Explicitly validate popen mode

nikic · nikic · commit ab36540bddb6 · 2020-08-06T10:26:46.000+02:00
To avoid behavior differences due to libc.
diff --git a/ext/standard/file.c b/ext/standard/file.c
@@ -930,10 +930,18 @@ PHP_FUNCTION(popen)
 		char *z = memchr(posix_mode, 'b', mode_len);
 		if (z) {
 			memmove(z, z + 1, mode_len - (z - posix_mode));
+			mode_len--;
 		}
 	}
 #endif
 
+	/* Musl only partially validates the mode. Manually check it to ensure consistent behavior. */
+	if (mode_len != 1 || (*posix_mode != 'r' && *posix_mode != 'w')) {
+		php_error_docref2(NULL, command, posix_mode, E_WARNING, "Invalid mode");
+		efree(posix_mode);
+		RETURN_FALSE;
+	}
+
 	fp = VCWD_POPEN(command, posix_mode);
 	if (!fp) {
 		php_error_docref2(NULL, command, posix_mode, E_WARNING, "%s", strerror(errno));
diff --git a/ext/standard/tests/file/popen_pclose_error.phpt b/ext/standard/tests/file/popen_pclose_error.phpt
@@ -22,7 +22,7 @@ unlink($file_path."/popen.tmp");
 --EXPECTF--
 *** Testing for error conditions ***
 
-Warning: popen(abc.txt,rw): %s on line %d
+Warning: popen(abc.txt,rw): Invalid mode in %s on line %d
 bool(false)
 
 --- Done ---
