Skip to content

Commit dc73754

Browse files
devnexendevnexen
committed
try out @nielsdos suggestion, delaying free object_id at the end of the call.
1 parent fc4ef43 commit dc73754

File tree

2 files changed

+53
-18
lines changed

2 files changed

+53
-18
lines changed

ext/snmp/snmp.c

Lines changed: 52 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -626,6 +626,32 @@ static void php_snmp_internal(INTERNAL_FUNCTION_PARAMETERS, int st,
626626
}
627627
/* }}} */
628628

629+
static void php_snmp_zend_string_release_from_char_pointer(char *ptr) {
630+
zend_string *pptr = (zend_string *)(ptr - XtOffsetOf(zend_string, val));
631+
if (!ZSTR_IS_INTERNED(pptr)) {
632+
if (GC_REFCOUNT(pptr)) {
633+
zend_string_release(pptr);
634+
} else {
635+
efree(pptr);
636+
}
637+
}
638+
}
639+
640+
static void php_free_objid_query(struct objid_query *objid_query, zend_string* oid_str, zend_string *value_str, HashTable *value_ht, int st) {
641+
if (!oid_str) {
642+
for (int i = 0; i < objid_query->count; i ++) {
643+
snmpobjarg *arg = &objid_query->vars[i];
644+
if (st & SNMP_CMD_SET) {
645+
if (!value_str && value_ht) {
646+
php_snmp_zend_string_release_from_char_pointer(arg->value);
647+
}
648+
}
649+
php_snmp_zend_string_release_from_char_pointer(arg->oid);
650+
}
651+
}
652+
efree(objid_query->vars);
653+
}
654+
629655
/* {{{ php_snmp_parse_oid
630656
*
631657
* OID parser (and type, value for SNMP_SET command)
@@ -682,7 +708,6 @@ static bool php_snmp_parse_oid(
682708
return false;
683709
}
684710
objid_query->vars[objid_query->count].oid = ZSTR_VAL(tmp);
685-
zend_string_release(tmp);
686711
if (st & SNMP_CMD_SET) {
687712
if (type_str) {
688713
pptr = ZSTR_VAL(type_str);
@@ -706,18 +731,24 @@ static bool php_snmp_parse_oid(
706731
}
707732
}
708733
if (idx_type < type_ht->nNumUsed) {
709-
convert_to_string(tmp_type);
710-
if (Z_STRLEN_P(tmp_type) != 1) {
734+
zval new;
735+
ZVAL_COPY_VALUE(&new, tmp_type);
736+
if (!try_convert_to_string(&new)) {
737+
zend_value_error("conversion to string failed");
738+
php_free_objid_query(objid_query, oid_str, value_str, value_ht, st);
739+
return false;
740+
}
741+
if (Z_STRLEN(new) != 1) {
711742
zend_value_error("Type must be a single character");
712-
efree(objid_query->vars);
743+
php_free_objid_query(objid_query, oid_str, value_str, value_ht, st);
713744
return false;
714745
}
715-
pptr = Z_STRVAL_P(tmp_type);
746+
pptr = Z_STRVAL(new);
716747
objid_query->vars[objid_query->count].type = *pptr;
717748
idx_type++;
718749
} else {
719750
php_error_docref(NULL, E_WARNING, "'%s': no type set", Z_STRVAL_P(tmp_oid));
720-
efree(objid_query->vars);
751+
php_free_objid_query(objid_query, oid_str, value_str, value_ht, st);
721752
return false;
722753
}
723754
}
@@ -743,12 +774,16 @@ static bool php_snmp_parse_oid(
743774
}
744775
}
745776
if (idx_value < value_ht->nNumUsed) {
746-
convert_to_string(tmp_value);
747-
objid_query->vars[objid_query->count].value = Z_STRVAL_P(tmp_value);
777+
zend_string *tmp = zval_try_get_string(tmp_value);
778+
if (!tmp) {
779+
php_free_objid_query(objid_query, oid_str, value_str, value_ht, st);
780+
return false;
781+
}
782+
objid_query->vars[objid_query->count].value = ZSTR_VAL(tmp);
748783
idx_value++;
749784
} else {
750785
php_error_docref(NULL, E_WARNING, "'%s': no value set", Z_STRVAL_P(tmp_oid));
751-
efree(objid_query->vars);
786+
php_free_objid_query(objid_query, oid_str, value_str, value_ht, st);
752787
return false;
753788
}
754789
}
@@ -761,14 +796,14 @@ static bool php_snmp_parse_oid(
761796
if (st & SNMP_CMD_WALK) {
762797
if (objid_query->count > 1) {
763798
php_snmp_error(object, PHP_SNMP_ERRNO_OID_PARSING_ERROR, "Multi OID walks are not supported!");
764-
efree(objid_query->vars);
799+
php_free_objid_query(objid_query, oid_str, value_str, value_ht, st);
765800
return false;
766801
}
767802
objid_query->vars[0].name_length = MAX_NAME_LEN;
768803
if (strlen(objid_query->vars[0].oid)) { /* on a walk, an empty string means top of tree - no error */
769804
if (!snmp_parse_oid(objid_query->vars[0].oid, objid_query->vars[0].name, &(objid_query->vars[0].name_length))) {
770805
php_snmp_error(object, PHP_SNMP_ERRNO_OID_PARSING_ERROR, "Invalid object identifier: %s", objid_query->vars[0].oid);
771-
efree(objid_query->vars);
806+
php_free_objid_query(objid_query, oid_str, value_str, value_ht, st);
772807
return false;
773808
}
774809
} else {
@@ -780,7 +815,7 @@ static bool php_snmp_parse_oid(
780815
objid_query->vars[objid_query->offset].name_length = MAX_OID_LEN;
781816
if (!snmp_parse_oid(objid_query->vars[objid_query->offset].oid, objid_query->vars[objid_query->offset].name, &(objid_query->vars[objid_query->offset].name_length))) {
782817
php_snmp_error(object, PHP_SNMP_ERRNO_OID_PARSING_ERROR, "Invalid object identifier: %s", objid_query->vars[objid_query->offset].oid);
783-
efree(objid_query->vars);
818+
php_free_objid_query(objid_query, oid_str, value_str, value_ht, st);
784819
return false;
785820
}
786821
}
@@ -1257,12 +1292,12 @@ static void php_snmp(INTERNAL_FUNCTION_PARAMETERS, int st, int version)
12571292

