From b30d1f923ee120dcf1d68dd2712793f83a794f1e Mon Sep 17 00:00:00 2001 From: Holger Woltersdorf Date: Mon, 25 Oct 2021 09:57:55 +0200 Subject: [PATCH 1/9] Update tools --- .phive/phars.xml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.phive/phars.xml b/.phive/phars.xml index 02d10c5..36ee3e2 100644 --- a/.phive/phars.xml +++ b/.phive/phars.xml @@ -1,8 +1,8 @@ - - - + + + - + From 31bc4b59fccaa07dc695baec7abcee26943f39c5 Mon Sep 17 00:00:00 2001 From: Holger Woltersdorf Date: Mon, 25 Oct 2021 11:03:08 +0200 Subject: [PATCH 2/9] Update PHP 8.1 docker base image to RC4 --- .docker/php/8.1/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.docker/php/8.1/Dockerfile b/.docker/php/8.1/Dockerfile index e4586be..d172bd1 100644 --- a/.docker/php/8.1/Dockerfile +++ b/.docker/php/8.1/Dockerfile @@ -1,4 +1,4 @@ -FROM php:8.1.0RC2-fpm-alpine +FROM php:8.1.0RC4-fpm-alpine ENV PHP_CONF_DIR=/usr/local/etc/php-fpm.d COPY --from=mlocati/php-extension-installer /usr/bin/install-php-extensions /usr/local/bin/ From 24365a90b336537e6b14ec02ef00f2cd82fa6262 Mon Sep 17 00:00:00 2001 From: Holger Woltersdorf Date: Tue, 7 Dec 2021 10:33:36 +0100 Subject: [PATCH 3/9] Update PHP 8.1 docker base image to RC4 --- CHANGELOG.md | 6 ++++++ src/RequestContents/JsonData.php | 7 ++++--- src/Sockets/Socket.php | 29 ++++++++++++++++++++--------- 3 files changed, 30 insertions(+), 12 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 77a220f..79a7456 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,10 @@ All notable changes to this project will be documented in this file. This project adheres to [Semantic Versioning](http://semver.org/) and [Keep a CHANGELOG](http://keepachangelog.com). +## [3.1.7] - 2021-12-07 + +* Make sure length values are within valid bounds + ## [3.1.6] - 2021-09-23 ### Added @@ -410,6 +414,8 @@ on [Pierrick Charron](https://github.com/adoy)'s [PHP-FastCGI-Client](https://gi socket connection) * Method `Client->getValues()` +[3.1.7]: https://github.com/hollodotme/fast-cgi-client/compare/v3.1.6...v3.1.7 + [3.1.6]: https://github.com/hollodotme/fast-cgi-client/compare/v3.1.5...v3.1.6 [3.1.5]: https://github.com/hollodotme/fast-cgi-client/compare/v3.1.4...v3.1.5 diff --git a/src/RequestContents/JsonData.php b/src/RequestContents/JsonData.php index 7870306..929afa5 100644 --- a/src/RequestContents/JsonData.php +++ b/src/RequestContents/JsonData.php @@ -5,6 +5,7 @@ use hollodotme\FastCGI\Interfaces\ComposesRequestContent; use RuntimeException; use function json_encode; +use const PHP_INT_MAX; final class JsonData implements ComposesRequestContent { @@ -14,19 +15,19 @@ final class JsonData implements ComposesRequestContent /** @var int */ private $encodingOptions; - /** @var int */ + /** @var int<1, max> */ private $encodingDepth; /** * @param mixed $data * @param int $options - * @param int $depth + * @param int<1, max> $depth */ public function __construct( $data, int $options = 0, int $depth = 512 ) { $this->data = $data; $this->encodingOptions = $options; - $this->encodingDepth = $depth; + $this->encodingDepth = max( 1, min( $depth, PHP_INT_MAX ) ); } public function getContentType() : string diff --git a/src/Sockets/Socket.php b/src/Sockets/Socket.php index 361f1f7..979b6d5 100644 --- a/src/Sockets/Socket.php +++ b/src/Sockets/Socket.php @@ -44,7 +44,9 @@ use function fread; use function fwrite; use function is_resource; +use function max; use function microtime; +use function min; use function ord; use function str_repeat; use function stream_get_meta_data; @@ -54,14 +56,13 @@ use function stream_socket_shutdown; use function strlen; use function substr; +use const PHP_INT_MAX; use const STREAM_SHUT_RDWR; final class Socket { private const BEGIN_REQUEST = 1; - private const ABORT_REQUEST = 2; - private const END_REQUEST = 3; private const PARAMS = 4; @@ -314,11 +315,11 @@ private function handleFailedResource( ?int $errorNumber, ?string $errorString ) if ( null !