From ba1af298052cbef7329e330f2d3f9749b9be65bb Mon Sep 17 00:00:00 2001 From: Pierre Joye Date: Tue, 14 May 2013 16:45:11 +0200 Subject: [PATCH] more check for php_stream_fopen_tmpfile failure --- ext/phar/phar_object.c | 12 ++++++++++++ ext/phar/tar.c | 25 ++++++++++++++++++++----- ext/phar/util.c | 8 ++++++++ ext/phar/zip.c | 18 ++++++++++++++++-- 4 files changed, 56 insertions(+), 7 deletions(-) diff --git a/ext/phar/phar_object.c b/ext/phar/phar_object.c index eb6b4cf070f..666920990ac 100644 --- a/ext/phar/phar_object.c +++ b/ext/phar/phar_object.c @@ -1897,6 +1897,10 @@ PHP_METHOD(Phar, buildFromDirectory) pass.count = 0; pass.ret = return_value; pass.fp = php_stream_fopen_tmpfile(); + if (pass.fp == NULL) { + zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "phar \"%s\" unable to create temporary file", phar_obj->arc.archive->fname); + return; + } if (phar_obj->arc.archive->is_persistent && FAILURE == phar_copy_on_write(&(phar_obj->arc.archive) TSRMLS_CC)) { zval_ptr_dtor(&iteriter); @@ -1977,6 +1981,10 @@ PHP_METHOD(Phar, buildFromIterator) pass.ret = return_value; pass.count = 0; pass.fp = php_stream_fopen_tmpfile(); + if (pass.fp == NULL) { + zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "phar \"%s\": unable to create temporary file", phar_obj->arc.archive->fname); + return; + } if (SUCCESS == spl_iterator_apply(obj, (spl_iterator_apply_func_t) phar_build, (void *) &pass TSRMLS_CC)) { phar_obj->arc.archive->ufp = pass.fp; @@ -2308,6 +2316,10 @@ static zval *phar_convert_to_other(phar_archive_data *source, int convert, char zend_get_hash_value, NULL, 0); phar->fp = php_stream_fopen_tmpfile(); + if (phar->fp == NULL) { + zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "unable to create temporary file"); + return NULL; + } phar->fname = source->fname; phar->fname_len = source->fname_len; phar->is_temporary_alias = source->is_temporary_alias; diff --git a/ext/phar/tar.c b/ext/phar/tar.c index f170335437f..0e60e3db134 100644 --- a/ext/phar/tar.c +++ b/ext/phar/tar.c @@ -847,7 +847,10 @@ int phar_tar_setmetadata(zval *metadata, phar_entry_info *entry, char **error TS entry->is_modified = 1; entry->fp = php_stream_fopen_tmpfile(); entry->offset = entry->offset_abs = 0; - + if (entry->fp == NULL) { + spprintf(error, 0, "phar error: unable to create temporary file"); + return -1; + } if (entry->metadata_str.len != php_stream_write(entry->fp, entry->metadata_str.c, entry->metadata_str.len)) { spprintf(error, 0, "phar tar error: unable to write metadata to magic metadata file \"%s\"", entry->filename); zend_hash_del(&(entry->phar->manifest), entry->filename, entry->filename_len); @@ -949,7 +952,10 @@ int phar_tar_flush(phar_archive_data *phar, char *user_stub, long len, int defau entry.filename = estrndup(".phar/alias.txt", sizeof(".phar/alias.txt")-1); entry.filename_len = sizeof(".phar/alias.txt")-1; entry.fp = php_stream_fopen_tmpfile(); - + if (entry.fp == NULL) { + spprintf(error, 0, "phar error: unable to create temporary file"); + return -1; + } if (phar->alias_len != (int)php_stream_write(entry.fp, phar->alias, phar->alias_len)) { if (error) { spprintf(error, 0, "unable to set alias in tar-based phar \"%s\"", phar->fname); @@ -1014,6 +1020,10 @@ int phar_tar_flush(phar_archive_data *phar, char *user_stub, long len, int defau len = pos - user_stub + 18; entry.fp = php_stream_fopen_tmpfile(); + if (entry.fp == NULL) { + spprintf(error, 0, "phar error: unable to create temporary file"); + return EOF; + } entry.uncompressed_filesize = len + 5; if ((size_t)len != php_stream_write(entry.fp, user_stub, len) @@ -1038,7 +1048,10 @@ int phar_tar_flush(phar_archive_data *phar, char *user_stub, long len, int defau } else { /* Either this is a brand new phar (add the stub), or