From 0fe3a91494e9aece3ae948cf9bf9d3476686e0a5 Mon Sep 17 00:00:00 2001 From: Gina Peter Banyard Date: Thu, 2 Jan 2025 13:29:40 +0000 Subject: [PATCH] main/streams: Remove questionable use of PHP_STRLCPY The description of PHP_STRLCPY says that this is a fast version of strlcpy that should be used if we *know* the size of both the source and destination buffers. This is clearly not the case as we use strlen() to compute it. Moreover if the result cannot fit in the destination buffer something seriously strange has happened and we should return a failure state rather than truncating. --- main/streams/plain_wrapper.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/main/streams/plain_wrapper.c b/main/streams/plain_wrapper.c index 7b0813c3db6..f0e03a93431 100644 --- a/main/streams/plain_wrapper.c +++ b/main/streams/plain_wrapper.c @@ -1028,7 +1028,12 @@ static ssize_t php_plain_files_dirstream_read(php_stream *stream, char *buf, siz result = readdir(dir); if (result) { - PHP_STRLCPY(ent->d_name, result->d_name, sizeof(ent->d_name), strlen(result->d_name)); + size_t len = strlen(result->d_name); + if (UNEXPECTED(len >= sizeof(ent->d_name))) { + return -1; + } + /* Include null byte */ + memcpy(ent->d_name, result->d_name, len+1); #ifdef _DIRENT_HAVE_D_TYPE ent->d_type = result->d_type; #else