From 6bd97e72b719599b3110fd5ec543b2996f52ba63 Mon Sep 17 00:00:00 2001
From: arshidkv12 <arshidkv12@gmail.com>
Date: Sat, 31 Jan 2026 21:14:39 +0530
Subject: [PATCH 1/2] ext/posix: validate permissions argument in
 posix_mkfifo()

close GH-21102
---
 NEWS                                          |  1 +
 ext/posix/posix.c                             |  5 +++
 .../tests/posix_mkfifo_invalid_mode.phpt      | 36 +++++++++++++++++++
 3 files changed, 42 insertions(+)
 create mode 100644 ext/posix/tests/posix_mkfifo_invalid_mode.phpt

diff --git a/NEWS b/NEWS
index b19b09c21442..0872d8dc542a 100644
--- a/NEWS
+++ b/NEWS
@@ -80,6 +80,7 @@ PHP                                                                        NEWS
 
 - Posix:
   . Added validity check to the flags argument for posix_access(). (arshidkv12)
+  . Added validity check to the permissions argument for posix_mkfifo(). (arshidkv12)
 
 - Reflection:
   . Fixed bug GH-20217 (ReflectionClass::isIterable() incorrectly returns true
diff --git a/ext/posix/posix.c b/ext/posix/posix.c
index 76e14f6ecb0c..a81372349fd4 100644
--- a/ext/posix/posix.c
+++ b/ext/posix/posix.c
@@ -621,6 +621,11 @@ PHP_FUNCTION(posix_mkfifo)
 		RETURN_FALSE;
 	}
 
+	if (mode < 0 || (mode & ~07777)) {
+		zend_argument_value_error(2, "must be between 0 and 0o7777");
+		RETURN_THROWS();
+	}
+
 	result = mkfifo(ZSTR_VAL(path), mode);
 	if (result < 0) {
 		POSIX_G(last_error) = errno;
diff --git a/ext/posix/tests/posix_mkfifo_invalid_mode.phpt b/ext/posix/tests/posix_mkfifo_invalid_mode.phpt
new file mode 100644
index 000000000000..5c9f251adfca
--- /dev/null
+++ b/ext/posix/tests/posix_mkfifo_invalid_mode.phpt
@@ -0,0 +1,36 @@
+--TEST--
+posix_mkfifo(): invalid mode argument
+--SKIPIF--
+<?php
+if (!function_exists("posix_mkfifo")) {
+    die("skip no posix_mkfifo()");
+}
+?>
+--FILE--
+<?php
+
+// Negative mode
+try {
+    posix_mkfifo(__DIR__ . "/testfifo1", -1);
+} catch (ValueError $e) {
+    echo $e->getMessage(), "\n";
+}
+
+// Too large mode
+try {
+    posix_mkfifo(__DIR__ . "/testfifo2", 010000); // > 07777
+} catch (ValueError $e) {
+    echo $e->getMessage(), "\n";
+}
+
+// Garbage bits
+try {
+    posix_mkfifo(__DIR__ . "/testfifo3", 020000); // S_IFCHR bit
+} catch (ValueError $e) {
+    echo $e->getMessage(), "\n";
+}
+?>
+--EXPECTF--
+posix_mkfifo(): Argument #2 ($permissions) must be between 0 and 0o7777
+posix_mkfifo(): Argument #2 ($permissions) must be between 0 and 0o7777
+posix_mkfifo(): Argument #2 ($permissions) must be between 0 and 0o7777

From 52e9436629061a7a5280011abbb104f4be9a7e2b Mon Sep 17 00:00:00 2001
From: David Carlier <devnexen@gmail.com>
Date: Fri, 6 Feb 2026 12:55:59 +0000
Subject: [PATCH 2/2] [ci skip] ext/posix: forgotten UPGRADING notes for
 posix_access()/posix_mkfifo().

---
 UPGRADING | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/UPGRADING b/UPGRADING
index 830709b2ae23..8a1c61b9192c 100644
--- a/UPGRADING
+++ b/UPGRADING
@@ -81,6 +81,12 @@ PHP 8.6 UPGRADE NOTES
 - Phar:
   . Phar::mungServer() now supports reference values.
 
+- Posix:
+  . posix_access() now throws a ValueError exception if the flags
+    argument is invalid.
+  . posix_mkfifo() now throws a ValueError exception if the permissions
+    argument is invalid.
+
 - Sockets:
   . socket_addrinfo_lookup() now has an additional optional argument $error
     when not null, and on failure, gives the error code (one of the EAI_*