Hunting while(!feof(..)) calls missing a test on the resource: can trigger an infinite read and a CPU hog.

Author: cdujeu

core/src/plugins/access.fs/class.fsAccessDriver.php

@@ -1317,6 +1317,9 @@ protected function appendUploadedData($folder, $source, $target){
 
     public function readFile($filePathOrData, $headerType="plain", $localName="", $data=false, $gzip=null, $realfileSystem=false, $byteOffset=-1, $byteLength=-1)
     {
+        if(!$data && !$gzip && !file_exists($filePathOrData)){
+            throw new Exception("File $filePathOrData not found!");
+        }
         if ($gzip === null) {
             $gzip = ConfService::getCoreConf("GZIP_COMPRESSION");
         }
@@ -1394,6 +1397,9 @@ public function readFile($filePathOrData, $headerType="plain", $localName="", $d
 
                 header("Content-Length: ". $length);
                 $file = fopen($filePathOrData, 'rb');
+                if(!is_resource($file)){
+                    throw new Exception("Failed opening file ".$filePathOrData);
+                }
                 fseek($file, 0);
                 $relOffset = $offset;
                 while ($relOffset > 2.0E9) {
@@ -1466,6 +1472,9 @@ public function readFile($filePathOrData, $headerType="plain", $localName="", $d
             if ($realfileSystem) {
                 $this->logDebug("realFS!", array("file"=>$filePathOrData));
                 $fp = fopen($filePathOrData, "rb");
+                if(!is_resource($fp)){
+                    throw new Exception("Failed opening file ".$filePathOrData);
+                }
                 if ($byteOffset != -1) {
                     fseek($fp, $byteOffset);
                 }

core/src/plugins/access.fs/class.fsAccessWrapper.php

@@ -244,6 +244,7 @@ public static function isRemote()
     public static function copyFileInStream($path, $stream)
     {
         $fp = fopen(self::getRealFSReference($path), "rb");
+        if(!is_resource($fp)) return;
         while (!feof($fp)) {
             if(!ini_get("safe_mode")) @set_time_limit(60);
              $data = fread($fp, 4096);

core/src/plugins/access.smb/class.smbAccessWrapper.php

@@ -169,6 +169,7 @@ public static function isRemote()
     public static function copyFileInStream($path, $stream)
     {
         $fp = fopen(self::getRealFSReference($path), "rb");
+        if(!is_resource($fp)) return;
         while (!feof($fp)) {
             $data = fread($fp, 4096);
             fwrite($stream, $data, strlen($data));

core/src/plugins/access.swift/class.swiftAccessWrapper.php

@@ -240,6 +240,7 @@ public static function isRemote()
     public static function copyFileInStream($path, $stream)
     {
         $fp = fopen($path, "r", null, self::$cloudContext);
+        if(!is_resource($fp)) return;
         while (!feof($fp)) {
             $data = fread($fp, 4096);
             fwrite($stream, $data, strlen($data));

core/src/plugins/access.webdav/class.webdavAccessWrapper.php

@@ -210,6 +210,7 @@ public static function isRemote()
     public static function copyFileInStream($path, $stream)
     {
         $fp = fopen(self::getRealFSReference($path), "rb");
+        if(!is_resource($fp)) return;
         while (!feof($fp)) {
             $data = fread($fp, 4096);
             fwrite($stream, $data, strlen($data));

core/src/plugins/core.access/class.AbstractAccessDriver.php

@@ -316,15 +316,15 @@ protected function filecopy($srcFile, $destFile, $srcWrapperName, $destWrapperNa
         if (call_user_func(array($srcWrapperName, "isRemote")) || call_user_func(array($destWrapperName, "isRemote")) || $srcWrapperName != $destWrapperName) {
             $src = fopen($srcFile, "r");
             $dest = fopen($destFile, "w");
-            if ($dest !== false) {
+            if (is_resource($src) && is_resource($dest)) {
                 while (!feof($src)) {
                     //stream_copy_to_stream($src, $dest, 4096);
                     $count = stream_copy_to_stream($src, $dest, 4096);
                     if ($count == 0) break;
                 }
-                fclose($dest);
             }
-            fclose($src);
+            if(is_resource($dest)) fclose($dest);
+            if(is_resource($src)) fclose($src);
         } else {
             copy($srcFile, $destFile);
         }

core/src/plugins/editor.diaporama/PThumb.lib.php

@@ -921,10 +921,12 @@ function retrieve_remote_file($url,$skip_checks=false,$refresh=false, $force_met
 
             $data = "";
             $fp = fopen($url, "r");
-            while (!feof($fp)) {
-            	$data .= fread($fp, 4096);
+            if(is_resource($fp)){
+                while (!feof($fp)) {
+                    $data .= fread($fp, 4096);
+                }
+                fclose($fp);
             }
-            fclose($fp);
             //$data = @implode("",file($url));
             if (strlen($data) > 0){
                 $this -> data_cache[sha1($url)] = $data;

core/src/plugins/editor.pixlr/class.PixlrEditor.php

@@ -113,11 +113,13 @@ public function switchAction($action, $httpVars, $filesVars)
 
       $orig = fopen($image, "r");
       $target = fopen($destStreamURL.$file, "w");
-      while (!feof($orig)) {
-        fwrite($target, fread($orig, 4096));
+      if(is_resource($orig) && is_resource($target)){
+          while (!feof($orig)) {
+            fwrite($target, fread($orig, 4096));
+          }
+          fclose($orig);
+          fclose($target);
       }
-      fclose($orig);
-      fclose($target);
         clearstatcache(true, $node->getUrl());
         $node->loadNodeInfo(true);
         AJXP_Controller::applyHook("node.change", array(&$node, &$node));

core/src/plugins/editor.video/class.VideoReader.php

@@ -80,6 +80,7 @@ public function switchAction($action, $httpVars, $filesVars)
                 header('Accept-Ranges:bytes');
                 header("Content-Length: ". $length);
                 $file = fopen($filename, 'rb');
+                if(!is_resource($file)) throw new Exception("Cannot open file $file!");
                 fseek($file, 0);
                 $relOffset = $offset;
                 while ($relOffset > 2.0E9) {

core/src/plugins/uploader.html/class.SimpleUploadProcessor.php

@@ -143,10 +143,12 @@ public function unifyChunks($action, $httpVars, $fileVars)
         $newDest = fopen($destStreamURL.$filename, "w");
         for ($i = 0; $i < count($chunks) ; $i++) {
             $part = fopen($destStreamURL.$chunks[$i], "r");
-            while (!feof($part)) {
-                fwrite($newDest, fread($part, 4096));
+            if(is_resource($part)){
+                while (!feof($part)) {
+                    fwrite($newDest, fread($part, 4096));
+                }
+                fclose($part);
             }
-            fclose($part);
             unlink($destStreamURL.$chunks[$i]);
         }
         fclose($newDest);