diff options
author | Anatol Belski <ab@php.net> | 2016-05-12 11:40:28 +0200 |
---|---|---|
committer | Anatol Belski <ab@php.net> | 2016-05-12 11:40:28 +0200 |
commit | 7f6e285430e8ec8109085a24978796fc99813498 (patch) | |
tree | 17044529d631f259c82b4933cfae7c0215bb2a2a | |
parent | 3797e570b20934236a186acc6dc7eda950c8d034 (diff) | |
download | php-git-7f6e285430e8ec8109085a24978796fc99813498.tar.gz |
Fixed bug #72197 pg_lo_create arbitrary read
-rw-r--r-- | ext/pgsql/pgsql.c | 4 | ||||
-rw-r--r-- | ext/pgsql/tests/bug72197.phpt | 35 |
2 files changed, 38 insertions, 1 deletions
diff --git a/ext/pgsql/pgsql.c b/ext/pgsql/pgsql.c index 76dfd2a9e5..8f0db26c92 100644 --- a/ext/pgsql/pgsql.c +++ b/ext/pgsql/pgsql.c @@ -3213,8 +3213,10 @@ PHP_FUNCTION(pg_lo_create) if (pgsql_link == NULL) { link = FETCH_DEFAULT_LINK(); CHECK_DEFAULT_LINK(link); - } else { + } else if ((Z_TYPE_P(pgsql_link) == IS_RESOURCE)) { link = Z_RES_P(pgsql_link); + } else { + link = NULL; } if ((pgsql = (PGconn *)zend_fetch_resource2(link, "PostgreSQL link", le_link, le_plink)) == NULL) { diff --git a/ext/pgsql/tests/bug72197.phpt b/ext/pgsql/tests/bug72197.phpt new file mode 100644 index 0000000000..da52d8ea69 --- /dev/null +++ b/ext/pgsql/tests/bug72197.phpt @@ -0,0 +1,35 @@ +--TEST-- +Bug #72197 pg_lo_create arbitrary read +--SKIPIF-- +<?php include("skipif.inc"); ?> +--FILE-- +<?php +/* This shouldn't crash. */ +$var1=-32768; +$var2="12"; +pg_lo_create($var1, $var2); + +/* This should work correctly. */ +include('config.inc'); + +/* Check with explicit link. */ +$conn = pg_connect($conn_str); +pg_query($conn, "BEGIN"); +$oid = pg_lo_create($conn); +var_dump($oid); + +/* Check with default link */ +$oid = pg_lo_create(); +var_dump($oid); + +/* don't commit */ +pg_query($conn, "ROLLBACK"); +pg_close($conn); +?> +==DONE== +--EXPECTF-- +Warning: pg_lo_create(): supplied resource is not a valid PostgreSQL link resource in %sbug72197.php on line %d +int(%d) +int(%d) +==DONE== + |