From df7af125c9dd12b3a8c3c5f92a5a00bb34137cd4 Mon Sep 17 00:00:00 2001 From: arshidkv12 Date: Sat, 31 Jan 2026 23:12:58 +0530 Subject: [PATCH 1/5] posix: validate mode argument in posix_access --- ext/posix/posix.c | 9 +++++ ext/posix/tests/posix_access_flags.phpt | 50 +++++++++++++++++++++++++ 2 files changed, 59 insertions(+) create mode 100644 ext/posix/tests/posix_access_flags.phpt diff --git a/ext/posix/posix.c b/ext/posix/posix.c index b7acf8c751270..dd1af611f5787 100644 --- a/ext/posix/posix.c +++ b/ext/posix/posix.c @@ -744,6 +744,15 @@ PHP_FUNCTION(posix_access) RETURN_FALSE; } + if (mode < 0 || (mode & ~(F_OK | R_OK | W_OK | X_OK))) { + zend_argument_value_error( + 2, + "must be a combination of POSIX_F_OK, POSIX_R_OK, POSIX_W_OK, and POSIX_X_OK" + ); + efree(path); + RETURN_THROWS(); + } + ret = access(path, mode); efree(path); diff --git a/ext/posix/tests/posix_access_flags.phpt b/ext/posix/tests/posix_access_flags.phpt new file mode 100644 index 0000000000000..87558542f7932 --- /dev/null +++ b/ext/posix/tests/posix_access_flags.phpt @@ -0,0 +1,50 @@ +--TEST-- +posix_access() flag (mode) validation +--FILE-- +getMessage(), "\n"; +} + +// Invalid: mode with garbage bits +try { + posix_access($testfile, 01000); // S_ISVTX bit (sticky) +} catch (ValueError $e) { + echo $e->getMessage(), "\n"; +} + +// Invalid: mode with unrelated high bits +try { + posix_access($testfile, 02000); // S_ISGID bit +} catch (ValueError $e) { + echo $e->getMessage(), "\n"; +} + +// Valid: check read and write access +if (posix_access($testfile, POSIX_R_OK | POSIX_W_OK)) { + echo "Read/write access OK\n"; +} + +// Valid: check file existence +if (posix_access($testfile, POSIX_F_OK)) { + echo "File exists OK\n"; +} + +unlink($testfile); +?> +--EXPECTF-- +posix_access(): Argument #2 ($flags) must be a combination of POSIX_F_OK, POSIX_R_OK, POSIX_W_OK, and POSIX_X_OK +posix_access(): Argument #2 ($flags) must be a combination of POSIX_F_OK, POSIX_R_OK, POSIX_W_OK, and POSIX_X_OK +posix_access(): Argument #2 ($flags) must be a combination of POSIX_F_OK, POSIX_R_OK, POSIX_W_OK, and POSIX_X_OK +Read/write access OK +File exists OK From 7d8e035b3c0a4823501a5c1d113987ae0614b5b8 Mon Sep 17 00:00:00 2001 From: arshidkv12 Date: Sat, 31 Jan 2026 23:46:48 +0530 Subject: [PATCH 2/5] posix: validate mode argument in posix_access --- ext/posix/posix.c | 2 +- ext/posix/tests/posix_access_flags.phpt | 12 +++++++++--- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/ext/posix/posix.c b/ext/posix/posix.c index dd1af611f5787..76e14f6ecb0c6 100644 --- a/ext/posix/posix.c +++ b/ext/posix/posix.c @@ -747,7 +747,7 @@ PHP_FUNCTION(posix_access) if (mode < 0 || (mode & ~(F_OK | R_OK | W_OK | X_OK))) { zend_argument_value_error( 2, - "must be a combination of POSIX_F_OK, POSIX_R_OK, POSIX_W_OK, and POSIX_X_OK" + "must be a bitmask of POSIX_F_OK, POSIX_R_OK, POSIX_W_OK, and POSIX_X_OK" ); efree(path); RETURN_THROWS(); diff --git a/ext/posix/tests/posix_access_flags.phpt b/ext/posix/tests/posix_access_flags.phpt