Initialize output param buffer when allocating extra space (#907)

This commit is contained in:
Jenny Tam 2018-12-17 12:25:37 -08:00 коммит произвёл GitHub
Родитель e30ebfabe8
Коммит d4f840f630
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
3 изменённых файлов: 162 добавлений и 6 удалений

Просмотреть файл

@ -2770,10 +2770,10 @@ void resize_output_buffer_if_necessary( _Inout_ sqlsrv_stmt* stmt, _Inout_ zval*
{ {
SQLSRV_ASSERT( column_size != SQLSRV_UNKNOWN_SIZE, "column size should be set to a known value." ); SQLSRV_ASSERT( column_size != SQLSRV_UNKNOWN_SIZE, "column size should be set to a known value." );
buffer_len = Z_STRLEN_P( param_z ); buffer_len = Z_STRLEN_P( param_z );
SQLLEN original_len = buffer_len;
SQLLEN expected_len; SQLLEN expected_len;
SQLLEN buffer_null_extra; SQLLEN buffer_null_extra;
SQLLEN elem_size; SQLLEN elem_size;
SQLLEN without_null_len;
// calculate the size of each 'element' represented by column_size. WCHAR is of course 2, // calculate the size of each 'element' represented by column_size. WCHAR is of course 2,
// as is a n(var)char/ntext field being returned as a binary field. // as is a n(var)char/ntext field being returned as a binary field.
@ -2801,9 +2801,6 @@ void resize_output_buffer_if_necessary( _Inout_ sqlsrv_stmt* stmt, _Inout_ zval*
// binary fields aren't null terminated, so we need to account for that in our buffer length calcuations // binary fields aren't null terminated, so we need to account for that in our buffer length calcuations
buffer_null_extra = (c_type == SQL_C_BINARY) ? elem_size : 0; buffer_null_extra = (c_type == SQL_C_BINARY) ? elem_size : 0;
// this is the size of the string for Zend and for the StrLen parameter to SQLBindParameter
without_null_len = field_size * elem_size;
// increment to include the null terminator since the Zend length doesn't include the null terminator // increment to include the null terminator since the Zend length doesn't include the null terminator
buffer_len += elem_size; buffer_len += elem_size;
@ -2821,8 +2818,10 @@ void resize_output_buffer_if_necessary( _Inout_ sqlsrv_stmt* stmt, _Inout_ zval*
// A zval string len doesn't include the null. This calculates the length it should be // A zval string len doesn't include the null. This calculates the length it should be
// regardless of whether the ODBC type contains the NULL or not. // regardless of whether the ODBC type contains the NULL or not.
// null terminate the string to avoid a warning in debug PHP builds // initialize the newly allocated space
ZSTR_VAL(param_z_string)[without_null_len] = '\0'; char *p = ZSTR_VAL(param_z_string);
p = p + original_len;
memset(p, '\0', expected_len - original_len);
ZVAL_NEW_STR(param_z, param_z_string); ZVAL_NEW_STR(param_z, param_z_string);
// buffer_len is the length passed to SQLBindParameter. It must contain the space for NULL in the // buffer_len is the length passed to SQLBindParameter. It must contain the space for NULL in the

