Fixed bug #40079 (php_get_current_user() not thread safe).

# Original patch from wharmby at uk dot ibm dot com

3 files changed, 18 insertions, 0 deletions

diff --git a/NEWS b/NEWS
index d94e3feeb6..e8caab387a 100644
--- a/NEWS
+++ b/NEWS
@@ -4,6 +4,8 @@ PHP                                                                        NEWS
 - Added CURLOPT_TCP_NODELAY constant to Curl extension. (Sara)
 - Improved proc_open(). Now on Windows it can run external commands not through
   CMD.EXE. (Dmitry)
+- Fixed bug #40079 (php_get_current_user() not thread safe). (Ilia, wharmby
+  at uk dot ibm dot com)
 - Fixed bug #40076 (zend_alloc.c: Value of enumeration constant must be in
   range of signed integer). (Dmitry)
 - Fixed bug #40073 (exif_read_data dies on certain images). (Tony, Marcus)
diff --git a/configure.in b/configure.in
index 58104ec816..c8eefea911 100644
--- a/configure.in
+++ b/configure.in
@@ -483,6 +483,7 @@ gettimeofday \
 gmtime_r \
 getpwnam_r \
 getgrnam_r \
+getpwuid_r \
 grantpt \
 inet_ntoa \
 inet_ntop \
diff --git a/main/safe_mode.c b/main/safe_mode.c
index 761afcb1ab..d87c3f3e3f 100644
--- a/main/safe_mode.c
+++ b/main/safe_mode.c
@@ -228,12 +228,27 @@ PHPAPI char *php_get_current_user()
 		return SG(request_info).current_user;		
 #else
 		struct passwd *pwd;
+#ifdef HAVE_GETPWUID_R
+		struct passwd _pw;
+		struct passwd *retpwptr = NULL;
+		int pwbuflen = sysconf(_SC_GETPW_R_SIZE_MAX);
+		char *pwbuf = emalloc(pwbuflen);
 
+		if (getpwuid_r(pstat->st_uid, &_pw, pwbuf, pwbuflen, &retpwptr) != 0) {
+			efree(pwbuf);
+			return "";
+		}
+		pwd = &_pw;
+#else
 		if ((pwd=getpwuid(pstat->st_uid))==NULL) {
 			return "";
 		}
+#endif
 		SG(request_info).current_user_length = strlen(pwd->pw_name);
 		SG(request_info).current_user = estrndup(pwd->pw_name, SG(request_info).current_user_length);
+#ifdef HAVE_GETPWUID_R
+		efree(pwbuf);
+#endif
 		return SG(request_info).current_user;		
 #endif
 	}