diff options
| author | Ondřej Surý <ondrej@sury.org> | 2011-02-16 10:13:02 +0100 |
|---|---|---|
| committer | Ondřej Surý <ondrej@sury.org> | 2011-02-16 10:13:02 +0100 |
| commit | fd5a0b31640419ca63d1ddeaffd6d3cf2a741814 (patch) | |
| tree | bfd17d84c5181d7b98d7d66f56573f4fc897e31c /ext/filter | |
| parent | 01fcdff3849c3691d9aaeaab735846ab6d8895ca (diff) | |
| download | php-fd5a0b31640419ca63d1ddeaffd6d3cf2a741814.tar.gz | |
Imported Upstream version 5.3.5upstream/5.3.5
Diffstat (limited to 'ext/filter')
| -rw-r--r-- | ext/filter/logical_filters.c | 49 | ||||
| -rw-r--r-- | ext/filter/tests/030.phpt | 55 | ||||
| -rw-r--r-- | ext/filter/tests/bug39763.phpt | 2 | ||||
| -rw-r--r-- | ext/filter/tests/bug52929.phpt | 18 |
4 files changed, 92 insertions, 32 deletions
diff --git a/ext/filter/logical_filters.c b/ext/filter/logical_filters.c index c6eebac36..73b06beb3 100644 --- a/ext/filter/logical_filters.c +++ b/ext/filter/logical_filters.c @@ -17,7 +17,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: logical_filters.c 297353 2010-04-02 18:27:48Z rasmus $ */ +/* $Id: logical_filters.c 305186 2010-11-08 04:36:15Z cataphract $ */ #include "php_filter.h" #include "filter_private.h" @@ -531,6 +531,11 @@ void php_filter_validate_email(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */ int matches; + /* The maximum length of an e-mail address is 320 octets, per RFC 2821. */ + if (Z_STRLEN_P(value) > 320) { + RETURN_VALIDATION_FAILED + } + re = pcre_get_compiled_regex((char *)regexp, &pcre_extra, &preg_options TSRMLS_CC); if (!re) { RETURN_VALIDATION_FAILED @@ -552,9 +557,11 @@ static int _php_filter_validate_ipv4(char *str, int str_len, int *ip) /* {{{ */ int n = 0; while (str < end) { + int leading_zero; if (*str < '0' || *str > '9') { return 0; } + leading_zero = (*str == '0'); m = 1; num = ((*(str++)) - '0'); while (str < end && (*str >= '0' && *str <= '9')) { @@ -563,6 +570,10 @@ static int _php_filter_validate_ipv4(char *str, int str_len, int *ip) /* {{{ */ return 0; } } + /* don't allow a leading 0; that introduces octal numbers, + * which we don't support */ + if (leading_zero && (num != 0 || m > 1)) + return 0; ip[n++] = num; if (n == 4) { return str == end; @@ -577,7 +588,7 @@ static int _php_filter_validate_ipv4(char *str, int str_len, int *ip) /* {{{ */ static int _php_filter_validate_ipv6(char *str, int str_len TSRMLS_DC) /* {{{ */ { int compressed = 0; - int blocks = 8; + int blocks = 0; int n; char *ipv4; char *end; @@ -598,32 +609,40 @@ static int _php_filter_validate_ipv6(char *str, int str_len TSRMLS_DC) /* {{{ */ if (!_php_filter_validate_ipv4(ipv4, (str_len - (ipv4 - str)), ip4elm)) { return 0; } - str_len = (ipv4 - str) - 1; - if (str_len == 1) { - return *str == ':'; + + str_len = ipv4 - str; /* length excluding ipv4 */ + if (str_len < 2) { + return 0; + } + + if (ipv4[-2] != ':') { + /* don't include : before ipv4 unless it's a :: */ + str_len--; } - blocks = 6; + + blocks = 2; } end = str + str_len; while (str < end) { if (*str == ':') { - if (--blocks == 0) { - return 0; - } if (++str >= end) { + /* cannot end in : without previous : */ return 0; } if (*str == ':') { - if (compressed || --blocks == 0) { + if (compressed) { return 0; - } - if (++str == end) { - return 1; } + blocks++; /* :: means 1 or more 16-bit 0 blocks */ compressed = 1; + + if (++str == end) { + return (blocks <= 8); + } } else if ((str - 1) == s) { + /* dont allow leading : without another : following */ return 0; } } @@ -638,8 +657,10 @@ static int _php_filter_validate_ipv6(char *str, int str_len TSRMLS_DC) /* {{{ */ if (n < 1 || n > 4) { return 0; } + if (++blocks > 8) + return 0; } - return (compressed || blocks == 1); + return ((compressed && blocks <= 