From b5572658166c4b8cbc1d332877a7a84c6e18a1c1 Mon Sep 17 00:00:00 2001 From: "Christoph M. Becker" Date: Wed, 28 Aug 2019 17:51:57 +0200 Subject: [PATCH] Fix #78473: odbc_close() closes arbitrary resources We have to bail out, if an invalid resource is given. For consistency with the other `zend_fetch_resource(2)` calls, we return `FALSE`. --- NEWS | 3 +++ ext/odbc/php_odbc.c | 5 ++++- ext/odbc/tests/bug78473.phpt | 14 ++++++++++++++ 3 files changed, 21 insertions(+), 1 deletion(-) create mode 100644 ext/odbc/tests/bug78473.phpt diff --git a/NEWS b/NEWS index e747a4f8eb4..838f1d23e8d 100644 --- a/NEWS +++ b/NEWS @@ -11,6 +11,9 @@ PHP NEWS . Fixed connect_attr issues and added the _server_host connection attribute. (Qianqian Bu) +- ODBC: + . Fixed bug #78473 (odbc_close() closes arbitrary resources). (cmb) + 29 Aug 2019, PHP 7.2.22 - Core: diff --git a/ext/odbc/php_odbc.c b/ext/odbc/php_odbc.c index b5b8a073665..33233d24bde 100644 --- a/ext/odbc/php_odbc.c +++ b/ext/odbc/php_odbc.c @@ -2752,7 +2752,10 @@ PHP_FUNCTION(odbc_close) return; } - conn = (odbc_connection *)zend_fetch_resource2(Z_RES_P(pv_conn), "ODBC-Link", le_conn, le_pconn); + if (!(conn = (odbc_connection *)zend_fetch_resource2(Z_RES_P(pv_conn), "ODBC-Link", le_conn, le_pconn))) { + RETURN_FALSE; + } + if (Z_RES_P(pv_conn)->type == le_pconn) { is_pconn = 1; } diff --git a/ext/odbc/tests/bug78473.phpt b/ext/odbc/tests/bug78473.phpt new file mode 100644 index 00000000000..fd73b6cc072 --- /dev/null +++ b/ext/odbc/tests/bug78473.phpt @@ -0,0 +1,14 @@ +--TEST-- +Bug #78473 (odbc_close() closes arbitrary resources) +--SKIPIF-- + +--FILE-- + +--EXPECTF-- +Warning: odbc_close(): supplied resource is not a valid ODBC-Link resource in %s on line %d +resource(%d) of type (stream)