Skip to content

Commit 212fa80

Browse files
devnexendevnexen
committed
further initialisation type check and segfault fix.
1 parent dc963f3 commit 212fa80

File tree

2 files changed

+29
-5
lines changed

2 files changed

+29
-5
lines changed

ext/snmp/snmp.c

Lines changed: 16 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -832,7 +832,7 @@ static bool php_snmp_parse_oid(
832832
/* {{{ snmp_session_init
833833
allocates memory for session and session->peername, caller should free it manually using session_free() and efree()
834834
*/
835-
static bool snmp_session_init(php_snmp_session **session_p, int version, zend_string *hostname, zend_string *community, int timeout, int retries)
835+
static bool snmp_session_init(php_snmp_session **session_p, int version, zend_string *hostname, zend_string *community, zend_long timeout, zend_long retries)
836836
{
837837
php_snmp_session *session;
838838
char *pptr, *host_ptr;
@@ -841,11 +841,23 @@ static bool snmp_session_init(php_snmp_session **session_p, int version, zend_st
841841
struct sockaddr **psal;
842842
struct sockaddr **res;
843843

844+
*session_p = 0;
845+
844846
if (ZSTR_LEN(hostname) >= MAX_NAME_LEN) {
845847
zend_value_error("hostname length must be lower than %d", MAX_NAME_LEN);
846848
return false;
847849
}
848850

851+
if (timeout < -1 || timeout > LONG_MAX) {
852+
zend_value_error("timeout must be between -1 and %ld", LONG_MAX);
853+
return false;
854+
}
855+
856+
if (retries < -1 || retries > INT_MAX) {
857+
zend_value_error("retries must be between -1 and %d", INT_MAX);
858+
return false;
859+
}
860+
849861
// TODO: Do not strip and re-add the port in peername?
850862
unsigned short remote_port = SNMP_PORT;
851863
int tmp_port;
@@ -856,7 +868,7 @@ static bool snmp_session_init(php_snmp_session **session_p, int version, zend_st
856868

857869
snmp_sess_init(session);
858870

859-
session->version = version;
871+
session->version = (long)version;
860872

861873
session->peername = emalloc(MAX_NAME_LEN);
862874
/* we copy original hostname for further processing */
@@ -954,8 +966,8 @@ static bool snmp_session_init(php_snmp_session **session_p, int version, zend_st
954966
session->community_len = ZSTR_LEN(community);
955967
}
956968

957-
session->retries = retries;
958-
session->timeout = timeout;
969+
session->retries = (int)retries;
970+
session->timeout = (long)timeout;
959971
return true;
960972
}
961973
/* }}} */

ext/snmp/tests/snmp_session_error.phpt

Lines changed: 13 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,10 +28,22 @@ try {
2828
} catch (\ValueError $e) {
2929
echo $e->getMessage(), PHP_EOL;
3030
}
31+
try {
32+
new SNMP(SNMP::VERSION_1, "$hostname:$port", $community, PHP_INT_MAX, $retries);
33+
} catch (\ValueError $e) {
34+
echo $e->getMessage(), PHP_EOL;
35+
}
36+
try {
37+
new SNMP(SNMP::VERSION_1, "$hostname:$port", $community, $timeout, PHP_INT_MAX);
38+
} catch (\ValueError $e) {
39+
echo $e->getMessage(), PHP_EOL;
40+
}
3141
echo "OK";
3242
?>
33-
--EXPECT--
43+
--EXPECTF--
3444
remote port must be between 0 and 65535
3545
remote port must be between 0 and 65535
3646
hostname length must be lower than 128
47+
timeout must be between -1 and %d
48+
retries must be between -1 and %d
3749
OK

0 commit comments

Comments
 (0)