Bug #54674 [Asn-Csd]: mysqlnd valid_sjis_(head|tail) is using invalid operator and range.

2011-05-10 Thread andrey 
Edit report at http://bugs.php.net/bug.php?id=54674edit=1

 ID: 54674
 Updated by: and...@php.net
 Reported by:nihen at megabbs dot com
 Summary:mysqlnd valid_sjis_(head|tail) is using invalid
 operator and range.
-Status: Assigned
+Status: Closed
 Type:   Bug
 Package:PDO related
 Operating System:   All
 PHP Version:5.3.6
 Assigned To:mysql
 Block user comment: N
 Private report: N

 New Comment:

This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

Range fixed in SVN. Thanks!


Previous Comments:

[2011-05-10 05:31:23] nihen at megabbs dot com

Thank you for operator fix.

but, it does not fix invalid range.



 #define valid_sjis_tail(c)  ((0x40 = (c)  (c) = 0x7E) || (0x80 =
(c)  

(c) = 0x7C))



to



#define valid_sjis_tail(c)  ((0x40 = (c)  (c) = 0x7E) || (0x80 =
(c)  (c) 

= 0xFC))



is correct.

s/7C/FC/


[2011-05-09 18:24:18] and...@php.net

This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

Thanks for the report!


[2011-05-09 18:20:37] and...@php.net

Automatic comment from SVN on behalf of andrey
Revision: http://svn.php.net/viewvc/?view=revisionamp;revision=310856
Log: Fix for bug 54674..typo in the check of SJIS


[2011-05-06 12:11:17] nihen at megabbs dot com

Original report by Hiroshi Tokumaru.

http://www.tokumaru.org/d/20110322.html#p01

http://www.tokumaru.org/d/20110329.html#p01

(lang:japanese)


[2011-05-06 11:54:38] nihen at megabbs dot com

Description:

impacts to:

1. mysqli-real_escape_string

2. use PDO at PDO::ATTR_EMULATE_PREPARES = true



real_escape_string must not escape multi-byte character.

but escape it.



This bug is a SQL-injection may cause.

Test script:
---
?php

$japanese_so = pack('H4', '835c');



$mysql = mysqli_connect('localhost', 'sandbox', 'sandbox');

$mysql-set_charset('sjis');

echo $mysql-real_escape_string($japanese_so) === $japanese_so ? 'ok' :
'ng';

echo \n;



Expected result:

echo ok\n

Actual result:
--
echo ng\n






-- 
Edit this bug report at http://bugs.php.net/bug.php?id=54674edit=1

Bug #54674 [Asn-Csd]: mysqlnd valid_sjis_(head|tail) is using invalid operator and range.

2011-05-09 Thread andrey 
Edit report at http://bugs.php.net/bug.php?id=54674edit=1

 ID: 54674
 Updated by: and...@php.net
 Reported by:nihen at megabbs dot com
 Summary:mysqlnd valid_sjis_(head|tail) is using invalid
 operator and range.
-Status: Assigned
+Status: Closed
 Type:   Bug
 Package:PDO related
 Operating System:   All
 PHP Version:5.3.6
 Assigned To:mysql
 Block user comment: N
 Private report: N

 New Comment:

This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

Thanks for the report!


Previous Comments:

[2011-05-09 18:20:37] and...@php.net

Automatic comment from SVN on behalf of andrey
Revision: http://svn.php.net/viewvc/?view=revisionamp;revision=310856
Log: Fix for bug 54674..typo in the check of SJIS


[2011-05-06 12:11:17] nihen at megabbs dot com

Original report by Hiroshi Tokumaru.

http://www.tokumaru.org/d/20110322.html#p01

http://www.tokumaru.org/d/20110329.html#p01

(lang:japanese)


[2011-05-06 11:54:38] nihen at megabbs dot com

Description:

impacts to:

1. mysqli-real_escape_string

2. use PDO at PDO::ATTR_EMULATE_PREPARES = true



real_escape_string must not escape multi-byte character.

but escape it.



This bug is a SQL-injection may cause.

Test script:
---
?php

$japanese_so = pack('H4', '835c');



$mysql = mysqli_connect('localhost', 'sandbox', 'sandbox');

$mysql-set_charset('sjis');

echo $mysql-real_escape_string($japanese_so) === $japanese_so ? 'ok' :
'ng';

echo \n;



Expected result:

echo ok\n

Actual result:
--
echo ng\n






-- 
Edit this bug report at http://bugs.php.net/bug.php?id=54674edit=1