8000 address code concerns · devnexen/php-src@034e029 · GitHub
[go: up one dir, main page]
Skip to content

Commit 034e029

Browse files
devnexendevnexen
committed
address code concerns
1 parent a889885 commit 034e029

File tree

1 file changed

+22
-16
lines changed

1 file changed

+22
-16
lines changed

ext/sockets/sockets.c

Lines changed: 22 additions & 16 deletions
< 10000 td data-grid-cell-id="diff-730277882c3c62cdfd15a1aef5ec7a1f2b7ca427deb89f432d44785c5869a311-1835-1839-0" data-selected="false" role="gridcell" style="background-color:var(--bgColor-default);text-align:center" tabindex="-1" valign="top" class="focusable-grid-cell diff-line-number position-relative diff-line-number-neutral left-side">1835
Original file line numberDiff line numberDiff line change
@@ -1697,7 +1697,7 @@ PHP_FUNCTION(socket_recvfrom)
16971697
zval *addr = arg5;
16981698
zval *index = arg6;
16991699
if (recv_flags > 0 && (recv_flags & ~(MSG_PEEK|MSG_DONTWAIT|MSG_ERRQUEUE))) {
1700-
zend_argument_value_error(4, "must set one the flags MSG_PEEK, MSG_DONTWAIT, MSG_ERRQUEUE");
1700+
zend_argument_value_error(4, "must be 0 or more of MSG_PEEK, MSG_DONTWAIT, MSG_ERRQUEUE");
17011701
zend_string_efree(recv_buf);
17021702
RETURN_THROWS();
17031703
}
@@ -1768,10 +1768,12 @@ PHP_FUNCTION(socket_recvfrom)
17681768
}
17691769
struct iphdr ip;
17701770
memcpy(&ip, ether_hdr_buf.buf, sizeof(ip));
1771+
struct php_socket_chunk ip_hdr_buf;
1772+
memcpy(&ip_hdr_buf, &ether_hdr_buf, sizeof(struct php_socket_chunk));
17711773
size_t tlayer = ip.ihl * 4;
17721774
size_t totalip = ntohs(ip.tot_len);
17731775

1774-
if (php_socket_get_chunk(&ether_hdr_buf, &raw_buf, tlayer, totalip)) {
1776+
if (php_socket_get_chunk(&ip_hdr_buf, &raw_buf, tlayer, totalip)) {
17751777
zval_ptr_dtor(&obj);
17761778
zend_string_efree(recv_buf);
17771779
zend_value_error("invalid transport header length");
@@ -1785,30 +1787,30 @@ PHP_FUNCTION(socket_recvfrom)
17851787
zend_update_property_string(Z_OBJCE(zpayload), Z_OBJ(zpayload), ZEND_STRL("srcAddr"), inet_ntoa(s));
17861788
zend_update_property_string(Z_OBJCE(zpayload), Z_OBJ(zpayload), ZEND_STRL("dstAddr"), inet_ntoa(d));
17871789
zend_update_property_long(Z_OBJCE(zpayload), Z_OBJ(zpayload), ZEND_STRL("headerSize"), totalip);
1788-
zend_update_property_stringl(Z_OBJCE(zpayload), Z_OBJ(zpayload), ZEND_STRL("rawPacket"), (char *)ether_hdr_buf.buf, ether_hdr_buf.chunk_len);
1790+
zend_update_property_stringl(Z_OBJCE(zpayload), Z_OBJ(zpayload), ZEND_STRL("rawPacket"), (char *)ether_hdr_buf.buf, ether_hdr_buf.buf_len);
17891791

