Permalink
Browse files

- Better fix for #34505 and related, drop zend_unmangle_property_name…

…_ex()
  • Loading branch information...
1 parent 53d297a commit 519ed8e13be3a239318ed6d224e15b2fff090398 Marcus Boerger committed Jul 24, 2006
View
@@ -131,7 +131,7 @@ static void print_hash(zend_write_func_t write_func, HashTable *ht, int indent,
if (is_object) {
char *prop_name, *class_name;
- zend_unmangle_property_name_ex(string_key, str_len, &class_name, &prop_name);
+ zend_unmangle_property_name(string_key, str_len-1, &class_name, &prop_name);
ZEND_PUTS_EX(prop_name);
if (class_name) {
if (class_name[0]=='*') {
@@ -723,7 +723,7 @@ static void add_class_vars(zend_class_entry *ce, HashTable *properties, zval *re
zend_hash_get_current_key_ex(properties, &key, &key_len, &num_index, 0, &pos);
zend_hash_move_forward_ex(properties, &pos);
- zend_unmangle_property_name_ex(key, key_len, &class_name, &prop_name);
+ zend_unmangle_property_name(key, key_len-1, &class_name, &prop_name);
if (class_name) {
if (class_name[0] != '*' && strcmp(class_name, ce->name)) {
/* filter privates from base classes */
@@ -820,7 +820,7 @@ ZEND_FUNCTION(get_object_vars)
(*value)->refcount++;
add_assoc_zval_ex(return_value, key, key_len, *value);
} else if (instanceof) {
- zend_unmangle_property_name_ex(key, key_len, &class_name, &prop_name);
+ zend_unmangle_property_name(key, key_len-1, &class_name, &prop_name);
if (!memcmp(class_name, "*", 2) || (Z_OBJCE_P(EG(This)) == Z_OBJCE_PP(obj) && !strcmp(Z_OBJCE_P(EG(This))->name, class_name))) {
/* Not separating references */
(*value)->refcount++;
@@ -969,7 +969,7 @@ ZEND_FUNCTION(property_exists)
if (property_info->flags & ZEND_ACC_PUBLIC) {
RETURN_TRUE;
}
- zend_unmangle_property_name_ex(property_info->name, property_info->name_length, &class_name, &prop_name);
+ zend_unmangle_property_name(property_info->name, property_info->name_length, &class_name, &prop_name);
if (!strncmp(class_name, "*", 1)) {
if (instanceof_function(EG(scope), ce TSRMLS_CC)) {
RETURN_TRUE;
View
@@ -2116,7 +2116,7 @@ static zend_bool do_inherit_property_access_check(HashTable *target_ht, zend_pro
if (zend_hash_find(&ce->default_static_members, child_info->name, child_info->name_length+1, (void**)&new_prop) == SUCCESS) {
if (Z_TYPE_PP(new_prop) != IS_NULL && Z_TYPE_PP(prop) != IS_NULL) {
char *prop_name, *tmp;
- zend_unmangle_property_name_ex(child_info->name, child_info->name_length, &tmp, &prop_name);
+ zend_unmangle_property_name(child_info->name, child_info->name_length, &tmp, &prop_name);
zend_error(E_COMPILE_ERROR, "Cannot change initial value of property static protected %s::$%s in class %s",
parent_ce->name, prop_name, ce->name);
@@ -2901,29 +2901,38 @@ ZEND_API void zend_mangle_property_name(char **dest, int *dest_length, char *src
}
-ZEND_API void zend_unmangle_property_name_ex(char *mangled_property, int mangled_property_len, char **class_name, char **prop_name)
+static int zend_strnlen(const char* s, int maxlen)
{
- *prop_name = *class_name = NULL;
-
- if (mangled_property_len < 2) { /* do not try to unmangle empty strings */
- *prop_name = mangled_property;
- return;
- }
-
- zend_unmangle_property_name(mangled_property, class_name, prop_name);
+ int len = 0;
+ while (*s++ && maxlen--) len++;
+ return len;
}
-ZEND_API void zend_unmangle_property_name(char *mangled_property, char **class_name, char **prop_name)
+ZEND_API int zend_unmangle_property_name(char *mangled_property, int len, char **class_name, char **prop_name)
{
- *prop_name = *class_name = NULL;
+ int class_name_len;
+
+ *class_name = NULL;
if (mangled_property[0]!=0) {
*prop_name = mangled_property;
- return;
+ return SUCCESS;
+ }
+ if (len < 3) {
+ zend_error(E_NOTICE, "Illegal member variable name");
+ *prop_name = mangled_property;
+ return FAILURE;
}
+ class_name_len = zend_strnlen(mangled_property+1, --len - 1) + 1;
+ if (class_name_len >= len || mangled_property[class_name_len]!=0) {
+ zend_error(E_NOTICE, "Corrupt member variable name");
+ *prop_name = mangled_property;
+ return FAILURE;
+ }
*class_name = mangled_property+1;
- *prop_name = (*class_name)+strlen(*class_name)+1;
+ *prop_name = (*class_name)+class_name_len;
+ return SUCCESS;
}
void zend_do_declare_property(znode *var_name, znode *value, zend_uint access_type TSRMLS_DC)
View
@@ -528,8 +528,7 @@ ZEND_API void destroy_zend_class(zend_class_entry **pce);
void zend_class_add_ref(zend_class_entry **ce);
ZEND_API void zend_mangle_property_name(char **dest, int *dest_length, char *src1, int src1_length, char *src2, int src2_length, int internal);
-ZEND_API void zend_unmangle_property_name(char *mangled_property, char **prop_name, char **class_name);
-ZEND_API void zend_unmangle_property_name_ex(char *mangled_property, int mangled_property_len, char **prop_name, char **class_name);
+ZEND_API int zend_unmangle_property_name(char *mangled_property, int mangled_property_len, char **prop_name, char **class_name);
#define ZEND_FUNCTION_DTOR (void (*)(void *)) zend_function_dtor
#define ZEND_CLASS_DTOR (void (*)(void *)) destroy_zend_class
@@ -245,13 +245,13 @@ ZEND_API struct _zend_property_info *zend_get_property_info(zend_class_entry *ce
}
-ZEND_API int zend_check_property_access(zend_object *zobj, char *prop_info_name TSRMLS_DC)
+ZEND_API int zend_check_property_access(zend_object *zobj, char *prop_info_name, int prop_info_name_len TSRMLS_DC)
{
zend_property_info *property_info;
char *class_name, *prop_name;
zval member;
- zend_unmangle_property_name(prop_info_name, &class_name, &prop_name);
+ zend_unmangle_property_name(prop_info_name, prop_info_name_len, &class_name, &prop_name);
ZVAL_STRING(&member, prop_name, 0);
property_info = zend_get_property_info(zobj->ce, &member, 1 TSRMLS_CC);
if (!property_info) {
@@ -153,7 +153,7 @@ ZEND_API int zend_check_private(union _zend_function *fbc, zend_class_entry *ce,
ZEND_API int zend_check_protected(zend_class_entry *ce, zend_class_entry *scope);
-ZEND_API int zend_check_property_access(zend_object *zobj, char *prop_info_name TSRMLS_DC);
+ZEND_API int zend_check_property_access(zend_object *zobj, char *prop_info_name, int prop_info_name_len TSRMLS_DC);
ZEND_API void zend_std_call_user_call(INTERNAL_FUNCTION_PARAMETERS);
END_EXTERN_C()
View
@@ -3155,7 +3155,7 @@ ZEND_VM_HANDLER(77, ZEND_FE_RESET, CONST|TMP|VAR|CV, ANY)
key_type = zend_hash_get_current_key_ex(fe_ht, &str_key, &str_key_len, &int_key, 0, NULL);
if (key_type != HASH_KEY_NON_EXISTANT &&
- zend_check_property_access(zobj, str_key TSRMLS_CC) == SUCCESS) {
+ zend_check_property_access(zobj, str_key, str_key_len-1 TSRMLS_CC) == SUCCESS) {
break;
}
zend_hash_move_forward(fe_ht);
@@ -3214,9 +3214,9 @@ ZEND_VM_HANDLER(78, ZEND_FE_FETCH, VAR, ANY)
key_type = zend_hash_get_current_key_ex(fe_ht, &str_key, &str_key_len, &int_key, 0, NULL);
zend_hash_move_forward(fe_ht);
- } while (key_type == HASH_KEY_NON_EXISTANT || zend_check_property_access(zobj, str_key TSRMLS_CC) != SUCCESS);
+ } while (key_type == HASH_KEY_NON_EXISTANT || zend_check_property_access(zobj, str_key, str_key_len-1 TSRMLS_CC) != SUCCESS);
if (use_key) {
- zend_unmangle_property_name_ex(str_key, str_key_len, &class_name, &prop_name);
+ zend_unmangle_property_name(str_key, str_key_len-1, &class_name, &prop_name);
str_key_len = strlen(prop_name);
str_key = estrndup(prop_name, str_key_len);
str_key_len++;
View
@@ -2195,7 +2195,7 @@ static int ZEND_FE_RESET_SPEC_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
key_type = zend_hash_get_current_key_ex(fe_ht, &str_key, &str_key_len, &int_key, 0, NULL);
if (key_type != HASH_KEY_NON_EXISTANT &&
- zend_check_property_access(zobj, str_key TSRMLS_CC) == SUCCESS) {
+ zend_check_property_access(zobj, str_key, str_key_len-1 TSRMLS_CC) == SUCCESS) {
break;
}
zend_hash_move_forward(fe_ht);
@@ -4705,7 +4705,7 @@ static int ZEND_FE_RESET_SPEC_TMP_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
key_type = zend_hash_get_current_key_ex(fe_ht, &str_key, &str_key_len, &int_key, 0, NULL);
if (key_type != HASH_KEY_NON_EXISTANT &&
- zend_check_property_access(zobj, str_key TSRMLS_CC) == SUCCESS) {
+ zend_check_property_access(zobj, str_key, str_key_len-1 TSRMLS_CC) == SUCCESS) {
break;
}
zend_hash_move_forward(fe_ht);
@@ -7797,7 +7797,7 @@ static int ZEND_FE_RESET_SPEC_VAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
key_type = zend_hash_get_current_key_ex(fe_ht, &str_key, &str_key_len, &int_key, 0, NULL);
if (key_type != HASH_KEY_NON_EXISTANT &&
- zend_check_property_access(zobj, str_key TSRMLS_CC) == SUCCESS) {
+ zend_check_property_access(zobj, str_key, str_key_len-1 TSRMLS_CC) == SUCCESS) {
break;
}
zend_hash_move_forward(fe_ht);
@@ -7856,9 +7856,9 @@ static int ZEND_FE_FETCH_SPEC_VAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
key_type = zend_hash_get_current_key_ex(fe_ht, &str_key, &str_key_len, &int_key, 0, NULL);
zend_hash_move_forward(fe_ht);
- } while (key_type == HASH_KEY_NON_EXISTANT || zend_check_property_access(zobj, str_key TSRMLS_CC) != SUCCESS);
+ } while (key_type == HASH_KEY_NON_EXISTANT || zend_check_property_access(zobj, str_key, str_key_len-1 TSRMLS_CC) != SUCCESS);
if (use_key) {
- zend_unmangle_property_name_ex(str_key, str_key_len, &class_name, &prop_name);
+ zend_unmangle_property_name(str_key, str_key_len-1, &class_name, &prop_name);
str_key_len = strlen(prop_name);
str_key = estrndup(prop_name, str_key_len);
str_key_len++;
@@ -20249,7 +20249,7 @@ static int ZEND_FE_RESET_SPEC_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
key_type = zend_hash_get_current_key_ex(fe_ht, &str_key, &str_key_len, &int_key, 0, NULL);
if (key_type != HASH_KEY_NON_EXISTANT &&
- zend_check_property_access(zobj, str_key TSRMLS_CC) == SUCCESS) {
+ zend_check_property_access(zobj, str_key, str_key_len-1 TSRMLS_CC) == SUCCESS) {
break;
}
zend_hash_move_forward(fe_ht);

0 comments on commit 519ed8e

Please sign in to comment.