[prev in list] [next in list] [prev in thread] [next in thread]
List: php-cvs
Subject: [PHP-CVS] com php-src: Prevent =?UTF-8?Q?com=3A=3A=5F=5Fconstruct=28=29=20to=20modi?= =?UTF-8?Q?fy=2
From: Christoph Michael Becker <cmb () php ! net>
Date: 2020-08-31 15:44:27
Message-ID: php-mail-91ab3adc75691eddc6359084c8b3bd99852906909 () git ! php ! net
[Download RAW message or body]
Commit: d4d52ba945f961b53740325bfc367e445c729902
Author: Christoph M. Becker <cmbecker69@gmx.de> Wed, 26 Aug 2020 15:12:16 \
+0200
Parents: 4acac9bd72630c8dea2d61bf9b550814467e54db
Branches: master
Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=d4d52ba945f961b53740325bfc367e445c729902
Log:
Prevent com::__construct() to modify the $server_name array
We switch to `zend_string`s for simplicity, so there's no need to
`convert_to_string()` anymore, what makes the array separation
superfluous.
Closes GH-6040
Changed paths:
M ext/com_dotnet/com_com.c
Diff:
diff --git a/ext/com_dotnet/com_com.c b/ext/com_dotnet/com_com.c
index 99a217342af..54a1533266e 100644
--- a/ext/com_dotnet/com_com.c
+++ b/ext/com_dotnet/com_com.c
@@ -31,10 +31,9 @@ PHP_METHOD(com, __construct)
zval *object = getThis();
zval *server_params = NULL;
php_com_dotnet_object *obj;
- char *module_name, *typelib_name = NULL, *server_name = NULL;
- char *user_name = NULL, *domain_name = NULL, *password = NULL;
- size_t module_name_len = 0, typelib_name_len = 0, server_name_len = 0,
- user_name_len, domain_name_len, password_len;
+ char *module_name, *typelib_name = NULL;
+ size_t module_name_len = 0, typelib_name_len = 0;
+ zend_string *server_name = NULL, *user_name = NULL, *password = NULL, *domain_name \
= NULL; OLECHAR *moniker;
CLSID clsid;
CLSCTX ctx = CLSCTX_SERVER;
@@ -52,11 +51,11 @@ PHP_METHOD(com, __construct)
const struct php_win32_cp *cp_it;
if (FAILURE == zend_parse_parameters_ex(ZEND_PARSE_PARAMS_QUIET,
- ZEND_NUM_ARGS(), "s|s!ls",
- &module_name, &module_name_len, &server_name, &server_name_len,
+ ZEND_NUM_ARGS(), "s|S!ls",
+ &module_name, &module_name_len, &server_name,
&cp, &typelib_name, &typelib_name_len) &&
FAILURE == zend_parse_parameters(
- ZEND_NUM_ARGS(), "sa/|ls",
+ ZEND_NUM_ARGS(), "sa|ls",
&module_name, &module_name_len, &server_params, &cp,
&typelib_name, &typelib_name_len)) {
RETURN_THROWS();
@@ -81,39 +80,23 @@ PHP_METHOD(com, __construct)
if (NULL != (tmp = zend_hash_str_find(Z_ARRVAL_P(server_params),
"Server", sizeof("Server")-1))) {
- if (!try_convert_to_string(tmp)) {
- RETURN_THROWS();
- }
- server_name = Z_STRVAL_P(tmp);
- server_name_len = Z_STRLEN_P(tmp);
+ server_name = zval_get_string(tmp);
ctx = CLSCTX_REMOTE_SERVER;
}
if (NULL != (tmp = zend_hash_str_find(Z_ARRVAL_P(server_params),
"Username", sizeof("Username")-1))) {
- if (!try_convert_to_string(tmp)) {
- RETURN_THROWS();
- }
- user_name = Z_STRVAL_P(tmp);
- user_name_len = Z_STRLEN_P(tmp);
+ user_name = zval_get_string(tmp);
}
if (NULL != (tmp = zend_hash_str_find(Z_ARRVAL_P(server_params),
"Password", sizeof("Password")-1))) {
- if (!try_convert_to_string(tmp)) {
- RETURN_THROWS();
- }
- password = Z_STRVAL_P(tmp);
- password_len = Z_STRLEN_P(tmp);
+ password = zval_get_string(tmp);
}
if (NULL != (tmp = zend_hash_str_find(Z_ARRVAL_P(server_params),
"Domain", sizeof("Domain")-1))) {
- if (!try_convert_to_string(tmp)) {
- RETURN_THROWS();
- }
- domain_name = Z_STRVAL_P(tmp);
- domain_name_len = Z_STRLEN_P(tmp);
+ domain_name = zval_get_string(tmp);
}
if (NULL != (tmp = zend_hash_str_find(Z_ARRVAL_P(server_params),
@@ -134,25 +117,25 @@ PHP_METHOD(com, __construct)
if (server_name) {
info.dwReserved1 = 0;
info.dwReserved2 = 0;
- info.pwszName = php_com_string_to_olestring(server_name, server_name_len, \
obj->code_page); + info.pwszName = \
php_com_string_to_olestring(ZSTR_VAL(server_name), ZSTR_LEN(server_name), \
obj->code_page);
if (user_name) {
- authid.User = (OLECHAR*)user_name;
- authid.UserLength = (ULONG)user_name_len;
+ authid.User = (OLECHAR*) ZSTR_VAL(user_name);
+ authid.UserLength = (ULONG) ZSTR_LEN(user_name);
if (password) {
- authid.Password = (OLECHAR*)password;
- authid.PasswordLength = (ULONG)password_len;
+ authid.Password = (OLECHAR*) ZSTR_VAL(password);
+ authid.PasswordLength = (ULONG) ZSTR_LEN(password);
} else {
- authid.Password = (OLECHAR*)"";
+ authid.Password = (OLECHAR*) "";
authid.PasswordLength = 0;
}
if (domain_name) {
- authid.Domain = (OLECHAR*)domain_name;
- authid.DomainLength = (ULONG)domain_name_len;
+ authid.Domain = (OLECHAR*) ZSTR_VAL(domain_name);
+ authid.DomainLength = (ULONG) ZSTR_LEN(domain_name);
} else {
- authid.Domain = (OLECHAR*)"";
+ authid.Domain = (OLECHAR*) "";
authid.DomainLength = 0;
}
authid.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI;
@@ -225,7 +208,11 @@ PHP_METHOD(com, __construct)
if (server_name) {
if (info.pwszName) efree(info.pwszName);
+ if (server_params) zend_string_release(server_name);
}
+ if (user_name) zend_string_release(user_name);
+ if (password) zend_string_release(password);
+ if (domain_name) zend_string_release(domain_name);
efree(moniker);
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic