From 5e1a8c07daa01d68458fd758fa0369d0486c9a90 Mon Sep 17 00:00:00 2001 From: "Christoph M. Becker" Date: Thu, 15 Aug 2019 13:18:01 +0200 Subject: [PATCH] Accept a valid path instead of an arbitrary string Since we're passing this parameter to a C function accepting a `char*` without any further checking, we should reject strings with NUL bytes in the first place. --- ext/sqlite3/sqlite3.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ext/sqlite3/sqlite3.c b/ext/sqlite3/sqlite3.c index b968246f9409c..cdc11fa6eeab2 100644 --- a/ext/sqlite3/sqlite3.c +++ b/ext/sqlite3/sqlite3.c @@ -1296,7 +1296,7 @@ PHP_METHOD(sqlite3, openBlob) SQLITE3_CHECK_INITIALIZED(db_obj, db_obj->initialised, SQLite3) - if (zend_parse_parameters(ZEND_NUM_ARGS(), "ssl|sl", &table, &table_len, &column, &column_len, &rowid, &dbname, &dbname_len, &flags) == FAILURE) { + if (zend_parse_parameters(ZEND_NUM_ARGS(), "ssl|pl", &table, &table_len, &column, &column_len, &rowid, &dbname, &dbname_len, &flags) == FAILURE) { return; }