From nobody Sun May 5 02:34:39 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1512579302256191.5268467033518; Wed, 6 Dec 2017 08:55:02 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 2D2123A250; Wed, 6 Dec 2017 16:55:01 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id EDCCF68D77; Wed, 6 Dec 2017 16:55:00 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id A30AE180474A; Wed, 6 Dec 2017 16:55:00 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id vB6Gt0UI028172 for ; Wed, 6 Dec 2017 11:55:00 -0500 Received: by smtp.corp.redhat.com (Postfix) id 1A8435C3FD; Wed, 6 Dec 2017 16:55:00 +0000 (UTC) Received: from mx1.redhat.com (ext-mx10.extmail.prod.ext.phx2.redhat.com [10.5.110.39]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 149145C1A3 for ; Wed, 6 Dec 2017 16:54:57 +0000 (UTC) Received: from mail-qt0-f171.google.com (mail-qt0-f171.google.com [209.85.216.171]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id E109961474 for ; Wed, 6 Dec 2017 16:54:55 +0000 (UTC) Received: by mail-qt0-f171.google.com with SMTP id i40so10454912qti.8 for ; Wed, 06 Dec 2017 08:54:55 -0800 (PST) Received: from dawid-fedora.datto.lan ([47.19.105.250]) by smtp.gmail.com with ESMTPSA id u21sm1849816qku.8.2017.12.06.08.54.53 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 06 Dec 2017 08:54:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=datto-com.20150623.gappssmtp.com; s=20150623; h=from:to:subject:date:message-id; bh=zmr3elZQto5ZGqkaj99M82+EdBwVCmysyPDvzC3Rhw4=; b=CgCRTFJllsBg+bhZly9qtu2ndTcnOTZTZ9+PrE12mB6R4hKXqvVwpK+m9d5Jz9oXlw NXJwYSlevcGRsYCYv6b2Y6mZbprvBoxSZY8F4yaEMVmBAp/uTqpJnTe+7chGsuROUi+y yycLN0NjKKeIyHrOTxDMHSlTR5+TpYqmEJPChDrZutAc5FDiafDR+y0qJe3r74mToTCn db7+iLSWjp2JLfc7CmvLRosMdvU+33EZp2nrXaRSP9eaZLyYnP03dj9PnCFRHbPM0Sfh LaHnQXGGbaSsAqnNJ1ZXJyQWf+qH6dBlPnbEiJH4d6TXRWW+QefpLwsjapSxLEV+ur3E 7g3w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id; bh=zmr3elZQto5ZGqkaj99M82+EdBwVCmysyPDvzC3Rhw4=; b=R0PiybMTQQv3CAUtA6oa02os9GvupSWS+etuwMHQIiOgRMgzpI6i02F2tHUtdtyj0k 5/dC535XpCi6LfDbjkxUZAn1TDGFvhl7GeZ5Ik1QOr+IV45zfFh9IaYJVAbb/C1BSJm9 Nr3Q13lNSIt/xTtPFEKflZNYhWL4Ly/2XnHLPNogV+Lxsdw4I+W8oYU6CjUP0YWXk34s sXJSXY0vxFP5HUsFuo6PtfjC03ayQsubzm/UYgdtQeAJ42hZAm5MUg0mOGhZaXH71XLi sN8NhYy4S76TBO3v8IaZ0cqnpqC/PfH4JFpNlPn9hZvJ4Tk50PTbtSwLufYk1ZayhLmx xSUw== X-Gm-Message-State: AKGB3mJBaSbLFr6xSnTHcr9w+gRX260LX7FyBvIHMePAV9ZHpdWlh7rR GyLLCswWMzFuscQU3M3h7LwD3v3TuQE= X-Google-Smtp-Source: AGs4zMbeKJIt9COLOgy7Vs96cHbLeKa4wz7JCCe57xOWIJXGENuGRoUCK4ruZoqhkJTBYswo4nzNnA== X-Received: by 10.55.18.102 with SMTP id c99mr25721485qkh.337.1512579294679; Wed, 06 Dec 2017 08:54:54 -0800 (PST) From: Dawid Zamirski To: libvir-list@redhat.com Date: Wed, 6 Dec 2017 11:54:52 -0500 Message-Id: <20171206165452.14967-1-dzamirski@datto.com> X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Wed, 06 Dec 2017 16:54:56 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Wed, 