phpdbg: couple of network function return checks. Possible

devnexen · smalyshev · commit 19350b6b7398 · 2016-09-04T23:18:51.000-07:00
overflow when copy the socket_path configuration.
diff --git a/ext/session/mod_files.c b/ext/session/mod_files.c
@@ -296,6 +296,7 @@ static int ps_files_cleanup_dir(const char *dirname, zend_long maxlifetime)
 
 	if (dirname_len >= MAXPATHLEN) {
 		php_error_docref(NULL, E_NOTICE, "ps_files_cleanup_dir: dirname(%s) is too long", dirname);
+		closedir(dir);
 		return (0);
 	}
 
diff --git a/sapi/phpdbg/phpdbg_wait.c b/sapi/phpdbg/phpdbg_wait.c
@@ -248,8 +248,10 @@ void phpdbg_webdata_decompress(char *msg, int len) {
 		extension = (zend_extension *) zend_llist_get_first_ex(&zend_extensions, &pos);
 		while (extension) {
 			extension = (zend_extension *) zend_llist_get_next_ex(&zend_extensions, &pos);
+			if (extension == NULL){
+				break;
+			}
 
-			/* php_serach_array() body should be in some ZEND_API function... */
 			ZEND_HASH_FOREACH_STR_KEY_PTR(Z_ARRVAL_P(zvp), strkey, name) {
 				if (Z_TYPE_P(name) == IS_STRING && !zend_binary_strcmp(extension->name, strlen(extension->name), Z_STRVAL_P(name), Z_STRLEN_P(name))) {
 					break;
@@ -344,9 +346,16 @@ PHPDBG_COMMAND(wait) /* {{{ */
 	if (PHPDBG_G(socket_server_fd) == -1) {
 		int len;
 		PHPDBG_G(socket_server_fd) = sl = socket(AF_UNIX, SOCK_STREAM, 0);
+		if (sl == -1) {
+			phpdbg_error("wait", "type=\"nosocket\" import=\"fail\"", "Unable to open a socket to UNIX domain socket at %s defined by phpdbg.path ini setting", PHPDBG_G(socket_path));
+			return FAILURE;
+		}
 
 		local.sun_family = AF_UNIX;
-		strcpy(local.sun_path, PHPDBG_G(socket_path));
+		if (strlcpy(local.sun_path, PHPDBG_G(socket_path), sizeof(local.sun_path)) > sizeof(local.sun_path)) {
+			phpdbg_error("wait", "type=\"nosocket\" import=\"fail\"", "Socket at %s defined by phpdbg.path ini setting is too long", PHPDBG_G(socket_path));
+			return FAILURE;
+		}
 		len = strlen(local.sun_path) + sizeof(local.sun_family);
 		if (bind(sl, (struct sockaddr *)&local, len) == -1) {
 			phpdbg_error("wait", "type=\"nosocket\" import=\"fail\"", "Unable to connect to UNIX domain socket at %s defined by phpdbg.path ini setting", PHPDBG_G(socket_path));
@@ -362,6 +371,11 @@ PHPDBG_COMMAND(wait) /* {{{ */
 
 	rlen = sizeof(remote);
 	sr = accept(sl, (struct sockaddr *) &remote, (socklen_t *) &rlen);
+	if (sr == -1) {
+		phpdbg_error("wait", "type=\"nosocket\" import=\"fail\"", "Unable to create a connection to UNIX domain socket at %s defined by phpdbg.path ini setting", PHPDBG_G(socket_path));
+		close(PHPDBG_G(socket_server_fd));
+		return FAILURE;
+	}
 
 	char msglen[5];
 	int recvd = 4;

Original file line number	Diff line number	Diff line change
`@@ -296,6 +296,7 @@ static int ps_files_cleanup_dir(const char *dirname, zend_long maxlifetime)`
`296`	`296`
`297`	`297`	`if (dirname_len >= MAXPATHLEN) {`
`298`	`298`	`php_error_docref(NULL, E_NOTICE, "ps_files_cleanup_dir: dirname(%s) is too long", dirname);`
	`299`	`+ closedir(dir);`
`299`	`300`	`return (0);`
`300`	`301`	`}`
`301`	`302`