 |
 |
 |
 |
|
|
Date: 05/30/98
- Next message: Rasmus Lerdorf: "Re: [PHP-DEV] Bug #417: silent (?) change in variable's value behaviour"
- Previous message: rasmus: "[PHP-DEV] CVS update: php3/functions"
- Next in thread: rasmus: "[PHP-DEV] CVS update: php31/ext/standard"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Saturday May 30, 1998 @ 9:54
Author: rasmus
Update of /repository/php31/ext/standard
In directory asf:/tmp/cvs-serv4126/ext/standard
Modified Files:
exec.c
Log Message:
strncat() fix in 3.1 tree
Index: php31/ext/standard/exec.c
diff -c php31/ext/standard/exec.c:1.2 php31/ext/standard/exec.c:1.3
*** php31/ext/standard/exec.c:1.2 Wed May 27 23:25:26 1998
--- php31/ext/standard/exec.c Sat May 30 09:54:55 1998
***************
*** 26,32 ****
| Author: Rasmus Lerdorf |
+----------------------------------------------------------------------+
*/
! /* $Id: exec.c,v 1.2 1998/05/28 03:25:26 shane Exp $ */
#ifdef THREAD_SAFE
#include "tls.h"
--- 26,32 ----
| Author: Rasmus Lerdorf |
+----------------------------------------------------------------------+
*/
! /* $Id: exec.c,v 1.3 1998/05/30 13:54:55 rasmus Exp $ */
#ifdef THREAD_SAFE
#include "tls.h"
***************
*** 56,66 ****
FILE *fp;
char buf[EXEC_INPUT_BUF], *tmp=NULL;
int t, l, ret, output=1;
char *b, *c, *d=NULL;
TLS_VARS;
if (GLOBAL(php3_ini).safe_mode) {
! l = strlen(cmd) + strlen(GLOBAL(php3_ini).safe_mode_exec_dir) + 2;
c = strchr(cmd, ' ');
if (c) *c = '\0';
if (strstr(cmd, "..")) {
--- 56,70 ----
FILE *fp;
char buf[EXEC_INPUT_BUF], *tmp=NULL;
int t, l, ret, output=1;
+ int overflow_limit, lcmd, ldir;
char *b, *c, *d=NULL;
TLS_VARS;
if (GLOBAL(php3_ini).safe_mode) {
! lcmd = strlen(cmd);
! ldir = strlen(GLOBAL(php3_ini).safe_mode_exec_dir);
! l = lcmd + ldir + 3;
! overflow_limit = l;
c = strchr(cmd, ' ');
if (c) *c = '\0';
if (strstr(cmd, "..")) {
***************
*** 70,87 ****
b = strrchr(cmd, '/');
d = emalloc(l);
strncpy(d, GLOBAL(php3_ini).safe_mode_exec_dir, l - 1);
if (b) {
! strncat(d, b, l - 1);
! d[l - 1] = '\0'; /* watch out for overflows */
} else {
strcat(d, "/");
! strncat(d, cmd, l - 1);
! d[l - 1] = '\0'; /* watch out for overflows */
}
if (c) {
*c = ' ';
! strncat(d, c, l - 1);
! d[l - 1] = '\0';
}
tmp = _php3_escapeshellcmd(d);
efree(d);
--- 74,91 ----
b = strrchr(cmd, '/');
d = emalloc(l);
strncpy(d, GLOBAL(php3_ini).safe_mode_exec_dir, l - 1);
+ overflow_limit -= ldir;
if (b) {
! strncat(d, b, overflow_limit);
! overflow_limit -= strlen(b);
} else {
strcat(d, "/");
! strncat(d, cmd, overflow_limit-1);
! overflow_limit-=(lcmd+1);
}
if (c) {
*c = ' ';
! strncat(d, c, overflow_limit);
}
tmp = _php3_escapeshellcmd(d);
efree(d);
- Next message: Rasmus Lerdorf: "Re: [PHP-DEV] Bug #417: silent (?) change in variable's value behaviour"
- Previous message: rasmus: "[PHP-DEV] CVS update: php3/functions"
- Next in thread: rasmus: "[PHP-DEV] CVS update: php31/ext/standard"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]