clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-22 02:17:32 +00:00
Code Issues Packages Projects Releases Wiki Activity
83cd1c241e
php-src/ext/standard/dl.c
Niels Dossche 8a812c3fda Fix GH-12215: Module entry being overwritten causes type errors in ext/dom (PHP 8.4) 
When we try to load an extension multiple times, we still overwrite the
type, module number, and handle. If the module number is used to
indicate module boundaries (e.g. in reflection and in dom, see e.g.
dom_objects_set_class_ex), then all sorts of errors can happen.

In the case of ext/dom, OP's error happens because the following
happens:
- The property handler is set up incorrectly in
  dom_objects_set_class_ex() because the wrong module number is
  specified. The class highest in the hierarchy is DOMNode, so the
  property handler is incorrectly set to that of DOMNode instead of
  DOMDocument.
- The documentElement property doesn't exist on DOMNode, it only exists
  on DOMDocument, so it tries to read using zend_std_read_property().
  As there is no user property called documentElement, that read
  operation returns an undef value.
  However, the type is still checked, resulting in the strange exception.

Solve this by changing the API such that the data is only overwritten if
it's owned data.

Closes GH-12246.
2023-09-20 21:02:51 +02:00

301 lines
8.6 KiB
C
Raw Blame History

/*
+----------------------------------------------------------------------+
| Copyright (c) The PHP Group |
+----------------------------------------------------------------------+
| This source file is subject to version 3.01 of the PHP license, |
| that is bundled with this package in the file LICENSE, and is |
| available through the world-wide-web at the following url: |
| https://www.php.net/license/3_01.txt |
| If you did not receive a copy of the PHP license and are unable to |
| obtain it through the world-wide-web, please send a note to |
| license@php.net so we can mail you a copy immediately. |
+----------------------------------------------------------------------+
| Authors: Brian Schaffner <brian@tool.net> |
| Shane Caraveo <shane@caraveo.com> |
| Zeev Suraski <zeev@php.net> |
+----------------------------------------------------------------------+
*/
#include "php.h"
#include "dl.h"
#include "php_globals.h"
#include "php_ini.h"
#include "ext/standard/info.h"
#include "SAPI.h"
#ifdef HAVE_LIBDL
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#ifdef PHP_WIN32
#include "win32/param.h"
#include "win32/winutil.h"
#define GET_DL_ERROR() php_win_err()
#else
#include <sys/param.h>
#define GET_DL_ERROR() DL_ERROR()
#endif
#endif /* defined(HAVE_LIBDL) */
/* {{{ Load a PHP extension at runtime */
PHPAPI PHP_FUNCTION(dl)
{
char *filename;
size_t filename_len;
ZEND_PARSE_PARAMETERS_START(1, 1)
Z_PARAM_STRING(filename, filename_len)
ZEND_PARSE_PARAMETERS_END();
if (!PG(enable_dl)) {
php_error_docref(NULL, E_WARNING, "Dynamically loaded extensions aren't enabled");
RETURN_FALSE;
}
if (filename_len >= MAXPATHLEN) {
php_error_docref(NULL, E_WARNING, "Filename exceeds the maximum allowed length of %d characters", MAXPATHLEN);
RETURN_FALSE;
}
#if ZEND_RC_DEBUG
bool orig_rc_debug = zend_rc_debug;
/* FIXME: Loading extensions during the request breaks some invariants. In
* particular, it will create persistent interned strings, which is not
* allowed at this stage. */
zend_rc_debug = false;
#endif
php_dl(filename, MODULE_TEMPORARY, return_value, 0);
if (Z_TYPE_P(return_value) == IS_TRUE) {
EG(full_tables_cleanup) = 1;
}
#if ZEND_RC_DEBUG
zend_rc_debug = orig_rc_debug;
#endif
}
/* }}} */
#ifdef HAVE_LIBDL
/* {{{ php_load_shlib */
PHPAPI void *php_load_shlib(const char *path, char **errp)
{
void *handle;
char *err;
handle = DL_LOAD(path);
if (!handle) {
err = GET_DL_ERROR();
#ifdef PHP_WIN32
if (err && (*err)) {
size_t i = strlen(err);
(*errp)=estrdup(err);
php_win32_error_msg_free(err);
while (i > 0 && isspace((*errp)[i-1])) { (*errp)[i-1] = '\0'; i--; }
} else {
(*errp) = estrdup("<No message>");
}
#else
(*errp) = estrdup(err);
GET_DL_ERROR(); /* free the buffer storing the error */
#endif
}
return handle;
}
/* }}} */
/* {{{ php_load_extension */
PHPAPI int php_load_extension(const char *filename, int type, int start_now)
{
void *handle;
char *libpath;
zend_module_entry *module_entry;
zend_module_entry *(*get_module)(void);
int error_type, slash_suffix = 0;
char *extension_dir;
char *err1, *err2;
if (type == MODULE_PERSISTENT) {
extension_dir = INI_STR("extension_dir");
} else {
extension_dir = PG(extension_dir);
}
if (type == MODULE_TEMPORARY) {
error_type = E_WARNING;
} else {
error_type = E_CORE_WARNING;
}
/* Check if passed filename contains directory separators */
if (strchr(filename, '/') != NULL || strchr(filename, DEFAULT_SLASH) != NULL) {
