Message-ID: <email address hidden>
Date: Thu, 6 Jan 2005 10:16:55 +0200 (EET)
From: Pekka Savola <email address hidden>
To: Steve Kemp <email address hidden>
cc: Florian Weimer <email address hidden>, Martin Schulze <email address hidden>,
<email address hidden>, <email address hidden>
Subject: Re: A backport of PHP fixes for 4.1.2
Hi,
On Wed, 5 Jan 2005, Steve Kemp wrote:
> On Wed, Jan 05, 2005 at 10:13:52PM +0200, Pekka Savola wrote:
>> I'd welcome more eyeballs looking at it, correct any mistakes and
>> omissions (if any :).
>
> Looks good, except this bit seems dodgy:
Thanks for looking!
> - memcpy(ptr, CWDG(cwd).cwd, CWDG(cwd).cwd_length);
> - ptr += CWDG(cwd).cwd_length;
> + *ptr++ = '\'';
> + while (dir_length > 0) {
> + switch (*dir) {
> + case '\'':
> + *ptr++ = '\'';
> + *ptr++ = '\\';
> + *ptr++ = '\'';
> + /* fall-through */
>
>
> Is ptr going to be big enough? For every ' character it's incremented
> several times.
>
> This may become clear when more context is present, but it's the
> only thing that I'd be wanting to look more closely at.
Good question. The code fragment comes from 4.3.10.. [*] So, if you
assume the php developers thought that through, and nothing big has
changed between 4.1.2 and 4.3.8 (the patch applies as is) it should be
OK (that's good enough for me :). If not..
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
Message-ID: <email address hidden>
Date: Thu, 6 Jan 2005 10:16:55 +0200 (EET)
From: Pekka Savola <email address hidden>
To: Steve Kemp <email address hidden>
cc: Florian Weimer <email address hidden>, Martin Schulze <email address hidden>,
<email address hidden>, <email address hidden>
Subject: Re: A backport of PHP fixes for 4.1.2
Hi,
On Wed, 5 Jan 2005, Steve Kemp wrote:
> On Wed, Jan 05, 2005 at 10:13:52PM +0200, Pekka Savola wrote:
>> I'd welcome more eyeballs looking at it, correct any mistakes and
>> omissions (if any :).
>
> Looks good, except this bit seems dodgy:
Thanks for looking!
> - memcpy(ptr, CWDG(cwd).cwd, CWDG(cwd) .cwd_length) ; .cwd_length;
> - ptr += CWDG(cwd)
> + *ptr++ = '\'';
> + while (dir_length > 0) {
> + switch (*dir) {
> + case '\'':
> + *ptr++ = '\'';
> + *ptr++ = '\\';
> + *ptr++ = '\'';
> + /* fall-through */
>
>
> Is ptr going to be big enough? For every ' character it's incremented
> several times.
>
> This may become clear when more context is present, but it's the
> only thing that I'd be wanting to look more closely at.
Good question. The code fragment comes from 4.3.10.. [*] So, if you
assume the php developers thought that through, and nothing big has
changed between 4.1.2 and 4.3.8 (the patch applies as is) it should be
OK (that's good enough for me :). If not..
[*] among others, cvs.php. net/diff. php/TSRM/ tsrm_virtual_ cwd.c?r1= 1.41.2. 7&r2=1. 41.2.8& ty=u
http://
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings