Adapted for 5.4.16 from From 1494298231072d5991e76db5ef25f20e81018106 Mon Sep 17 00:00:00 2001 From: Rasmus Lerdorf Date: Sun, 20 Oct 2013 08:55:48 -0700 Subject: [PATCH] Minor Coverity tweaks --- ext/ftp/ftp.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ext/ftp/ftp.c b/ext/ftp/ftp.c index 58d3c2e..4da8d60 100644 --- a/ext/ftp/ftp.c +++ b/ext/ftp/ftp.c @@ -1635,7 +1635,7 @@ ftp_genlist(ftpbuf_t *ftp, const char *cmd, const char *path TSRMLS_DC) if (ftp->resp == 226) { ftp->data = data_close(ftp, data); php_stream_close(tmpstream); - return ecalloc(1, sizeof(char**)); + return ecalloc(1, sizeof(char*)); } /* pull data buffer into tmpfile */ @@ -1663,11 +1663,11 @@ ftp_genlist(ftpbuf_t *ftp, const char *cmd, const char *path TSRMLS_DC) } } - ftp->data = data = data_close(ftp, data); + ftp->data = data_close(ftp, data); php_stream_rewind(tmpstream); - ret = safe_emalloc((lines + 1), sizeof(char**), size * sizeof(char*)); + ret = safe_emalloc((lines + 1), sizeof(char*), size * sizeof(char*)); entry = ret; text = (char*) (ret + lines + 1); -- 2.1.4 From 8f4a6d6e1b6c36259a5dc865d16f0dad76f2f2c9 Mon Sep 17 00:00:00 2001 From: Rasmus Lerdorf Date: Sun, 20 Oct 2013 09:36:50 -0700 Subject: [PATCH] Clean up this weird safe_emalloc() call --- ext/ftp/ftp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ext/ftp/ftp.c b/ext/ftp/ftp.c index 4da8d60..b82017e 100644 --- a/ext/ftp/ftp.c +++ b/ext/ftp/ftp.c @@ -1667,7 +1667,7 @@ ftp_genlist(ftpbuf_t *ftp, const char *cmd, const char *path TSRMLS_DC) php_stream_rewind(tmpstream); - ret = safe_emalloc((lines + 1), sizeof(char*), size * sizeof(char*)); + ret = safe_emalloc((lines + 1), sizeof(char*), size); entry = ret; text = (char*) (ret + lines + 1); -- 2.1.4 From ac2832935435556dc593784cd0087b5e576bbe4d Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Wed, 29 Apr 2015 21:57:33 -0700 Subject: [PATCH] Fix bug #69545 - avoid overflow when reading list --- ext/ftp/ftp.c | 82 +++++++++++++++++++++++++++++------------------------------ 1 file changed, 41 insertions(+), 41 deletions(-) diff --git a/ext/ftp/ftp.c b/ext/ftp/ftp.c index 3ff54ff..53560eb 100644 --- a/ext/ftp/ftp.c +++ b/ext/ftp/ftp.c @@ -1603,8 +1603,8 @@ ftp_genlist(ftpbuf_t *ftp, const char *cmd, const char *path TSRMLS_DC) databuf_t *data = NULL; char *ptr; int ch, lastch; - int size, rcvd; - int lines; + size_t size, rcvd; + size_t lines; char **ret = NULL; char **entry; char *text; @@ -1646,7 +1646,7 @@ ftp_genlist(ftpbuf_t *ftp, const char *cmd, const char *path TSRMLS_DC) lines = 0; lastch = 0; while ((rcvd = my_recv(ftp, data->fd, data->buf, FTP_BUFSIZE))) { - if (rcvd == -1) { + if (rcvd == -1 || rcvd > ((size_t)(-1))-size) { goto bail; } -- 2.1.4 From 0765623d6991b62ffcd93ddb6be8a5203a2fa7e2 Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Sun, 31 May 2015 17:23:06 -0700 Subject: [PATCH] improve fix for Bug #69545 --- NEWS | 4 ++++ ext/ftp/ftp.c | 2 -- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/ext/ftp/ftp.c b/ext/ftp/ftp.c index 53560eb..50d8def 100644 --- a/ext/ftp/ftp.c +++ b/ext/ftp/ftp.c @@ -1656,8 +1656,6 @@ ftp_genlist(ftpbuf_t *ftp, const char *cmd, const char *path TSRMLS_DC) for (ptr = data->buf; rcvd; rcvd--, ptr++) { if (*ptr == '\n' && lastch == '\r') { lines++; - } else { - size++; } lastch = *ptr; } -- 2.1.4