You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
ext/sockets: Enable AF_PACKET raw buffer support in socket_sendto/socket_recvfrom.
Take a new approach from PR php#17926: instead of parsing ethernet/IP/TCP/UDP
headers in C, expose the raw frame as a string to userland, letting users
handle protocol decoding safely in PHP. This addresses the security
concerns raised during review.
Also rename opaque argument variables (arg1..arg6) to meaningful
names in both functions and fix a bug in the commented-out sendto
code that was using &sin instead of &sll.
closephpGH-21631
/* {{{ Receives data from a socket, connected or not */
1493
1493
PHP_FUNCTION(socket_recvfrom)
1494
1494
{
1495
-
zval*arg1, *arg2, *arg5, *arg6=NULL;
1495
+
zval*zsocket, *zdata, *zaddr, *zport=NULL;
1496
1496
php_socket*php_sock;
1497
1497
structsockaddr_uns_un;
1498
1498
structsockaddr_insin;
1499
1499
#ifdefHAVE_IPV6
1500
1500
structsockaddr_in6sin6;
1501
1501
#endif
1502
1502
#ifdefAF_PACKET
1503
-
//struct sockaddr_llsll;
1503
+
structsockaddr_llsll;
1504
1504
#endif
1505
1505
charaddrbuf[INET6_ADDRSTRLEN];
1506
1506
socklen_tslen;
1507
1507
intretval;
1508
-
zend_longarg3, arg4;
1508
+
zend_longlength, flags;
1509
1509
constchar*address;
1510
1510
zend_string*recv_buf;
1511
1511
1512
1512
ZEND_PARSE_PARAMETERS_START(5, 6)
1513
-
Z_PARAM_OBJECT_OF_CLASS(arg1, socket_ce)
1514
-
Z_PARAM_ZVAL(arg2)
1515
-
Z_PARAM_LONG(arg3)
1516
-
Z_PARAM_LONG(arg4)
1517
-
Z_PARAM_ZVAL(arg5)
1513
+
Z_PARAM_OBJECT_OF_CLASS(zsocket, socket_ce)
1514
+
Z_PARAM_ZVAL(zdata)
1515
+
Z_PARAM_LONG(length)
1516
+
Z_PARAM_LONG(flags)
1517
+
Z_PARAM_ZVAL(zaddr)
1518
1518
Z_PARAM_OPTIONAL
1519
-
Z_PARAM_ZVAL(arg6)
1519
+
Z_PARAM_ZVAL(zport)
1520
1520
ZEND_PARSE_PARAMETERS_END();
1521
1521
1522
-
php_sock=Z_SOCKET_P(arg1);
1522
+
php_sock=Z_SOCKET_P(zsocket);
1523
1523
ENSURE_SOCKET_VALID(php_sock);
1524
1524
1525
+
#ifdefAF_PACKET
1526
+
/* On packet sockets, restrict flags to a finite safe subset. In
1527
+
* particular MSG_TRUNC must be excluded: it makes recvfrom() report the
1528
+
* untruncated frame length, which can exceed the buffer. */
1529
+
if (php_sock->type==AF_PACKET) {
1530
+
constzend_longallowed_flags=0
1531
+
#ifdefMSG_OOB
1532
+
| MSG_OOB
1533
+
#endif
1534
+
#ifdefMSG_PEEK
1535
+
| MSG_PEEK
1536
+
#endif
1537
+
#ifdefMSG_WAITALL
1538
+
| MSG_WAITALL
1539
+
#endif
1540
+
#ifdefMSG_DONTWAIT
1541
+
| MSG_DONTWAIT
1542
+
#endif
1543
+
#ifdefMSG_ERRQUEUE
1544
+
| MSG_ERRQUEUE
1545
+
#endif
1546
+
#ifdefMSG_CMSG_CLOEXEC
1547
+
| MSG_CMSG_CLOEXEC
1548
+
#endif
1549
+
;
1550
+
1551
+
if (flags& ~allowed_flags) {
1552
+
zend_argument_value_error(4, "must be a combination of MSG_OOB, MSG_PEEK, MSG_WAITALL, MSG_DONTWAIT, MSG_ERRQUEUE, and MSG_CMSG_CLOEXEC for AF_PACKET sockets");
0 commit comments