Fixed bug #40079 (php_get_current_user() not thread safe).

# Original patch from wharmby at uk dot ibm dot com

Author: Ilia Alshanetsky

NEWS

@@ -4,6 +4,8 @@ PHP                                                                        NEWS
 - Added CURLOPT_TCP_NODELAY constant to Curl extension. (Sara)
 - Improved proc_open(). Now on Windows it can run external commands not through
   CMD.EXE. (Dmitry)
+- Fixed bug #40079 (php_get_current_user() not thread safe). (Ilia, wharmby
+  at uk dot ibm dot com)
 - Fixed bug #40076 (zend_alloc.c: Value of enumeration constant must be in
   range of signed integer). (Dmitry)
 - Fixed bug #40073 (exif_read_data dies on certain images). (Tony, Marcus)

configure.in

@@ -483,6 +483,7 @@ gettimeofday \
 gmtime_r \
 getpwnam_r \
 getgrnam_r \
+getpwuid_r \
 grantpt \
 inet_ntoa \
 inet_ntop \

main/safe_mode.c

@@ -228,12 +228,27 @@ PHPAPI char *php_get_current_user()
 		return SG(request_info).current_user;		
 #else
 		struct passwd *pwd;
+#ifdef HAVE_GETPWUID_R
+		struct passwd _pw;
+		struct passwd *retpwptr = NULL;
+		int pwbuflen = sysconf(_SC_GETPW_R_SIZE_MAX);
+		char *pwbuf = emalloc(pwbuflen);
 
+		if (getpwuid_r(pstat->st_uid, &_pw, pwbuf, pwbuflen, &retpwptr) != 0) {
+			efree(pwbuf);
+			return "";
+		}
+		pwd = &_pw;
+#else
 		if ((pwd=getpwuid(pstat->st_uid))==NULL) {
 			return "";
 		}
+#endif
 		SG(request_info).current_user_length = strlen(pwd->pw_name);
 		SG(request_info).current_user = estrndup(pwd->pw_name, SG(request_info).current_user_length);
+#ifdef HAVE_GETPWUID_R
+		efree(pwbuf);
+#endif
 		return SG(request_info).current_user;		
 #endif
 	}