Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ext/pcntl: Refactor usage of strlcpy #17172

Merged
merged 5 commits into from
Dec 17, 2024
Merged

ext/pcntl: Refactor usage of strlcpy #17172

merged 5 commits into from
Dec 17, 2024
+98 −41

Conversation

Girgias
Copy link
Member

@Girgias Girgias commented Dec 15, 2024

We allocate the buffer, so we know that it will fit.

Drive by refactorings and questions

@Girgias Girgias requested a review from devnexen as a code owner December 15, 2024 22:20
devnexen
devnexen reviewed Dec 15, 2024
View reviewed changes
ext/pcntl/pcntl.c Outdated
strlcpy(*pair, ZSTR_VAL(key), ZSTR_LEN(key) + 1);
strlcat(*pair, "=", pair_length);
strlcat(*pair, Z_STRVAL_P(element), pair_length);
const uint8_t equal_len = strlen("=");
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

not sure equal_len existence is really vital but not against it either.

@Girgias Girgias requested a review from nielsdos December 16, 2024 14:43
nielsdos
nielsdos requested changes Dec 16, 2024
View reviewed changes
ext/pcntl/pcntl.c Outdated
current_arg++;
} ZEND_HASH_FOREACH_END();
*current_arg = NULL;
} else {
argv = emalloc(2 * sizeof(char *));
argv = safe_emalloc(2, sizeof(char *), 0);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This isn't a necessary, this can't overflow anyway.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I never really know when one is meant to use the safe version compared to normal emalloc.

Copy link
Member

@nielsdos nielsdos Dec 17, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If overflow by summation/multiplication is possible, use the safe version

ext/pcntl/pcntl.c Outdated Show resolved Hide resolved
ext/pcntl/pcntl.c Outdated
zend_string_release(key);
goto cleanup_env_vars;
}
// TODO Check key and element do not have nul bytes?
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Probably yeah

ext/pcntl/pcntl.c Outdated
strlcat(*pair, Z_STRVAL_P(element), pair_length);
const uint8_t equal_len = strlen("=");
size_t pair_length = ZSTR_LEN(element_str) + equal_len + ZSTR_LEN(key) + 1;
ZEND_ASSERT(pair_length < SIZE_MAX);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This assertion doesn't really make a lot of sense, pair_length is size_t after all...
Granted, the assertions that were here prior to this PR also didn't make a lot of sense.

ext/pcntl/pcntl.c Outdated
strlcat(*pair, "=", pair_length);
strlcat(*pair, Z_STRVAL_P(element), pair_length);
const uint8_t equal_len = strlen("=");
size_t pair_length = ZSTR_LEN(element_str) + equal_len + ZSTR_LEN(key) + 1;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Never open-code an addition of string lengths, unless you know they're bounded such that they can't overflow; or if you overflow-check them yourself.
In this case, you should keep using safe_emalloc and only perform this summation after that call.
If you don't, you risk integer overflow which can turn into heap buffer overflow.

ext/pcntl/pcntl.c Outdated Show resolved Hide resolved
@Girgias
ext/pcntl: Refactor usage of strlcpy
94ccab6 
We allocate the buffer, so we know that it will fit.

Drive by refactorings and questions
@Girgias
Review
42a70f4
@Girgias
UPGRADING
0bfdb71
@Girgias
exec_pcntl() always return false
c97e105
@Girgias Girgias force-pushed the pcntl-strlcat-refactor branch from c54e11c to c97e105 Compare December 16, 2024 23:27
@Girgias Girgias requested a review from kocsismate as a code owner December 16, 2024 23:27
nielsdos
nielsdos approved these changes Dec 17, 2024
View reviewed changes
Copy link
Member

@nielsdos nielsdos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just one typo found, otherwise LGTM

UPGRADING Outdated Show resolved Hide resolved
@Girgias @nielsdos
[skip ci] Fix typo
dbd6f7b 
Co-authored-by: Niels Dossche <[email protected]>
@Girgias Girgias merged commit b53b529 into php:master Dec 17, 2024
1 check passed
@Girgias Girgias deleted the pcntl-strlcat-refactor branch December 17, 2024 13:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nielsdos nielsdos nielsdos approved these changes

@devnexen devnexen devnexen approved these changes

@kocsismate kocsismate Awaiting requested review from kocsismate kocsismate is a code owner

Assignees
No one assigned
Labels
Extension: pcntl
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Girgias @devnexen @nielsdos