standard http_fopen_wrapper.c

Ilia Alshanetsky Thu, 05 May 2005 20:15:08 -0700

iliaa           Thu May  5 22:18:22 2005 EDT

  Modified files:              (Branch: PHP_5_0)
    /php-src    NEWS 
    /php-src/ext/standard       http_fopen_wrapper.c 
  Log:
  MFH: Fixed bug #32936 (http redirects URLs are not checked for control chars).
  
  
http://cvs.php.net/diff.php/php-src/NEWS?r1=1.1760.2.373&r2=1.1760.2.374&ty=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.1760.2.373 php-src/NEWS:1.1760.2.374
--- php-src/NEWS:1.1760.2.373   Thu May  5 20:21:27 2005
+++ php-src/NEWS        Thu May  5 22:18:20 2005
@@ -12,6 +12,7 @@
 - Fixed memory corruption in ImageTTFText() with 64bit systems. (Andrey)
 - Fixed bug #32956 (mysql_bind_result doesn't support MYSQL_TYPE_NULL). (Georg)
 - Fixed bug #32947 (Incorrect option for mysqli default password). (Georg)
+- Fixed bug #32936 (http redirects URLs are not checked for control chars). 
(Ilia)
 - Fixed bug #32930 (class extending DOMDocument doesn't clone properly). (Rob)
 - Fixed bug #32852 (Crash with singleton and __destruct when
   zend.ze1_compatibility_mode = On). (Dmitry)
http://cvs.php.net/diff.php/php-src/ext/standard/http_fopen_wrapper.c?r1=1.88.2.1&r2=1.88.2.2&ty=u
Index: php-src/ext/standard/http_fopen_wrapper.c
diff -u php-src/ext/standard/http_fopen_wrapper.c:1.88.2.1 
php-src/ext/standard/http_fopen_wrapper.c:1.88.2.2
--- php-src/ext/standard/http_fopen_wrapper.c:1.88.2.1  Mon Mar 21 03:46:50 2005
+++ php-src/ext/standard/http_fopen_wrapper.c   Thu May  5 22:18:22 2005
@@ -18,7 +18,7 @@
    |          Wez Furlong <[EMAIL PROTECTED]>                          |
    +----------------------------------------------------------------------+
  */
-/* $Id: http_fopen_wrapper.c,v 1.88.2.1 2005/03/21 08:46:50 hyanantha Exp $ */ 
+/* $Id: http_fopen_wrapper.c,v 1.88.2.2 2005/05/06 02:18:22 iliaa Exp $ */ 
 
 #include "php.h"
 #include "php_globals.h"
@@ -517,6 +517,34 @@
                        } else {
                                strlcpy(new_path, location, sizeof(new_path));
                        }
+
+                       php_url_free(resource);
+                       /* check for invalid redirection URLs */
+                       if ((resource = php_url_parse(new_path)) == NULL) {
+                               php_stream_wrapper_log_error(wrapper, options 
TSRMLS_CC, "Invalid redirect url! %s", new_path);
+                               goto out;
+                       }
+
+#define CHECK_FOR_CNTRL_CHARS(val) {   \
+       if (val) {      \
+               unsigned char *s, *e;   \
+               int l;  \
+               l = php_url_decode(val, strlen(val));   \
+               s = val; e = s + l;     \
+               while (s < e) { \
+                       if (iscntrl(*s)) {      \
+                               php_stream_wrapper_log_error(wrapper, options 
TSRMLS_CC, "Invalid redirect url! %s", new_path); \
+                               goto out;       \
+                       }       \
+                       s++;    \
+               }       \
+       }       \
+}      \
+                       /* check for control characters in login, password & 
path */
+                       CHECK_FOR_CNTRL_CHARS(resource->user)
+                       CHECK_FOR_CNTRL_CHARS(resource->pass)
+                       CHECK_FOR_CNTRL_CHARS(resource->path)
+
                        stream = php_stream_url_wrap_http_ex(NULL, new_path, 
mode, options, opened_path, context, --redirect_max, 0 STREAMS_CC TSRMLS_CC);
                        if (stream && stream->wrapperdata)      {
                                entryp = &entry;


-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-CVS] cvs: php-src(PHP_5_0) / NEWS /ext/standard http_fopen_wrapper.c

Reply via email to