Просмотреть файл

@ -0,0 +1,80 @@
--TEST--
GitHub issue 900 - output parameter displays data from memory when not finalized
--DESCRIPTION--
This test verifies that when there is an active resultset and output parameter not finalized, it should not show any data from client memory. This test does not work with AlwaysEncrypted because the output param is not assigned in the stored procedure.
--ENV--
PHPT_EXEC=true
--SKIPIF--
<?php require('skipif_mid-refactor.inc'); ?>
--FILE--
<?php
require_once("MsSetup.inc");
require_once("MsCommon_mid-refactor.inc");
function getOutputParam($conn, $storedProcName, $dataType, $inout)
{
$size = rand(1000, 4000); // The maximum anticipated size is 8000 for wide chars
try {
$output = null;
$stmt = $conn->prepare("$storedProcName @OUTPUT = :output");
if ($inout) {
$paramType = PDO::PARAM_STR | PDO::PARAM_INPUT_OUTPUT;
} else {
$paramType = PDO::PARAM_STR;
}
$stmt->bindParam('output', $output, $paramType, $size);
$stmt->execute();
// The output param should be doubled in size for wide characters.
// However, it should not contain any data so after trimming it
// should be merely an empty string because it was originally set to null
$len = strlen($output);
$result = trim($output);
if ($len != ($size * 2) || $result !== "" ) {
echo "Unexpected output param for $dataType: ";
var_dump($output);
}
$stmt->closeCursor();
if (!is_null($output)) {
echo "Output param should be null when finalized!";
}
unset($stmt);
} catch (PdoException $e) {
echo $e->getMessage() . PHP_EOL;
}
}
try {
// This helper method sets PDO::ATTR_ERRMODE to PDO::ERRMODE_EXCEPTION
// $conn = connect();
$conn = new PDO( "sqlsrv:server=$server; Database = $databaseName", $uid, $pwd);
$conn->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
$dataTypes = array("VARCHAR(256)", "VARCHAR(512)", "VARCHAR(max)", "NVARCHAR(256)", "NVARCHAR(512)", "NVARCHAR(max)");
for ($i = 0, $p = 3; $i < count($dataTypes); $i++, $p++) {
// Create the stored procedure first
$storedProcName = "spNullOutputParam" . $i;
$procArgs = "@OUTPUT $dataTypes[$i] OUTPUT";
$procCode = "SELECT 1, 2, 3";
createProc($conn, $storedProcName, $procArgs, $procCode);
getOutputParam($conn, $storedProcName, $dataTypes[$i], false);
getOutputParam($conn, $storedProcName, $dataTypes[$i], true);
// Drop the stored procedure
dropProc($conn, $storedProcName);
}
echo "Done\n";
unset($conn);
} catch (PdoException $e) {
echo $e->getMessage() . PHP_EOL;
}
?>
--EXPECT--
Done

Просмотреть файл

@ -0,0 +1,77 @@
--TEST--
GitHub issue 900 - output parameter displays data from memory when not finalized
--DESCRIPTION--
This test verifies that when there is an active resultset and output parameter not finalized, it should not show any data from client memory. This test does not work with AlwaysEncrypted because the output param is not assigned in the stored procedure.
--ENV--
PHPT_EXEC=true
--SKIPIF--
<?php require('skipif_versions_old.inc'); ?>
--FILE--
<?php
require_once('MsCommon.inc');
function getOutputParam($conn, $storedProcName, $inout, $isVarchar)
{
$size = rand(1000, 4000); // The maximum anticipated size is 8000 for wide chars
$output = null;
$dir = ($inout)? SQLSRV_PARAM_INOUT : SQLSRV_PARAM_OUT;
$dataType = ($isVarchar)? "SQLSRV_SQLTYPE_VARCHAR" : "SQLSRV_SQLTYPE_NVARCHAR";
$sqlType = call_user_func($dataType, $size);
$stmt = sqlsrv_prepare($conn, "$storedProcName @OUTPUT = ?", array(array(&$output, $dir, null, $sqlType)));
if (!$stmt) {
fatalError("getOutputParam: failed when preparing to call $storedProcName");
}
if (!sqlsrv_execute($stmt)) {
fatalError("getOutputParam: failed to execute procedure $storedProcName");
}
// The output param should be doubled in size for wide characters.
// However, it should not contain any data so after trimming it
// should be merely an empty string because it was originally set to null
$len = strlen($output);
$expectedLen = $size * 2;
$result = trim($output);
if ($len != $expectedLen || $result !== "" ) {
echo "Unexpected output param for $dataType, $isMax: ";
var_dump($output);
}
sqlsrv_next_result($stmt);
if (!is_null($output)) {
echo "Output param should be null when finalized!";
}
}
set_time_limit(0);
sqlsrv_configure('WarningsReturnAsErrors', 1);
$conn = connect(array("CharacterSet" => "UTF-8"));
if (!$conn) {
fatalError("Could not connect.\n");
}
$dataTypes = array("VARCHAR(256)", "VARCHAR(512)", "VARCHAR(max)", "NVARCHAR(256)", "NVARCHAR(512)", "NVARCHAR(max)");
for ($i = 0, $p = 3; $i < count($dataTypes); $i++, $p++) {
// Create the stored procedure first
$storedProcName = "spNullOutputParam" . $i;
$procArgs = "@OUTPUT $dataTypes[$i] OUTPUT";
$procCode = "SELECT 1, 2, 3";
createProc($conn, $storedProcName, $procArgs, $procCode);
getOutputParam($conn, $storedProcName, false, ($i < 3));
getOutputParam($conn, $storedProcName, true, ($i < 3));
// Drop the stored procedure
dropProc($conn, $storedProcName);
}
echo "Done\n";
sqlsrv_close($conn);
?>
--EXPECT--
Done