+++ b/generator/php.ml
@@ -192,11 +192,13 @@ PHP_FUNCTION (guestfs_last_error)
| String n | Device n | Mountable n | Pathname n
| Dev_or_Path n | Mountable_or_Path n
| FileIn n | FileOut n | Key n
- | OptString n
| BufferIn n
| GUID n ->
pr " char *%s;\n" n;
pr " int %s_size;\n" n
+ | OptString n ->
+ pr " char *%s = NULL;\n" n;
+ pr " int %s_size;\n" n
| StringList n
| DeviceList n ->
pr " zval *z_%s;\n" n;
@@ -310,7 +312,7 @@ PHP_FUNCTION (guestfs_last_error)
| String n | Device n | Mountable n | Pathname n
| Dev_or_Path n | Mountable_or_Path n
| FileIn n | FileOut n | Key n
- | OptString n | GUID n ->
+ | GUID n ->
(* Just need to check the string doesn't contain any ASCII
* NUL characters, which won't be supported by the C API.
*)
@@ -319,6 +321,15 @@ PHP_FUNCTION (guestfs_last_error)
pr " RETURN_FALSE;\n";
pr " }\n";
pr "\n"
+ | OptString n ->
+ (* Just need to check the string doesn't contain any ASCII
+ * NUL characters, which won't be supported by the C API.
+ *)
+ pr " if (%s != NULL && strlen (%s) != %s_size) {\n" n n n;
+ pr " fprintf (stderr, \"libguestfs: %s: parameter '%s' contains embedded ASCII NUL.\\n\");\n" shortname n;
+ pr " RETURN_FALSE;\n";
+ pr " }\n";
+ pr "\n"
| BufferIn n -> ()
| StringList n
| DeviceList n ->
--
1.9.3
More information about the Libguestfs
mailing list