index 87558542f7932..0a227ff5995f4 100644 --- a/ext/posix/tests/posix_access_flags.phpt +++ b/ext/posix/tests/posix_access_flags.phpt @@ -1,5 +1,11 @@ --TEST-- posix_access() flag (mode) validation +--SKIPIF-- + --FILE-- --EXPECTF-- -posix_access(): Argument #2 ($flags) must be a combination of POSIX_F_OK, POSIX_R_OK, POSIX_W_OK, and POSIX_X_OK -posix_access(): Argument #2 ($flags) must be a combination of POSIX_F_OK, POSIX_R_OK, POSIX_W_OK, and POSIX_X_OK -posix_access(): Argument #2 ($flags) must be a combination of POSIX_F_OK, POSIX_R_OK, POSIX_W_OK, and POSIX_X_OK +posix_access(): Argument #2 ($flags) must be a bitmask of POSIX_F_OK, POSIX_R_OK, POSIX_W_OK, and POSIX_X_OK +posix_access(): Argument #2 ($flags) must be a bitmask of POSIX_F_OK, POSIX_R_OK, POSIX_W_OK, and POSIX_X_OK +posix_access(): Argument #2 ($flags) must be a bitmask of POSIX_F_OK, POSIX_R_OK, POSIX_W_OK, and POSIX_X_OK Read/write access OK File exists OK From 6e2db41d23522b84ffa4beae134f8ae41a07c1f5 Mon Sep 17 00:00:00 2001 From: arshidkv12 Date: Sat, 31 Jan 2026 23:57:47 +0530 Subject: [PATCH 3/5] posix: validate mode argument in posix_access --- ext/posix/tests/posix_access_flags.phpt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ext/posix/tests/posix_access_flags.phpt b/ext/posix/tests/posix_access_flags.phpt index 0a227ff5995f4..41f876e64b045 100644 --- a/ext/posix/tests/posix_access_flags.phpt +++ b/ext/posix/tests/posix_access_flags.phpt @@ -2,8 +2,8 @@ posix_access() flag (mode) validation --SKIPIF-- --FILE-- From 26cec7b6d95f825e2707cbe758e9bcf5e3a37505 Mon Sep 17 00:00:00 2001 From: arshidkv12 Date: Sun, 1 Feb 2026 11:32:26 +0530 Subject: [PATCH 4/5] posix: validate mode argument in posix_access --- ext/posix/tests/posix_access_flags.phpt | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ext/posix/tests/posix_access_flags.phpt b/ext/posix/tests/posix_access_flags.phpt index 41f876e64b045..8b8b645041dc2 100644 --- a/ext/posix/tests/posix_access_flags.phpt +++ b/ext/posix/tests/posix_access_flags.phpt @@ -45,7 +45,9 @@ if (posix_access($testfile, POSIX_R_OK | POSIX_W_OK)) { if (posix_access($testfile, POSIX_F_OK)) { echo "File exists OK\n"; } - +?> +--CLEAN-- + --EXPECTF-- From b54507700e54a6de9dd9660bd2cf054f91386dcc Mon Sep 17 00:00:00 2001 From: arshidkv12 Date: Sun, 1 Feb 2026 11:39:11 +0530 Subject: [PATCH 5/5] posix: validate mode argument in posix_access --- ext/posix/tests/posix_access_flags.phpt | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/ext/posix/tests/posix_access_flags.phpt b/ext/posix/tests/posix_access_flags.phpt index 8b8b645041dc2..37c7522a2a3b1 100644 --- a/ext/posix/tests/posix_access_flags.phpt +++ b/ext/posix/tests/posix_access_flags.phpt @@ -45,10 +45,15 @@ if (posix_access($testfile, POSIX_R_OK | POSIX_W_OK)) { if (posix_access($testfile, POSIX_F_OK)) { echo "File exists OK\n"; } + ?> --CLEAN-- --EXPECTF-- posix_access(): Argument #2 ($flags) must be a bitmask of POSIX_F_OK, POSIX_R_OK, POSIX_W_OK, and POSIX_X_OK