8) || blocks == 8); } /* }}} */ diff --git a/ext/filter/tests/030.phpt b/ext/filter/tests/030.phpt index d3466f5b4..c5af15e15 100644 --- a/ext/filter/tests/030.phpt +++ b/ext/filter/tests/030.phpt @@ -5,35 +5,56 @@ filter_var() and IPv6 --FILE-- <?php $ipv6_test = array( - "::127.0.0.1" => true, - "FF01::101:127.0.1" => false, - "FF01:0:0:0:101:127.0.1.1" => false, - "FF01:0:0:0:237:101:127.0.1.1" => true, - "FF01::101" => true, - "A1080::8:800:200C:417A" => false, - "1080::8:Z00:200C:417A" => false, - "FF01::101::1" => false, - "1080::8:800:200C:417A" => true, - "1080:0:0:0:8:800:200C:417A" => true, + "::127.0.0.1" => true, + "FF01::101:127.0.1" => false, + "FF01:0:0:0:101:127.0.1.1" => false, + "FF01:0:0:0:237:101:127.0.1.1" => true, + "FF01::101" => true, + "A1080::8:800:200C:417A" => false, + "1080::8:Z00:200C:417A" => false, + "FF01::101::1" => false, + "1080::8:800:200C:417A" => true, + "1080:0:0:0:8:800:200C:417A" => true, "2001:ec8:1:1:1:1:1:1" => true, "ffff::FFFF:129.144.52.38" => true, "::ffff:1.2.3.4" => true, - "0:0:0:0:0:FFFF:129.144.52.38" => true, - "0:0:0:0:0:0:13.1.68.3" => true, - "::13.1.68.3" => true, - "::FFFF:129.144.52.38" => true, + "0:0:0:0:0:FFFF:129.144.52.38" => true, + "0:0:0:0:0:0:13.1.68.3" => true, + "0:0:0:0:0:0:0:13.1.68.3" => false, + "::13.1.68.3" => true, + "::FFFF:129.144.52.38" => true, + "1:2:3:4:5:6::129.144.52.38" => false, "::1:2:3:4:5:6:129.144.52.38" => false, "1:2:3::4:5:6:129.144.52.38" => false, - "1:2:3:4:5:6:7:8::" => false, - "::1:2:3:4:5:6:7:8" => false, + "1:2:3:4::5:6:7:8" => false, + "::1:2:3:4:5:6:7" => true, + "::1:2:3:4:5:6:7:8" => false, + "1:2:3:4:5:6:7::" => true, + "1:2:3:4:5:6:7:8::" => false, + "1:2:3:4:5:6:7::8" => false, + + "1:2:3:4:5:6:7:8g" => false, + "1:2:3:4:5:6:7:g" => false, + "1:2:3:4:5g:6:7:8" => false, + + 'a:b:c:d:e::1.2.3.4' => true, + '::0:a:b:c:d:e:f' => true, + '0:a:b:c:d:e:f::' => true, + ':::1.2.3.4' => false, + '8:::1.2.3.4' => false, + '::01.02.03.04' => false, + '::1.00.3.4' => false, + '0:0:0:255.255.255.255' => false, + '0:0:0::255.255.255.255' => true, ); foreach ($ipv6_test as $ip => $exp) { $out = filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6); $out = (int) ($out === false ? 0 : 1); if ($exp != $out) { - echo "$ip failed\n"; + echo "$ip failed (expected ", $exp?"true":"false", ", got ", + $out?"true":"false", ")\n"; } } diff --git a/ext/filter/tests/bug39763.phpt b/ext/filter/tests/bug39763.phpt index 1422f52ac..36ee41561 100644 --- a/ext/filter/tests/bug39763.phpt +++ b/ext/filter/tests/bug39763.phpt @@ -12,6 +12,6 @@ parse_str("val=%22probably+a+bug%22"); echo $val . "\n"; ?> --EXPECT-- -Warning: Directive 'magic_quotes_gpc' is deprecated in PHP 5.3 and greater in Unknown on line 0 +Deprecated: Directive 'magic_quotes_gpc' is deprecated in PHP 5.3 and greater in Unknown on line 0 \"probably a bug\" \"probably a bug\"
\ No newline at end of file diff --git a/ext/filter/tests/bug52929.phpt b/ext/filter/tests/bug52929.phpt new file mode 100644 index 000000000..29332959f --- /dev/null +++ b/ext/filter/tests/bug52929.phpt @@ -0,0 +1,18 @@ +--TEST-- +Bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data) +--SKIPIF-- +<?php if (!extension_loaded("filter")) die("skip"); ?> +--FILE-- +<?php +var_dump(filter_var('valid@email.address', FILTER_VALIDATE_EMAIL)); + +// Beyond the allowable limit for an e-mail address. +var_dump(filter_var('xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy.zz', FILTER_VALIDATE_EMAIL)); + +// An invalid address likely to crash PHP due to stack exhaustion if it goes to +// the validation regex. +var_dump(filter_var(str_repeat('x', 8000), FILTER_VALIDATE_EMAIL)); +--EXPECT-- +string(19) "valid@email.address" +bool(false) +bool(false) |