17901792
switch (ip.protocol) {
17911793
case IPPROTO_TCP: {
1792-
if (php_socket_get_chunk(&ether_hdr_buf, &raw_buf, tlayer, sizeof(struct tcphdr)) == FAILURE) {
1794+
if (php_socket_get_chunk(&ip_hdr_buf, &raw_buf, tlayer, sizeof(struct tcphdr)) == FAILURE) {
17931795
zval_ptr_dtor(&zpayload);
17941796
zval_ptr_dtor(&obj);
17951797
zend_string_efree(recv_buf);
17961798
zend_value_error("invalid tcp frame buffer length");
17971799
RETURN_THROWS();
17981800
}
1799-
php_socket_afpacket_add_tcp(ether_hdr_buf.buf, sll, ifrname, &szpayload, &zpayload);
1801+
php_socket_afpacket_add_tcp(ip_hdr_buf.buf, sll, ifrname, &szpayload, &zpayload);
18001802
break;
18011803
}
18021804
case IPPROTO_UDP: {
1803-
if (php_socket_get_chunk(&ether_hdr_buf, &raw_buf, tlayer, sizeof(struct udphdr)) == FAILURE) {
1805+
if (php_socket_get_chunk(&ip_hdr_buf, &raw_buf, tlayer, sizeof(struct udphdr)) == FAILURE) {
18041806
zend_update_property(Z_OBJCE(obj), Z_OBJ(obj), ZEND_STRL("payload"), &zpayload);
18051807
zend_update_property_stringl(Z_OBJCE(obj), Z_OBJ(obj), ZEND_STRL("rawPacket"), ZSTR_VAL(recv_buf), ZSTR_LEN(recv_buf));
18061808
Z_DELREF_P(&zpayload);
18071809
zend_string_efree(recv_buf);
18081810
zend_value_error("invalid udp frame buffer length");
18091811
RETURN_THROWS();
18101812
}
1811-
php_socket_afpacket_add_udp(ether_hdr_buf.buf, sll, ifrname, &szpayload, &zpayload);
1813+
php_socket_afpacket_add_udp(ip_hdr_buf.buf, sll, ifrname, &szpayload, &zpayload);
18121814
break;
18131815
}
18141816
default:
@@ -1821,7 +1823,9 @@ PHP_FUNCTION(socket_recvfrom)
18211823
break;
18221824
}
18231825
case ETH_P_IPV6: {
1824-
if (php_socket_get_chunk(&ether_hdr_buf, &raw_buf, ETH_HLEN, sizeof(struct ipv6hdr)) == FAILURE) {
1826+
struct php_socket_chunk ip_hdr_buf;
1827+
memcpy(&ip_hdr_buf, &ether_hdr_buf, sizeof(struct php_socket_chunk));
1828+
if (php_socket_get_chunk(&ip_hdr_buf, &raw_buf, ETH_HLEN, sizeof(struct ipv6hdr)) == FAILURE) {
18251829
zval_ptr_dtor(&obj);
18261830
zend_string_efree(recv_buf);
18271831
zend_value_error("invalid ipv6 frame buffer length");
@@ -1830,10 +1834,10 @@ PHP_FUNCTION(socket_recvfrom)
18301834
struct ipv6hdr ip;
18311835
memcpy(&ip, ether_hdr_buf.buf, sizeof(ip));
18321836
size_t totalip = sizeof(ip) + ip.payload_len;
1833-
if (totalip < slen) {
1837+
if (totalip > ether_hdr_buf.buf_len) {
18341838
zval_ptr_dtor(&obj);
1839
zend_string_efree(recv_buf);
1836-
zend_value_error("invalid transport header length");
1840+
zend_value_error("invalid ipv6 payload length");
18371841
RETURN_THROWS();
18381842
}
18391843
char s[INET6_ADDRSTRLEN], d[INET6_ADDRSTRLEN];
@@ -1849,25 +1853,25 @@ PHP_FUNCTION(socket_recvfrom)
18491853

