clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-21 09:57:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'PHP-8.0'

Browse Source 
* PHP-8.0:
  Fix bug #81068: Fix possible use-after-free in realpath_cache_clean()
This commit is contained in:
Nikita Popov 2021-05-25 11:41:06 +02:00
commit 7a766401eb
1 changed files with 18 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
Zend/zend_virtual_cwd.c
View File

@ -150,9 +150,25 @@ static void cwd_globals_ctor(virtual_cwd_globals *cwd_g) /* {{{ */
} }
/* }}} */ /* }}} */
static void realpath_cache_clean_helper(uint32_t max_entries, realpath_cache_bucket **cache, zend_long *cache_size)
{
uint32_t i;
for (i = 0; i < max_entries; i++) {
realpath_cache_bucket *p = cache[i];
while (p != NULL) {
realpath_cache_bucket *r = p;
p = p->next;
free(r);
}
cache[i] = NULL;
}
*cache_size = 0;
}
static void cwd_globals_dtor(virtual_cwd_globals *cwd_g) /* {{{ */ static void cwd_globals_dtor(virtual_cwd_globals *cwd_g) /* {{{ */
{ {
realpath_cache_clean(); realpath_cache_clean_helper(sizeof(cwd_g->realpath_cache)/sizeof(cwd_g->realpath_cache[0]), cwd_g->realpath_cache, &cwd_g->realpath_cache_size);
} }
/* }}} */ /* }}} */
@ -340,18 +356,7 @@ static inline zend_ulong realpath_cache_key(const char *path, size_t path_len) /
CWD_API void realpath_cache_clean(void) /* {{{ */ CWD_API void realpath_cache_clean(void) /* {{{ */
{ {
uint32_t i; realpath_cache_clean_helper(sizeof(CWDG(realpath_cache))/sizeof(CWDG(realpath_cache)[0]), CWDG(realpath_cache), &CWDG(realpath_cache_size));
for (i = 0; i < sizeof(CWDG(realpath_cache))/sizeof(CWDG(realpath_cache)[0]); i++) {
realpath_cache_bucket *p = CWDG(realpath_cache)[i];
while (p != NULL) {
realpath_cache_bucket *r = p;
p = p->next;
free(r);
}
CWDG(realpath_cache)[i] = NULL;
}
CWDG(realpath_cache_size) = 0;
} }
/* }}} */ /* }}} */