iliaa Thu May 5 22:18:22 2005 EDT Modified files: (Branch: PHP_5_0) /php-src NEWS /php-src/ext/standard http_fopen_wrapper.c Log: MFH: Fixed bug #32936 (http redirects URLs are not checked for control chars). http://cvs.php.net/diff.php/php-src/NEWS?r1=1.1760.2.373&r2=1.1760.2.374&ty=u Index: php-src/NEWS diff -u php-src/NEWS:1.1760.2.373 php-src/NEWS:1.1760.2.374 --- php-src/NEWS:1.1760.2.373 Thu May 5 20:21:27 2005 +++ php-src/NEWS Thu May 5 22:18:20 2005 @@ -12,6 +12,7 @@ - Fixed memory corruption in ImageTTFText() with 64bit systems. (Andrey) - Fixed bug #32956 (mysql_bind_result doesn't support MYSQL_TYPE_NULL). (Georg) - Fixed bug #32947 (Incorrect option for mysqli default password). (Georg) +- Fixed bug #32936 (http redirects URLs are not checked for control chars). (Ilia) - Fixed bug #32930 (class extending DOMDocument doesn't clone properly). (Rob) - Fixed bug #32852 (Crash with singleton and __destruct when zend.ze1_compatibility_mode = On). (Dmitry) http://cvs.php.net/diff.php/php-src/ext/standard/http_fopen_wrapper.c?r1=1.88.2.1&r2=1.88.2.2&ty=u Index: php-src/ext/standard/http_fopen_wrapper.c diff -u php-src/ext/standard/http_fopen_wrapper.c:1.88.2.1 php-src/ext/standard/http_fopen_wrapper.c:1.88.2.2 --- php-src/ext/standard/http_fopen_wrapper.c:1.88.2.1 Mon Mar 21 03:46:50 2005 +++ php-src/ext/standard/http_fopen_wrapper.c Thu May 5 22:18:22 2005 @@ -18,7 +18,7 @@ | Wez Furlong <[EMAIL PROTECTED]> | +----------------------------------------------------------------------+ */ -/* $Id: http_fopen_wrapper.c,v 1.88.2.1 2005/03/21 08:46:50 hyanantha Exp $ */ +/* $Id: http_fopen_wrapper.c,v 1.88.2.2 2005/05/06 02:18:22 iliaa Exp $ */ #include "php.h" #include "php_globals.h" @@ -517,6 +517,34 @@ } else { strlcpy(new_path, location, sizeof(new_path)); } + + php_url_free(resource); + /* check for invalid redirection URLs */ + if ((resource = php_url_parse(new_path)) == NULL) { + php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "Invalid redirect url! %s", new_path); + goto out; + } + +#define CHECK_FOR_CNTRL_CHARS(val) { \ + if (val) { \ + unsigned char *s, *e; \ + int l; \ + l = php_url_decode(val, strlen(val)); \ + s = val; e = s + l; \ + while (s < e) { \ + if (iscntrl(*s)) { \ + php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "Invalid redirect url! %s", new_path); \ + goto out; \ + } \ + s++; \ + } \ + } \ +} \ + /* check for control characters in login, password & path */ + CHECK_FOR_CNTRL_CHARS(resource->user) + CHECK_FOR_CNTRL_CHARS(resource->pass) + CHECK_FOR_CNTRL_CHARS(resource->path) + stream = php_stream_url_wrap_http_ex(NULL, new_path, mode, options, opened_path, context, --redirect_max, 0 STREAMS_CC TSRMLS_CC); if (stream && stream->wrapperdata) { entryp = &entry;
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php