/* Passing modules with full path is not supported for dynamically loaded extensions */
if (type == MODULE_TEMPORARY) {
php_error_docref(NULL, E_WARNING, "Temporary module name should contain only filename");
return FAILURE;
}
libpath = estrdup(filename);
} else if (extension_dir && extension_dir[0]) {
slash_suffix = IS_SLASH(extension_dir[strlen(extension_dir)-1]);
/* Try as filename first */
if (slash_suffix) {
spprintf(&libpath, 0, "%s%s", extension_dir, filename); /* SAFE */
} else {
spprintf(&libpath, 0, "%s%c%s", extension_dir, DEFAULT_SLASH, filename); /* SAFE */
}
} else {
return FAILURE; /* Not full path given or extension_dir is not set */
}
handle = php_load_shlib(libpath, &err1);
if (!handle) {
/* Now, consider 'filename' as extension name and build file name */
char *orig_libpath = libpath;
if (slash_suffix) {
spprintf(&libpath, 0, "%s" PHP_SHLIB_EXT_PREFIX "%s." PHP_SHLIB_SUFFIX, extension_dir, filename); /* SAFE */
} else {
spprintf(&libpath, 0, "%s%c" PHP_SHLIB_EXT_PREFIX "%s." PHP_SHLIB_SUFFIX, extension_dir, DEFAULT_SLASH, filename); /* SAFE */
}
handle = php_load_shlib(libpath, &err2);
if (!handle) {
php_error_docref(NULL, error_type, "Unable to load dynamic library '%s' (tried: %s (%s), %s (%s))",
filename, orig_libpath, err1, libpath, err2);
efree(orig_libpath);
efree(err1);
efree(libpath);
efree(err2);
return FAILURE;
}
efree(orig_libpath);
efree(err1);
}
efree(libpath);
#ifdef PHP_WIN32
if (!php_win32_image_compatible(handle, &err1)) {
php_error_docref(NULL, error_type, err1);
efree(err1);
DL_UNLOAD(handle);
return FAILURE;
}
#endif
get_module = (zend_module_entry *(*)(void)) DL_FETCH_SYMBOL(handle, "get_module");
/* Some OS prepend _ to symbol names while their dynamic linker
* does not do that automatically. Thus we check manually for
* _get_module. */
if (!get_module) {
get_module = (zend_module_entry *(*)(void)) DL_FETCH_SYMBOL(handle, "_get_module");
}
if (!get_module) {
if (DL_FETCH_SYMBOL(handle, "zend_extension_entry") || DL_FETCH_SYMBOL(handle, "_zend_extension_entry")) {
DL_UNLOAD(handle);
php_error_docref(NULL, error_type, "Invalid library (appears to be a Zend Extension, try loading using zend_extension=%s from php.ini)", filename);
return FAILURE;
}
DL_UNLOAD(handle);
php_error_docref(NULL, error_type, "Invalid library (maybe not a PHP library) '%s'", filename);
return FAILURE;
}
module_entry = get_module();
if (zend_hash_str_exists(&module_registry, module_entry->name, strlen(module_entry->name))) {
zend_error(E_CORE_WARNING, "Module \"%s\" is already loaded", module_entry->name);
DL_UNLOAD(handle);
return FAILURE;
}
if (module_entry->zend_api != ZEND_MODULE_API_NO) {
php_error_docref(NULL, error_type,
"%s: Unable to initialize module\n"
"Module compiled with module API=%d\n"
"PHP compiled with module API=%d\n"
"These options need to match\n",
module_entry->name, module_entry->zend_api, ZEND_MODULE_API_NO);
DL_UNLOAD(handle);
return FAILURE;
}
if(strcmp(module_entry->build_id, ZEND_MODULE_BUILD_ID)) {
php_error_docref(NULL, error_type,
"%s: Unable to initialize module\n"
"Module compiled with build ID=%s\n"
"PHP compiled with build ID=%s\n"
"These options need to match\n",
module_entry->name, module_entry->build_id, ZEND_MODULE_BUILD_ID);
DL_UNLOAD(handle);
return FAILURE;
}
if ((module_entry = zend_register_module_ex(module_entry, type)) == NULL) {
DL_UNLOAD(handle);
return FAILURE;
}
module_entry->handle = handle;
if ((type == MODULE_TEMPORARY || start_now) && zend_startup_module_ex(module_entry) == FAILURE) {
DL_UNLOAD(handle);
return FAILURE;
}
if ((type == MODULE_TEMPORARY || start_now) && module_entry->request_startup_func) {
if (module_entry->request_startup_func(type, module_entry->module_number) == FAILURE) {
php_error_docref(NULL, error_type, "Unable to initialize module '%s'", module_entry->name);
DL_UNLOAD(handle);
return FAILURE;
}
}
return SUCCESS;
}
/* }}} */
#else
static void php_dl_error(const char *filename)
{
php_error_docref(NULL, E_WARNING, "Cannot dynamically load %s - dynamic modules are not supported", filename);
}
PHPAPI void *php_load_shlib(const char *path, char **errp)
{
php_dl_error(path);
(*errp) = estrdup("No DL support");
return NULL;
}
PHPAPI int php_load_extension(const char *filename, int type, int start_now)
{
php_dl_error(filename);
return FAILURE;
}
#endif
/* {{{ php_dl */
PHPAPI void php_dl(const char *file, int type, zval *return_value, int start_now)
{
/* Load extension */
if (php_load_extension(file, type, start_now) == FAILURE) {
RETVAL_FALSE;
} else {
RETVAL_TRUE;
}
}
/* }}} */
PHP_MINFO_FUNCTION(dl)
{
#if defined(HAVE_LIBDL)
#define PHP_DL_SUPPORT_STATUS "enabled"
#else
#define PHP_DL_SUPPORT_STATUS "unavailable"
#endif
php_info_print_table_row(2, "Dynamic Library Support", PHP_DL_SUPPORT_STATUS);
}
Reference in New Issue View Git Blame Copy Permalink