Skip to content

Commit 5c96610

Browse files
devnexendevnexen
committed
fix unterminated buffers.
1 parent 9ad95d6 commit 5c96610

File tree

1 file changed

+6
-5
lines changed

1 file changed

+6
-5
lines changed

ext/sockets/sockets.c

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1460,7 +1460,7 @@ static zend_result php_socket_afpacket_add_tcp(unsigned char *ipdata, struct soc
14601460
zend_update_property_long(Z_OBJCE_P(szpayload), Z_OBJ_P(szpayload), ZEND_STRL("srcPort"), ntohs(tcp->th_sport));
14611461
zend_update_property_long(Z_OBJCE_P(szpayload), Z_OBJ_P(szpayload), ZEND_STRL("dstPort"), ntohs(tcp->th_dport));
14621462
zend_update_property_long(Z_OBJCE_P(szpayload), Z_OBJ_P(szpayload), ZEND_STRL("headerSize"), sizeof(*tcp));
1463-
zend_update_property_string(Z_OBJCE_P(szpayload), Z_OBJ_P(szpayload), ZEND_STRL("rawPacket"), (char *)ipdata);
1463+
zend_update_property_stringl(Z_OBJCE_P(szpayload), Z_OBJ_P(szpayload), ZEND_STRL("rawPacket"), (char *)ipdata, sizeof(*tcp));
14641464
zend_update_property(Z_OBJCE_P(zpayload), Z_OBJ_P(zpayload), ZEND_STRL("payload"), szpayload);
14651465
Z_DELREF_P(szpayload);
14661466
return SUCCESS;
@@ -1472,11 +1472,12 @@ static zend_result php_socket_afpacket_add_udp(unsigned char *ipdata, struct soc
14721472
ETH_SUB_CHECKLENGTH(a, "UDP");
14731473
memcpy(&a, ipdata, sizeof(a));
14741474
struct udphdr *udp = &a;
1475+
size_t headersize = sizeof(*udp);
14751476
object_init_ex(szpayload, udppacket_ce);
14761477
zend_update_property_long(Z_OBJCE_P(szpayload), Z_OBJ_P(szpayload), ZEND_STRL("srcPort"), ntohs(udp->uh_sport));
14771478
zend_update_property_long(Z_OBJCE_P(szpayload), Z_OBJ_P(szpayload), ZEND_STRL("dstPort"), ntohs(udp->uh_dport));
1478-
zend_update_property_long(Z_OBJCE_P(szpayload), Z_OBJ_P(szpayload), ZEND_STRL("headerSize"), sizeof(*udp));
1479-
zend_update_property_string(Z_OBJCE_P(szpayload), Z_OBJ_P(szpayload), ZEND_STRL("rawPacket"), (char *)ipdata);
1479+
zend_update_property_long(Z_OBJCE_P(szpayload), Z_OBJ_P(szpayload), ZEND_STRL("headerSize"), headersize);
1480+
zend_update_property_stringl(Z_OBJCE_P(szpayload), Z_OBJ_P(szpayload), ZEND_STRL("rawPacket"), (char *)ipdata, headersize);
14801481
zend_update_property(Z_OBJCE_P(zpayload), Z_OBJ_P(zpayload), ZEND_STRL("payload"), szpayload);
14811482
Z_DELREF_P(szpayload);
14821483
return SUCCESS;
@@ -1768,7 +1769,7 @@ PHP_FUNCTION(socket_recvfrom)
17681769
zend_update_property_string(Z_OBJCE(zpayload), Z_OBJ(zpayload), ZEND_STRL("srcAddr"), inet_ntoa(s));
17691770
zend_update_property_string(Z_OBJCE(zpayload), Z_OBJ(zpayload), ZEND_STRL("dstAddr"), inet_ntoa(d));
17701771
zend_update_property_long(Z_OBJCE(zpayload), Z_OBJ(zpayload), ZEND_STRL("headerSize"), totalip);
1771-
zend_update_property_string(Z_OBJCE(zpayload), Z_OBJ(zpayload), ZEND_STRL("rawPacket"), (char *)payload);
1772+
zend_update_property_stringl(Z_OBJCE(zpayload), Z_OBJ(zpayload), ZEND_STRL("rawPacket"), (char *)payload, totalip);
17721773

17731774
switch (ip->protocol) {
17741775
case IPPROTO_TCP: {
@@ -1827,7 +1828,7 @@ PHP_FUNCTION(socket_recvfrom)
18271828
zend_update_property_string(Z_OBJCE(zpayload), Z_OBJ(zpayload), ZEND_STRL("srcAddr"), s);
18281829
zend_update_property_string(Z_OBJCE(zpayload), Z_OBJ(zpayload), ZEND_STRL("dstAddr"), d);
18291830
zend_update_property_long(Z_OBJCE(zpayload), Z_OBJ(zpayload), ZEND_STRL("headerSize"), totalip);
1830-
zend_update_property_string(Z_OBJCE(zpayload), Z_OBJ(zpayload), ZEND_STRL("rawPacket"), (char *)payload);
1831+
zend_update_property_stringl(Z_OBJCE(zpayload), Z_OBJ(zpayload), ZEND_STRL("rawPacket"), (char *)payload, totalip);
18311832
unsigned char ipprotocol = ip->nexthdr;
18321833
unsigned char *ipdata = payload + sizeof(*ip);
18331834

0 commit comments

Comments
 (0)