12581293
if (session_less_mode) {
12591294
if (!netsnmp_session_init(&session, version, a1, a2, timeout, retries)) {
1260-
efree(objid_query.vars);
1295+
php_free_objid_query(&objid_query, oid_str, value_str, value_ht, st);
12611296
netsnmp_session_free(&session);
12621297
RETURN_FALSE;
12631298
}
12641299
if (version == SNMP_VERSION_3 && !netsnmp_session_set_security(session, a3, a4, a5, a6, a7, NULL, NULL)) {
1265-
efree(objid_query.vars);
1300+
php_free_objid_query(&objid_query, oid_str, value_str, value_ht, st);
12661301
netsnmp_session_free(&session);
12671302
/* Warning message sent already, just bail out */
12681303
RETURN_FALSE;
@@ -1273,7 +1308,7 @@ static void php_snmp(INTERNAL_FUNCTION_PARAMETERS, int st, int version)
12731308
session = snmp_object->session;
12741309
if (!session) {
12751310
zend_throw_error(NULL, "Invalid or uninitialized SNMP object");
1276-
efree(objid_query.vars);
1311+
php_free_objid_query(&objid_query, oid_str, value_str, value_ht, st);
12771312
RETURN_THROWS();
12781313
}
12791314

@@ -1299,15 +1334,15 @@ static void php_snmp(INTERNAL_FUNCTION_PARAMETERS, int st, int version)
12991334

13001335
php_snmp_internal(INTERNAL_FUNCTION_PARAM_PASSTHRU, st, session, &objid_query);
13011336

1302-
efree(objid_query.vars);
1303-
13041337
if (session_less_mode) {
13051338
netsnmp_session_free(&session);
13061339
} else {
13071340
netsnmp_ds_set_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_PRINT_NUMERIC_ENUM, glob_snmp_object.enum_print);
13081341
netsnmp_ds_set_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICK_PRINT, glob_snmp_object.quick_print);
13091342
netsnmp_ds_set_int(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_OID_OUTPUT_FORMAT, glob_snmp_object.oid_output_format);
13101343
}
1344+
1345+
php_free_objid_query(&objid_query, oid_str, value_str, value_ht, st);
13111346
}
13121347
/* }}} */
13131348

ext/snmp/tests/gh16959.phpt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,7 @@ array(4) {
3535
int(0)
3636
}
3737

38-
Warning: snmpget(): Invalid object identifier: -229 in %s on line %d
38+
Warning: snmpget(): Invalid object identifier: -54 in %s on line %d
3939
bool(true)
4040
array(4) {
4141
[63]=>

0 commit comments

Comments
 (0)