Merge branch 'PHP-7.4' into PHP-8.0

* PHP-7.4: Avoid OOB reads in create_name_with_username()
2024-09-22 10:27:25 +00:00 · 2021-07-04 22:54:48 +02:00 · 2021-07-04 22:54:48 +02:00 · 948b83d7ea
commit 948b83d7ea
parent 1b01bf3a95 b1840737e2
1 changed files with 13 additions and 2 deletions
--- a/ext/opcache/shared_alloc_win32.c
+++ b/ext/opcache/shared_alloc_win32.c
@ -71,8 +71,19 @@ static void zend_win_error_message(int type, char *msg, int err)

 static char *create_name_with_username(char *name)
 {
-	static char newname[MAXPATHLEN + 32 + 4 + 1 + 32 + 21];
-	snprintf(newname, sizeof(newname) - 1, "%s@%.32s@%.20s@%.32s", name, accel_uname_id, sapi_module.name, zend_system_id);
+	static char newname[MAXPATHLEN + 1 + 32 + 1 + 20 + 1 + 32 + 1];
+	char *p = newname;
+	p += strlcpy(newname, name, MAXPATHLEN + 1);
+	*(p++) = '@';
+	memcpy(p, accel_uname_id, 32);
+	p += 32;
+	*(p++) = '@';
+	p += strlcpy(p, sapi_module.name, 21);
+	*(p++) = '@';
+	memcpy(p, accel_system_id, 32);
+	p += 32;
+	*(p++) = '\0';
+	ZEND_ASSERT(p - newname <= sizeof(newname));

 	return newname;
 }