Skip to content

Commit d4d52ba

Browse files
cmb69cmb69
committed
Prevent com::__construct() to modify the $server_name array
We switch to `zend_string`s for simplicity, so there's no need to `convert_to_string()` anymore, what makes the array separation superfluous. Closes GH-6040
1 parent 4acac9b commit d4d52ba

File tree

1 file changed

+23
-36
lines changed

1 file changed

+23
-36
lines changed

ext/com_dotnet/com_com.c

Lines changed: 23 additions & 36 deletions
Original file line numberDiff line numberDiff line change
@@ -31,10 +31,9 @@ PHP_METHOD(com, __construct)
3131
zval *object = getThis();
3232
zval *server_params = NULL;
3333
php_com_dotnet_object *obj;
34-
char *module_name, *typelib_name = NULL, *server_name = NULL;
35-
char *user_name = NULL, *domain_name = NULL, *password = NULL;
36-
size_t module_name_len = 0, typelib_name_len = 0, server_name_len = 0,
37-
user_name_len, domain_name_len, password_len;
34+
char *module_name, *typelib_name = NULL;
35+
size_t module_name_len = 0, typelib_name_len = 0;
36+
zend_string *server_name = NULL, *user_name = NULL, *password = NULL, *domain_name = NULL;
3837
OLECHAR *moniker;
3938
CLSID clsid;
4039
CLSCTX ctx = CLSCTX_SERVER;
@@ -52,11 +51,11 @@ PHP_METHOD(com, __construct)
5251
const struct php_win32_cp *cp_it;
5352

5453
if (FAILURE == zend_parse_parameters_ex(ZEND_PARSE_PARAMS_QUIET,
55-
ZEND_NUM_ARGS(), "s|s!ls",
56-
&module_name, &module_name_len, &server_name, &server_name_len,
54+
ZEND_NUM_ARGS(), "s|S!ls",
55+
&module_name, &module_name_len, &server_name,
5756
&cp, &typelib_name, &typelib_name_len) &&
5857
FAILURE == zend_parse_parameters(
59-
ZEND_NUM_ARGS(), "sa/|ls",
58+
ZEND_NUM_ARGS(), "sa|ls",
6059
&module_name, &module_name_len, &server_params, &cp,
6160
&typelib_name, &typelib_name_len)) {
6261
RETURN_THROWS();
@@ -81,39 +80,23 @@ PHP_METHOD(com, __construct)
8180

8281
if (NULL != (tmp = zend_hash_str_find(Z_ARRVAL_P(server_params),
8382
"Server", sizeof("Server")-1))) {
84-
if (!try_convert_to_string(tmp)) {
85-
RETURN_THROWS();
86-
}
87-
server_name = Z_STRVAL_P(tmp);
88-
server_name_len = Z_STRLEN_P(tmp);
83+
server_name = zval_get_string(tmp);
8984
ctx = CLSCTX_REMOTE_SERVER;
9085
}
9186

9287
if (NULL != (tmp = zend_hash_str_find(Z_ARRVAL_P(server_params),
9388
"Username", sizeof("Username")-1))) {
94-
if (!try_convert_to_string(tmp)) {
95-
RETURN_THROWS();
96-
}
97-
user_name = Z_STRVAL_P(tmp);
98-
user_name_len = Z_STRLEN_P(tmp);
89+
user_name = zval_get_string(tmp);
9990
}
10091

10192
if (NULL != (tmp = zend_hash_str_find(Z_ARRVAL_P(server_params),
10293
"Password", sizeof("Password")-1))) {
103-
if (!try_convert_to_string(tmp)) {
104-
RETURN_THROWS();
105-
}
106-
password = Z_STRVAL_P(tmp);
107-
password_len = Z_STRLEN_P(tmp);
94+
password = zval_get_string(tmp);
10895
}
10996

11097
if (NULL != (tmp = zend_hash_str_find(Z_ARRVAL_P(server_params),
11198
"Domain", sizeof("Domain")-1))) {
112-
if (!try_convert_to_string(tmp)) {
113-
RETURN_THROWS();
114-
}
115-
domain_name = Z_STRVAL_P(tmp);
116-
domain_name_len = Z_STRLEN_P(tmp);
99+
domain_name = zval_get_string(tmp);
117100
}
118101

119102
if (NULL != (tmp = zend_hash_str_find(Z_ARRVAL_P(server_params),
@@ -134,25 +117,25 @@ PHP_METHOD(com, __construct)
134117
if (server_name) {
135118
info.dwReserved1 = 0;
136119
info.dwReserved2 = 0;
137-
info.pwszName = php_com_string_to_olestring(server_name, server_name_len, obj->code_page);
120+
info.pwszName = php_com_string_to_olestring(ZSTR_VAL(server_name), ZSTR_LEN(server_name), obj->code_page);
138121

139122
if (user_name) {
140-
authid.User = (OLECHAR*)user_name;
141-
authid.UserLength = (ULONG)user_name_len;
123+
authid.User = (OLECHAR*) ZSTR_VAL(user_name);
124+
authid.UserLength = (ULONG) ZSTR_LEN(user_name);
142125

143126
if (password) {
144-
authid.Password = (OLECHAR*)password;
145-
authid.PasswordLength = (ULONG)password_len;
127+
authid.Password = (OLECHAR*) ZSTR_VAL(password);
128+
authid.PasswordLength = (ULONG) ZSTR_LEN(password);
146129
} else {
147-
authid.Password = (OLECHAR*)"";
130+
authid.Password = (OLECHAR*) "";
148131
authid.PasswordLength = 0;
149132
}
150133

151134
if (domain_name) {
152-
authid.Domain = (OLECHAR*)domain_name;
153-
authid.DomainLength = (ULONG)domain_name_len;
135+
authid.Domain = (OLECHAR*) ZSTR_VAL(domain_name);
136+
authid.DomainLength = (ULONG) ZSTR_LEN(domain_name);
154137
} else {
155-
authid.Domain = (OLECHAR*)"";
138+
authid.Domain = (OLECHAR*) "";
156139
authid.DomainLength = 0;
157140
}
158141
authid.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI;
@@ -225,7 +208,11 @@ PHP_METHOD(com, __construct)
225208

226209
if (server_name) {
227210
if (info.pwszName) efree(info.pwszName);
211+
if (server_params) zend_string_release(server_name);
228212
}
213+
if (user_name) zend_string_release(user_name);
214+
if (password) zend_string_release(password);
215+
if (domain_name) zend_string_release(domain_name);
229216

230217
efree(moniker);
231218

0 commit comments

Comments
 (0)