06 Dec 2017 16:54:56 +0000 (UTC) for IP:'209.85.216.171' DOMAIN:'mail-qt0-f171.google.com' HELO:'mail-qt0-f171.google.com' FROM:'dzamirski@datto.com' RCPT:'' X-RedHat-Spam-Score: -0.031 (DKIM_SIGNED, DKIM_VALID, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_PASS) 209.85.216.171 mail-qt0-f171.google.com 209.85.216.171 mail-qt0-f171.google.com X-Scanned-By: MIMEDefang 2.78 on 10.5.110.39 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH php v2] Fix crash in VIRT_HASH_CURRENT_KEY_INFO macro X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Wed, 06 Dec 2017 16:55:01 +0000 (UTC) X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" The PHP7 variant of the macro wasn't safe if the hash key was not a string type. This was found when running php script with just libvirt_connect call under xdebug session which segfaulted. This patch makes the following changes: * make sure that tmp_name is initialized to NULL * set the key name only when zend_hash_get_current_key_ex did set it to something which happens only when type is HASH_KEY_IS_STRING * stash the key index in out php_libvirt_hash_key_info struct because it wasn't there before and separate variable had to be used. --- v1: https://www.redhat.com/archives/libvir-list/2017-December/msg00151.html Changes since v1: * use zend_ulong in php_libvirt_hash_key_info struct so that no type cast is needed src/libvirt-connection.c | 8 +++----- src/libvirt-php.c | 6 ++---- src/libvirt-php.h | 1 + src/util.h | 16 +++++++++------- 4 files changed, 15 insertions(+), 16 deletions(-) diff --git a/src/libvirt-connection.c b/src/libvirt-connection.c index 181b266..2d59d82 100644 --- a/src/libvirt-connection.c +++ b/src/libvirt-connection.c @@ -131,8 +131,6 @@ PHP_FUNCTION(libvirt_connect) HashPosition pointer; int array_count; =20 - zend_ulong index; - unsigned long libVer; =20 if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|sba", &url, &ur= l_len, &readonly, &zcreds) =3D=3D FAILURE) { @@ -176,13 +174,13 @@ PHP_FUNCTION(libvirt_connect) VIRT_FOREACH(arr_hash, pointer, data) { if (Z_TYPE_P(data) =3D=3D IS_STRING) { php_libvirt_hash_key_info info; - VIRT_HASH_CURRENT_KEY_INFO(arr_hash, pointer, index, info); + VIRT_HASH_CURRENT_KEY_INFO(arr_hash, pointer, info); =20 if (info.type =3D=3D HASH_KEY_IS_STRING) { PHPWRITE(info.name, info.length); } else { - DPRINTF("%s: credentials index %d\n", PHPFUNC, (int)in= dex); - creds[j].type =3D index; + DPRINTF("%s: credentials index %d\n", PHPFUNC, info.in= dex); + creds[j].type =3D info.index; creds[j].result =3D (char *)emalloc(Z_STRLEN_P(data) += 1); memset(creds[j].result, 0, Z_STRLEN_P(data) + 1); creds[j].resultlen =3D Z_STRLEN_P(data); diff --git a/src/libvirt-php.c b/src/libvirt-php.c index ef057fe..efbef58 100644 --- a/src/libvirt-php.c +++ b/src/libvirt-php.c @@ -1921,7 +1921,6 @@ long get_next_free_numeric_value(virDomainPtr domain,= char *xpath) HashPosition pointer; // int array_count; zval *data; - unsigned long index; long max_slot =3D -1; =20 xml =3D virDomainGetXMLDesc(domain, VIR_DOMAIN_XML_INACTIVE); @@ -1934,7 +1933,7 @@ long get_next_free_numeric_value(virDomainPtr domain,= char *xpath) VIRT_FOREACH(arr_hash, pointer, data) { if (Z_TYPE_P(data) =3D=3D IS_STRING) { php_libvirt_hash_key_info info; - VIRT_HASH_CURRENT_KEY_INFO(arr_hash, pointer, index, info); + VIRT_HASH_CURRENT_KEY_INFO(arr_hash, pointer, info); =20 if (info.type !=3D HASH_KEY_IS_STRING) { long num =3D -1; @@ -2439,7 +2438,6 @@ void parse_array(zval *arr, tVMDisk *disk, tVMNetwork= *network) zval *data; php_libvirt_hash_key_info key; HashPosition pointer; - unsigned long index; =20 arr_hash =3D Z_ARRVAL_P(arr); //array_count =3D zend_hash_num_elements(arr_hash); @@ -2451,7 +2449,7 @@ void parse_array(zval *arr, tVMDisk *disk, tVMNetwork= *network) =20 VIRT_FOREACH(arr_hash, pointer, data) { if ((Z_TYPE_P(data) =3D=3D IS_STRING) || (Z_TYPE_P(data) =3D=3D IS= _LONG)) { - VIRT_HASH_CURRENT_KEY_INFO(arr_hash, pointer, index, key); + VIRT_HASH_CURRENT_KEY_INFO(arr_hash, pointer, key); if (key.type =3D=3D HASH_KEY_IS_STRING) { if (disk !=3D NULL) { if ((Z_TYPE_P(data) =3D=3D IS_STRING) && strcmp(key.na= me, "path") =3D=3D 0) diff --git a/src/libvirt-php.h b/src/libvirt-php.h index 8d13a6b..aea43a2 100644 --- a/src/libvirt-php.h +++ b/src/libvirt-php.h @@ -137,6 +137,7 @@ typedef struct tVMNetwork { typedef struct _php_libvirt_hash_key_info { char *name; unsigned int length; + zend_ulong index; unsigned int type; } php_libvirt_hash_key_info; =20 diff --git a/src/util.h b/src/util.h index ecb3a1f..fcd4075 100644 --- a/src/util.h +++ b/src/util.h @@ -135,12 +135,14 @@ =20 # define VIRT_FOREACH_END(_dummy) =20 -# define VIRT_HASH_CURRENT_KEY_INFO(_ht, _pos, _idx, _info) \ +# define VIRT_HASH_CURRENT_KEY_INFO(_ht, _pos, _info) \ do { \ - zend_string *tmp_key_info; \ - _info.type =3D zend_hash_get_current_key_ex(_ht, &tmp_key_info, &_idx,= &_pos); \ - _info.name =3D ZSTR_VAL(tmp_key_info); \ - _info.length =3D ZSTR_LEN(tmp_key_info); \ + zend_string *tmp_name =3D NULL; \ + _info.type =3D zend_hash_get_current_key_ex(_ht, &tmp_name, &_info.ind= ex, &_pos); \ + if (tmp_name) { \ + _info.name =3D ZSTR_VAL(tmp_name); \ + _info.length =3D ZSTR_LEN(tmp_name); \ + } \ } while(0) =20 # define VIRT_ARRAY_INIT(_name) do { \ @@ -213,9 +215,9 @@ # define VIRT_FOREACH_END(_dummy) \ }} =20 -# define VIRT_HASH_CURRENT_KEY_INFO(_ht, _pos, _idx, _info) \ +# define VIRT_HASH_CURRENT_KEY_INFO(_ht, _pos, _info) \ do { \ - _info.type =3D zend_hash_get_current_key_ex(_ht, &_info.name, &_info.l= ength, &_idx, 0, &_pos); \ + _info.type =3D zend_hash_get_current_key_ex(_ht, &_info.name, &_info.l= ength, &_info.index, 0, &_pos); \ } while(0) =20 # define VIRT_ARRAY_INIT(_name) do {\ --=20 2.14.3 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list