== $lastError ) { $lastErrorException = new ErrorException( - $lastError['message'] ?? '[No message available]', + $lastError['message'], 0, - $lastError['type'] ?? E_ERROR, - $lastError['file'] ?? '[No file available]', - $lastError['line'] ?? '[No line available]' + $lastError['type'], + $lastError['file'], + $lastError['line'] ); } @@ -502,11 +503,11 @@ private function readPacket() : ?array if ( $packet['contentLength'] ) { - $length = $packet['contentLength']; + $length = $this->getValidLength( (int)$packet['contentLength'] ); while ( $length && ($buffer = fread( $this->resource, $length )) !== false ) { - $length -= strlen( (string)$buffer ); + $length = $this->getValidLength( $length - strlen( (string)$buffer ) ); $packet['content'] .= $buffer; } } @@ -514,7 +515,7 @@ private function readPacket() : ?array if ( $packet['paddingLength'] ) { /** @noinspection UnusedFunctionResultInspection */ - fread( $this->resource, (int)$packet['paddingLength'] ); + fread( $this->resource, $this->getValidLength( (int)$packet['paddingLength'] ) ); } return $packet; @@ -523,6 +524,16 @@ private function readPacket() : ?array return null; } + /** + * @param int $value + * + * @return int<0, max> + */ + private function getValidLength( int $value ) : int + { + return (int)max( 0, min( $value, PHP_INT_MAX ) ); + } + private function notifyPassThroughCallbacks( string $outputBuffer, string $errorBuffer ) : void { foreach ( $this->passThroughCallbacks as $passThroughCallback ) From 221feda33ec3f82d35678e81dd090a747b5451b0 Mon Sep 17 00:00:00 2001 From: Holger Woltersdorf Date: Tue, 7 Dec 2021 10:33:51 +0100 Subject: [PATCH 4/9] Update PHP 8.1 docker base image to 8.1 GA --- .docker/php/8.1/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.docker/php/8.1/Dockerfile b/.docker/php/8.1/Dockerfile index d172bd1..9951001 100644 --- a/.docker/php/8.1/Dockerfile +++ b/.docker/php/8.1/Dockerfile @@ -1,4 +1,4 @@ -FROM php:8.1.0RC4-fpm-alpine +FROM php:8.1-fpm-alpine ENV PHP_CONF_DIR=/usr/local/etc/php-fpm.d COPY --from=mlocati/php-extension-installer /usr/bin/install-php-extensions /usr/local/bin/ From cc8bacbc2b65bb9fd7fe9fb58901fec0bf928c9e Mon Sep 17 00:00:00 2001 From: Holger Woltersdorf Date: Tue, 7 Dec 2021 10:34:14 +0100 Subject: [PATCH 5/9] Fix PHP UNIT options for make task --- .github/workflows/ci.yml | 2 +- Makefile | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ec06aa9..df9ef5c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -69,7 +69,7 @@ jobs: uses: mheap/phpunit-matcher-action@v1 - name: Run unit tests on PHP ${{ matrix.php }} - run: make -s "test-php-${{ matrix.php }}" + run: make -s -e "PHPUNIT_OPTIONS=--teamcity" "test-php-${{ matrix.php }}" env: COMPOSE_INTERACTIVE_NO_CLI: 1 PHPUNIT_OPTIONS: "--teamcity" diff --git a/Makefile b/Makefile index 59fcdb9..5ea0373 100644 --- a/Makefile +++ b/Makefile @@ -91,6 +91,7 @@ make-integration-workers-accessible: .PHONY: make-integration-workers-accessible PHP_OPTIONS = -d error_reporting=-1 -dmemory_limit=-1 -d xdebug.mode=coverage -d auto_prepend_file=tests/xdebug-filter.php +PHPUNIT_OPTIONS = --testdox ## Run PHP linting phplint: From 2a48ddc073cde4a1b43a29a4e3d4cd07fc6e5d0e Mon Sep 17 00:00:00 2001 From: Holger Woltersdorf Date: Tue, 7 Dec 2021 10:35:27 +0100 Subject: [PATCH 6/9] Tear down docker compose after testing --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 5ea0373..cbcba88 100644 --- a/Makefile +++ b/Makefile @@ -80,7 +80,7 @@ composer-update: .PHONY: composer-update ## Run all tests on all PHP versions -tests: composer-validate phplint test-php-7.1 test-php-7.2 test-php-7.3 test-php-7.4 test-php-8.0 test-php-8.1 phpstan +tests: composer-validate phplint test-php-7.1 test-php-7.2 test-php-7.3 test-php-7.4 test-php-8.0 test-php-8.1 dcdown phpstan .PHONY: tests INTEGRATION_WORKER_DIR = ./tests/Integration/Workers From 21a1baede9e1d40d205003c421bc6aea808d909d Mon Sep 17 00:00:00 2001 From: Holger Woltersdorf Date: Tue, 7 Dec 2021 10:58:10 +0100 Subject: [PATCH 7/9] Upgrade phpstan to v1.2.x on Level 8 --- .phive/phars.xml | 4 ++-- phpstan.neon | 2 +- src/Encoders/NameValuePairEncoder.php | 22 +++++++++++----------- src/Interfaces/EncodesNameValuePair.php | 2 +- 4 files changed, 15 insertions(+), 15 deletions(-) diff --git a/.phive/phars.xml b/.phive/phars.xml index 36ee3e2..8a0ee75 100644 --- a/.phive/phars.xml +++ b/.phive/phars.xml @@ -3,6 +3,6 @@ - - + + diff --git a/phpstan.neon b/phpstan.neon index cb2d4fb..27024df 100644 --- a/phpstan.neon +++ b/phpstan.neon @@ -2,6 +2,6 @@ parameters: paths: - src - tests - level: max + level: 8 bootstrapFiles: - /repo/.tools/phpunit-7.phar \ No newline at end of file diff --git a/src/Encoders/NameValuePairEncoder.php b/src/Encoders/NameValuePairEncoder.php index fcc3fe2..eae6276 100644 --- a/src/Encoders/NameValuePairEncoder.php +++ b/src/Encoders/NameValuePairEncoder.php @@ -1,4 +1,4 @@ - $pairs + * @param array $pairs * * @return string */ @@ -105,25 +105,25 @@ public function decodePairs( string $data, int $length = -1 ) : array while ( $p !== $length ) { - $nameLength = ord( $data[$p++] ); + $nameLength = ord( $data[ $p++ ] ); if ( $nameLength >= 128 ) { $nameLength &= (0x7F << 24); - $nameLength |= (ord( $data[$p++] ) << 16); - $nameLength |= (ord( $data[$p++] ) << 8); - $nameLength |= ord( $data[$p++] ); + $nameLength |= (ord( $data[ $p++ ] ) << 16); + $nameLength |= (ord( $data[ $p++ ] ) << 8); + $nameLength |= ord( $data[ $p++ ] ); } - $valueLength = ord( $data[$p++] ); + $valueLength = ord( $data[ $p++ ] ); if ( $valueLength >= 128 ) { $valueLength = ($nameLength & 0x7F << 24); - $valueLength |= (ord( $data[$p++] ) << 16); - $valueLength |= (ord( $data[$p++] ) << 8); - $valueLength |= ord( $data[$p++] ); + $valueLength |= (ord( $data[ $p++ ] ) << 16); + $valueLength |= (ord( $data[ $p++ ] ) << 8); + $valueLength |= ord( $data[ $p++ ] ); } $array[ substr( $data, $p, $nameLength ) ] = substr( $data, $p + $nameLength, $valueLength ); - $p += ($nameLength + $valueLength); + $p += ($nameLength + $valueLength); } return $array; diff --git a/src/Interfaces/EncodesNameValuePair.php b/src/Interfaces/EncodesNameValuePair.php index cf0492b..5471d29 100644 --- a/src/Interfaces/EncodesNameValuePair.php +++ b/src/Interfaces/EncodesNameValuePair.php @@ -30,7 +30,7 @@ interface EncodesNameValuePair { /** - * @param array $pairs + * @param array $pairs * * @return string */ From 6ce7f15b6edca0eaaed88d31de58bb41aa483eec Mon Sep 17 00:00:00 2001 From: Holger Woltersdorf Date: Tue, 7 Dec 2021 10:59:32 +0100 Subject: [PATCH 8/9] Remove disabling of pseudo TTY --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index cbcba88..30e0ecc 100644 --- a/Makefile +++ b/Makefile @@ -20,7 +20,7 @@ PROJECT = fast-cgi-client IMAGE = php80 DOCKER_COMPOSE_OPTIONS = -p $(PROJECT) -f docker-compose.yml DOCKER_COMPOSE_BASE_COMMAND = docker-compose $(DOCKER_COMPOSE_OPTIONS) -DOCKER_COMPOSE_EXEC_COMMAND = $(DOCKER_COMPOSE_BASE_COMMAND) exec -T +DOCKER_COMPOSE_EXEC_COMMAND = $(DOCKER_COMPOSE_BASE_COMMAND) exec DOCKER_COMPOSE_ISOLATED_RUN_COMMAND = $(DOCKER_COMPOSE_BASE_COMMAND) run --rm --no-deps phpUnitKey = 4AA394086372C20A From 4556b701e9d822b85b5003411e18f97fd15a7501 Mon Sep 17 00:00:00 2001 From: Holger Woltersdorf Date: Tue, 7 Dec 2021 11:06:20 +0100 Subject: [PATCH 9/9] Add disabling of pseudo TTY --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 30e0ecc..cbcba88 100644 --- a/Makefile +++ b/Makefile @@ -20,7 +20,7 @@ PROJECT = fast-cgi-client IMAGE = php80 DOCKER_COMPOSE_OPTIONS = -p $(PROJECT) -f docker-compose.yml DOCKER_COMPOSE_BASE_COMMAND = docker-compose $(DOCKER_COMPOSE_OPTIONS) -DOCKER_COMPOSE_EXEC_COMMAND = $(DOCKER_COMPOSE_BASE_COMMAND) exec +DOCKER_COMPOSE_EXEC_COMMAND = $(DOCKER_COMPOSE_BASE_COMMAND) exec -T DOCKER_COMPOSE_ISOLATED_RUN_COMMAND = $(DOCKER_COMPOSE_BASE_COMMAND) run --rm --no-deps phpUnitKey = 4AA394086372C20A