diff options
author | Ilia Alshanetsky <iliaa@php.net> | 2006-12-28 15:09:29 +0000 |
---|---|---|
committer | Ilia Alshanetsky <iliaa@php.net> | 2006-12-28 15:09:29 +0000 |
commit | b154f188d10625ea3bfde0d15f565788a7409b11 (patch) | |
tree | ccc999e4aee67c9e34e2fbbb5cc65e6f6f555f35 /ext/standard/proc_open.c | |
parent | dae5040b617b99daf8ea698db2958cbe31613c11 (diff) | |
download | php-git-b154f188d10625ea3bfde0d15f565788a7409b11.tar.gz |
Simplify code and eliminate strcat() usage
Diffstat (limited to 'ext/standard/proc_open.c')
-rw-r--r-- | ext/standard/proc_open.c | 39 |
1 files changed, 12 insertions, 27 deletions
diff --git a/ext/standard/proc_open.c b/ext/standard/proc_open.c index 5862a42e03..ae145267f2 100644 --- a/ext/standard/proc_open.c +++ b/ext/standard/proc_open.c @@ -248,7 +248,7 @@ static void proc_open_rsrc_dtor(zend_rsrc_list_entry *rsrc TSRMLS_DC) /* {{{ php_make_safe_mode_command */ static int php_make_safe_mode_command(char *cmd, char **safecmd, int is_persistent TSRMLS_DC) { - int lcmd, larg0, ldir, len, overflow_limit; + int lcmd, larg0; char *space, *sep, *arg0; if (!PG(safe_mode)) { @@ -257,42 +257,27 @@ static int php_make_safe_mode_command(char *cmd, char **safecmd, int is_persiste } lcmd = strlen(cmd); - ldir = strlen(PG(safe_mode_exec_dir)); - len = lcmd + ldir + 2; - overflow_limit = len; - arg0 = emalloc(len); - - strcpy(arg0, cmd); - - space = strchr(arg0, ' '); + arg0 = estrndup(cmd, lcmd); + + space = memchr(arg0, ' ', lcmd); if (space) { *space = '\0'; + larg0 = space - arg0; + } else { + larg0 = lcmd; } - larg0 = strlen(arg0); - if (strstr(arg0, "..")) { + if (php_memnstr(arg0, "..", sizeof("..")-1, arg0 + larg0)) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "No '..' components allowed in path"); efree(arg0); return FAILURE; } - *safecmd = emalloc(len); - strcpy(*safecmd, PG(safe_mode_exec_dir)); - overflow_limit -= ldir; - - sep = strrchr(arg0, PHP_DIR_SEPARATOR); - if (sep) { - strcat(*safecmd, sep); - overflow_limit -= strlen(sep); - } else { - strcat(*safecmd, "/"); - strcat(*safecmd, arg0); - overflow_limit -= larg0 + 1; - } - if (space) { - strncat(*safecmd, cmd + larg0, overflow_limit); - } + sep = zend_memrchr(arg0, PHP_DIR_SEPARATOR, larg0); + + spprintf(safecmd, 0, "%s%c%s%s", PG(safe_mode_exec_dir), (sep ? *sep : '/'), (sep ? "" : arg0), (space ? cmd + larg0 : "")); + efree(arg0); arg0 = php_escape_shell_cmd(*safecmd); efree(*safecmd); |