From 80e6701233e3a5fa5faea51ef09b240190fa5f06 Mon Sep 17 00:00:00 2001 From: Gina Peter Banyard Date: Thu, 2 Jan 2025 13:29:40 +0000 Subject: [PATCH] main/streams: Remove questionable use of PHP_STRLCPY The description of PHP_STRLCPY says that this is a fast version of strlcpy that should be used if we *know* the size of both the source and destination buffers. This is clearly not the case as we use strlen() to compute it. Moreover if the result cannot fit in the destination buffer something seriously strange has happened and we should return a failure state rather than truncating. --- main/streams/plain_wrapper.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/main/streams/plain_wrapper.c b/main/streams/plain_wrapper.c index 7b0813c3db623..f0e03a9343128 100644 --- a/main/streams/plain_wrapper.c +++ b/main/streams/plain_wrapper.c @@ -1028,7 +1028,12 @@ static ssize_t php_plain_files_dirstream_read(php_stream *stream, char *buf, siz result = readdir(dir); if (result) { - PHP_STRLCPY(ent->d_name, result->d_name, sizeof(ent->d_name), strlen(result->d_name)); + size_t len = strlen(result->d_name); + if (UNEXPECTED(len >= sizeof(ent->d_name))) { + return -1; + } + /* Include null byte */ + memcpy(ent->d_name, result->d_name, len+1); #ifdef _DIRENT_HAVE_D_TYPE ent->d_type = result->d_type; #else