iliaa Thu May 5 22:19:04 2005 EDT
Modified files: (Branch: PHP_4_3)
/php-src NEWS
/php-src/ext/standard http_fopen_wrapper.c
Log:
MFH: Fixed bug #32936 (http redirects URLs are not checked for control chars).
http://cvs.php.net/diff.php/php-src/NEWS?r1=1.1247.2.893&r2=1.1247.2.894&ty=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.1247.2.893 php-src/NEWS:1.1247.2.894
--- php-src/NEWS:1.1247.2.893 Mon May 2 21:30:19 2005
+++ php-src/NEWS Thu May 5 22:19:03 2005
@@ -7,6 +7,7 @@
them sort based on the current locale. (Derick)
- Changed sha1_file() and md5_file() functions to use streams instead of
low level IO. (Uwe)
+- Fixed bug #32936 (http redirects URLs are not checked for control chars).
(Ilia)
- Fixed bug #32813 (parse_url() does not handle scheme-only urls properly).
(Ilia)
- Fixed bug #32802 (General cookie overrides more specific cookie). (Ilia)
- Fixed bug #32730 (ext/crack.c fails to compile with cracklib-2.8.3). (Jani)
http://cvs.php.net/diff.php/php-src/ext/standard/http_fopen_wrapper.c?r1=1.53.2.19&r2=1.53.2.20&ty=u
Index: php-src/ext/standard/http_fopen_wrapper.c
diff -u php-src/ext/standard/http_fopen_wrapper.c:1.53.2.19
php-src/ext/standard/http_fopen_wrapper.c:1.53.2.20
--- php-src/ext/standard/http_fopen_wrapper.c:1.53.2.19 Fri May 28 09:38:19 2004
+++ php-src/ext/standard/http_fopen_wrapper.c Thu May 5 22:19:04 2005
@@ -18,7 +18,7 @@
| Wez Furlong <[EMAIL PROTECTED]> |
+----------------------------------------------------------------------+
*/
-/* $Id: http_fopen_wrapper.c,v 1.53.2.19 2004/05/28 13:38:19 sesser Exp $ */
+/* $Id: http_fopen_wrapper.c,v 1.53.2.20 2005/05/06 02:19:04 iliaa Exp $ */
#include "php.h"
#include "php_globals.h"
@@ -494,6 +494,34 @@
} else {
strlcpy(new_path, location, sizeof(new_path));
}
+
+ php_url_free(resource);
+ /* check for invalid redirection URLs */
+ if ((resource = php_url_parse(new_path)) == NULL) {
+ php_stream_wrapper_log_error(wrapper, options
TSRMLS_CC, "Invalid redirect url! %s", new_path);
+ goto out;
+ }
+
+#define CHECK_FOR_CNTRL_CHARS(val) { \
+ if (val) { \
+ unsigned char *s, *e; \
+ int l; \
+ l = php_url_decode(val, strlen(val)); \
+ s = val; e = s + l; \
+ while (s < e) { \
+ if (iscntrl(*s)) { \
+ php_stream_wrapper_log_error(wrapper, options
TSRMLS_CC, "Invalid redirect url! %s", new_path); \
+ goto out; \
+ } \
+ s++; \
+ } \
+ } \
+} \
+ /* check for control characters in login, password &
path */
+ CHECK_FOR_CNTRL_CHARS(resource->user)
+ CHECK_FOR_CNTRL_CHARS(resource->pass)
+ CHECK_FOR_CNTRL_CHARS(resource->path)
+
stream = php_stream_url_wrap_http_ex(NULL, new_path,
mode, options, opened_path, context, --redirect_max, 0 STREAMS_CC TSRMLS_CC);
if (stream && stream->wrapperdata) {
entryp = &entry;
@@ -518,7 +546,9 @@
efree(http_header_line);
if (scratch)
efree(scratch);
- php_url_free(resource);
+ if (resource) {
+ php_url_free(resource);
+ }
if (stream) {
if (header_init) {
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
