From 4debb44a44db5a2be6b110a1a6df2002a70bc4bf Mon Sep 17 00:00:00 2001
From: Pino Toscano <ptoscano@redhat.com>
Date: Tue, 10 Feb 2015 15:32:59 +0100
Subject: [PATCH] php: fix invalid memory access with OptString

OptString maps to a "s!" argument, which makes zend_parse_parameters not
touch the variables (char* and length) when NULL is passed as parameter.
Hence, set both to NULL/0, and check for non-NULL char* variable before
checking its length.
---
 generator/php.ml | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/generator/php.ml b/generator/php.ml
index 0ef65414f..138445184 100644
--- a/generator/php.ml
+++ b/generator/php.ml
@@ -192,11 +192,13 @@ PHP_FUNCTION (guestfs_last_error)
         | String n | Device n | Mountable n | Pathname n
         | Dev_or_Path n | Mountable_or_Path n
         | FileIn n | FileOut n | Key n
-        | OptString n
         | BufferIn n
         | GUID n ->
             pr "  char *%s;\n" n;
             pr "  int %s_size;\n" n
+        | OptString n ->
+            pr "  char *%s = NULL;\n" n;
+            pr "  int %s_size;\n" n
         | StringList n
         | DeviceList n ->
             pr "  zval *z_%s;\n" n;
@@ -310,7 +312,7 @@ PHP_FUNCTION (guestfs_last_error)
         | String n | Device n | Mountable n | Pathname n
         | Dev_or_Path n | Mountable_or_Path n
         | FileIn n | FileOut n | Key n
-        | OptString n | GUID n ->
+        | GUID n ->
             (* Just need to check the string doesn't contain any ASCII
              * NUL characters, which won't be supported by the C API.
              *)
@@ -319,6 +321,15 @@ PHP_FUNCTION (guestfs_last_error)
             pr "    RETURN_FALSE;\n";
             pr "  }\n";
             pr "\n"
+        | OptString n ->
+            (* Just need to check the string doesn't contain any ASCII
+             * NUL characters, which won't be supported by the C API.
+             *)
+            pr "  if (%s != NULL && strlen (%s) != %s_size) {\n" n n n;
+            pr "    fprintf (stderr, \"libguestfs: %s: parameter '%s' contains embedded ASCII NUL.\\n\");\n" shortname n;
+            pr "    RETURN_FALSE;\n";
+            pr "  }\n";
+            pr "\n"
         | BufferIn n -> ()
         | StringList n
         | DeviceList n ->