18501854
switch (ipprotocol) {
18511855
case IPPROTO_TCP: {
1852-
if (php_socket_get_chunk(&ether_hdr_buf, &raw_buf, sizeof(ip), sizeof(struct tcphdr)) == FAILURE) {
1856+
if (php_socket_get_chunk(&ip_hdr_buf, &raw_buf, sizeof(ip), sizeof(struct tcphdr)) == FAILURE) {
18531857
zval_ptr_dtor(&zpayload);
18541858
zval_ptr_dtor(&obj);
18551859
zend_string_efree(recv_buf);
18561860
zend_value_error("invalid tcp frame buffer length");
18571861
RETURN_THROWS();
18581862
}
1859-
php_socket_afpacket_add_tcp(ether_hdr_buf.buf, sll, ifrname, &szpayload, &zpayload);
1863+
php_socket_afpacket_add_tcp(ip_hdr_buf.buf, sll, ifrname, &szpayload, &zpayload);
18601864
break;
18611865
}
18621866
case IPPROTO_UDP: {
1863-
if (php_socket_get_chunk(&ether_hdr_buf, &raw_buf, sizeof(ip), sizeof(struct udphdr)) == FAILURE) {
1867+
if (php_socket_get_chunk(&ip_hdr_buf, &raw_buf, sizeof(ip), sizeof(struct udphdr)) == FAILURE) {
18641868
zval_ptr_dtor(&zpayload);
18651869
zval_ptr_dtor(&obj);
18661870
zend_string_efree(recv_buf);
18671871
zend_value_error("invalid udp frame buffer length");
18681872
RETURN_THROWS();
18691873
}
1870-
php_socket_afpacket_add_udp(ether_hdr_buf.buf, sll, ifrname, &szpayload, &zpayload);
1874+
php_socket_afpacket_add_udp(ip_hdr_buf.buf, sll, ifrname, &szpayload, &zpayload);
18711875
break;
18721876
}
18731877
// TODO IPPROTO_ICMPV6 support
@@ -1889,7 +1893,9 @@ PHP_FUNCTION(socket_recvfrom)
18891893
RETURN_THROWS();
18901894
}
18911895
struct ethhdr innere;
1892-
if ((char *)ether_hdr_buf.buf + sizeof(innere) < ZSTR_VAL(recv_buf) + slen) {
1896+
struct php_socket_chunk eth_loop_hdr;
1897+
memcpy(&eth_loop_hdr, &ether_hdr_buf, sizeof(struct php_socket_chunk));
1898+
if ((char *)eth_loop_hdr.buf + sizeof(innere) < ZSTR_VAL(recv_buf) + slen) {
18931899
zval_ptr_dtor(&zpayload);
18941900
zval_ptr_dtor(&obj);
18951901
zend_string_efree(recv_buf);
@@ -1904,7 +1910,7 @@ PHP_FUNCTION(socket_recvfrom)
19041910
zend_update_property_string(Z_OBJCE(zpayload), Z_OBJ(zpayload), ZEND_STRL("dstMac"), ether_ntoa((struct ether_addr *)innere.h_dest));
19051911
zend_update_property_long(Z_OBJCE(zpayload), Z_OBJ(zpayload), ZEND_STRL("headerSize"), ETH_HLEN);
19061912
zend_update_property(Z_OBJCE(zpayload), Z_OBJ(zpayload), ZEND_STRL("socket"), socket);
1907-
zend_update_property_stringl(Z_OBJCE(zpayload), Z_OBJ(zpayload), ZEND_STRL("rawPacket"), (char *)ether_hdr_buf.buf, ether_hdr_buf.chunk_len);
1913+
zend_update_property_stringl(Z_OBJCE(zpayload), Z_OBJ(zpayload), ZEND_STRL("rawPacket"), (char *)ether_hdr_buf.buf, ether_hdr_buf.buf_len);
19081914
zend_update_property(Z_OBJCE(zpayload), Z_OBJ(zpayload), ZEND_STRL("payload"), &innerp);
19091915
zend_update_property_long(Z_OBJCE(zpayload), Z_OBJ(zpayload), ZEND_STRL("ethProtocol"), 0);
19101916
break;

0 commit comments

Comments
 (0)
0