the default stub is required (overwrite the stub) */ entry.fp = php_stream_fopen_tmpfile(); - + if (entry.fp == NULL) { + spprintf(error, 0, "phar error: unable to create temporary file"); + return EOF; + } if (sizeof(newstub)-1 != php_stream_write(entry.fp, newstub, sizeof(newstub)-1)) { php_stream_close(entry.fp); if (error) { @@ -1087,7 +1100,6 @@ nostub: } newfile = php_stream_fopen_tmpfile(); - if (!newfile) { if (error) { spprintf(error, 0, "unable to create temporary file"); @@ -1174,7 +1186,10 @@ nostub: entry.filename = ".phar/signature.bin"; entry.filename_len = sizeof(".phar/signature.bin")-1; entry.fp = php_stream_fopen_tmpfile(); - + if (entry.fp == NULL) { + spprintf(error, 0, "phar error: unable to create temporary file"); + return EOF; + } #ifdef WORDS_BIGENDIAN # define PHAR_SET_32(var, buffer) \ *(php_uint32 *)(var) = (((((unsigned char*)&(buffer))[3]) << 24) \ diff --git a/ext/phar/util.c b/ext/phar/util.c index 4f364788d50..89edb78a202 100644 --- a/ext/phar/util.c +++ b/ext/phar/util.c @@ -890,6 +890,10 @@ int phar_copy_entry_fp(phar_entry_info *source, phar_entry_info *dest, char **er dest->offset = 0; dest->is_modified = 1; dest->fp = php_stream_fopen_tmpfile(); + if (dest->fp == NULL) { + spprintf(error, 0, "phar error: unable to create temporary file"); + return EOF; + } phar_seek_efp(source, 0, SEEK_SET, 0, 1 TSRMLS_CC); link = phar_get_link_source(source TSRMLS_CC); @@ -1130,6 +1134,10 @@ int phar_separate_entry_fp(phar_entry_info *entry, char **error TSRMLS_DC) /* {{ } fp = php_stream_fopen_tmpfile(); + if (fp == NULL) { + spprintf(error, 0, "phar error: unable to create temporary file"); + return FAILURE; + } phar_seek_efp(entry, 0, SEEK_SET, 0, 1 TSRMLS_CC); link = phar_get_link_source(entry TSRMLS_CC); diff --git a/ext/phar/zip.c b/ext/phar/zip.c index 2d57c08c5aa..c8057e3bbe1 100644 --- a/ext/phar/zip.c +++ b/ext/phar/zip.c @@ -1095,6 +1095,10 @@ static int phar_zip_applysignature(phar_archive_data *phar, struct _phar_zip_pas off_t tell, st; newfile = php_stream_fopen_tmpfile(); + if (newfile == NULL) { + spprintf(pass->error, 0, "phar error: unable to create temporary file for the signature file"); + return FAILURE; + } st = tell = php_stream_tell(pass->filefp); /* copy the local files, central directory, and the zip comment to generate the hash */ php_stream_seek(pass->filefp, 0, SEEK_SET); @@ -1196,7 +1200,10 @@ int phar_zip_flush(phar_archive_data *phar, char *user_stub, long len, int defau /* set alias */ if (!phar->is_temporary_alias && phar->alias_len) { entry.fp = php_stream_fopen_tmpfile(); - + if (entry.fp == NULL) { + spprintf(error, 0, "phar error: unable to create temporary file"); + return EOF; + } if (phar->alias_len != (int)php_stream_write(entry.fp, phar->alias, phar->alias_len)) { if (error) { spprintf(error, 0, "unable to set alias in zip-based phar \"%s\"", phar->fname); @@ -1271,6 +1278,10 @@ int phar_zip_flush(phar_archive_data *phar, char *user_stub, long len, int defau len = pos - user_stub + 18; entry.fp = php_stream_fopen_tmpfile(); + if (entry.fp == NULL) { + spprintf(error, 0, "phar error: unable to create temporary file"); + return EOF; + } entry.uncompressed_filesize = len + 5; if ((size_t)len != php_stream_write(entry.fp, user_stub, len) @@ -1304,7 +1315,10 @@ int phar_zip_flush(phar_archive_data *phar, char *user_stub, long len, int defau } else { /* Either this is a brand new phar (add the stub), or the default stub is required (overwrite the stub) */ entry.fp = php_stream_fopen_tmpfile(); - + if (entry.fp == NULL) { + spprintf(error, 0, "phar error: unable to create temporary file"); + return EOF; + } if (sizeof(newstub)-1 != php_stream_write(entry.fp, newstub, sizeof(newstub)-1)) { php_stream_close(entry.fp); if (error) {