felipe Tue, 24 May 2011 23:49:26 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=311407
Log: - Fixed bug #50363 (Invalid parsing in convert.quoted-printable-decode filter) Patch by: slusarz at curecanti dot org Bug: http://bugs.php.net/50363 (Verified) Invalid parsing in convert.quoted-printable-decode filter Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/standard/filters.c A php/php-src/branches/PHP_5_3/ext/standard/tests/filters/bug50363.phpt U php/php-src/branches/PHP_5_4/ext/standard/filters.c A php/php-src/branches/PHP_5_4/ext/standard/tests/filters/bug50363.phpt U php/php-src/trunk/ext/standard/filters.c A php/php-src/trunk/ext/standard/tests/filters/bug50363.phpt Modified: php/php-src/branches/PHP_5_3/NEWS =================================================================== --- php/php-src/branches/PHP_5_3/NEWS 2011-05-24 23:49:04 UTC (rev 311406) +++ php/php-src/branches/PHP_5_3/NEWS 2011-05-24 23:49:26 UTC (rev 311407) @@ -40,6 +40,8 @@ . Fixed bug #54866 (incorrect accounting for realpath_cache_size) (Dustin Ward) . Fixed bug #54721 (Different Hashes on Windows, BSD and Linux on wrong Salt size) (Pierre, os at irj dot ru) + . Fixed bug #50363 (Invalid parsing in convert.quoted-printable-decode filter). + (slusarz at curecanti dot org) - Apache2 Handler SAPI: . Fixed bug #54529 (SAPI crashes on apache_config.c:197). Modified: php/php-src/branches/PHP_5_3/ext/standard/filters.c =================================================================== --- php/php-src/branches/PHP_5_3/ext/standard/filters.c 2011-05-24 23:49:04 UTC (rev 311406) +++ php/php-src/branches/PHP_5_3/ext/standard/filters.c 2011-05-24 23:49:26 UTC (rev 311407) @@ -1050,20 +1050,16 @@ } } /* break is missing intentionally */ - case 2: { - unsigned int nbl; - + case 2: { if (icnt <= 0) { goto out; } - nbl = (*ps >= 'A' ? *ps - 0x37 : *ps - 0x30); - if (nbl > 15) { + if (!isxdigit((int) *ps)) { err = PHP_CONV_ERR_INVALID_SEQ; goto out; } - next_char = (next_char << 4) | nbl; - + next_char = (next_char << 4) | (*ps >= 'A' ? *ps - 0x37 : *ps - 0x30); scan_stat++; ps++, icnt--; if (scan_stat != 3) { Added: php/php-src/branches/PHP_5_3/ext/standard/tests/filters/bug50363.phpt =================================================================== --- php/php-src/branches/PHP_5_3/ext/standard/tests/filters/bug50363.phpt (rev 0) +++ php/php-src/branches/PHP_5_3/ext/standard/tests/filters/bug50363.phpt 2011-05-24 23:49:26 UTC (rev 311407) @@ -0,0 +1,17 @@ +--TEST-- +Bug #50363 (Invalid parsing in convert.quoted-printable-decode filter) +--FILE-- +<?php + +$foo = "Sauvegarder=C3=A9ussi(e) n=C3=A3o N=C3=83O\n"; +$foo .= "Sauvegarder=c3=a9ussi(e) n=c3=a3o N=c3=83O\n"; // Does not work! +$b = fopen('php://temp', 'w+'); +stream_filter_append($b, 'convert.quoted-printable-decode', STREAM_FILTER_WRITE); +fwrite($b, $foo); +rewind($b); +fpassthru($b); + +?> +--EXPECTF-- +Sauvegarderéussi(e) não NÃO +Sauvegarderéussi(e) não NÃO Modified: php/php-src/branches/PHP_5_4/ext/standard/filters.c =================================================================== --- php/php-src/branches/PHP_5_4/ext/standard/filters.c 2011-05-24 23:49:04 UTC (rev 311406) +++ php/php-src/branches/PHP_5_4/ext/standard/filters.c 2011-05-24 23:49:26 UTC (rev 311407) @@ -1050,20 +1050,16 @@ } } /* break is missing intentionally */ - case 2: { - unsigned int nbl; - + case 2: { if (icnt <= 0) { goto out; } - nbl = (*ps >= 'A' ? *ps - 0x37 : *ps - 0x30); - if (nbl > 15) { + if (!isxdigit((int) *ps)) { err = PHP_CONV_ERR_INVALID_SEQ; goto out; } - next_char = (next_char << 4) | nbl; - + next_char = (next_char << 4) | (*ps >= 'A' ? *ps - 0x37 : *ps - 0x30); scan_stat++; ps++, icnt--; if (scan_stat != 3) { Added: php/php-src/branches/PHP_5_4/ext/standard/tests/filters/bug50363.phpt =================================================================== --- php/php-src/branches/PHP_5_4/ext/standard/tests/filters/bug50363.phpt (rev 0) +++ php/php-src/branches/PHP_5_4/ext/standard/tests/filters/bug50363.phpt 2011-05-24 23:49:26 UTC (rev 311407) @@ -0,0 +1,17 @@ +--TEST-- +Bug #50363 (Invalid parsing in convert.quoted-printable-decode filter) +--FILE-- +<?php + +$foo = "Sauvegarder=C3=A9ussi(e) n=C3=A3o N=C3=83O\n"; +$foo .= "Sauvegarder=c3=a9ussi(e) n=c3=a3o N=c3=83O\n"; // Does not work! +$b = fopen('php://temp', 'w+'); +stream_filter_append($b, 'convert.quoted-printable-decode', STREAM_FILTER_WRITE); +fwrite($b, $foo); +rewind($b); +fpassthru($b); + +?> +--EXPECTF-- +Sauvegarderéussi(e) não NÃO +Sauvegarderéussi(e) não NÃO Modified: php/php-src/trunk/ext/standard/filters.c =================================================================== --- php/php-src/trunk/ext/standard/filters.c 2011-05-24 23:49:04 UTC (rev 311406) +++ php/php-src/trunk/ext/standard/filters.c 2011-05-24 23:49:26 UTC (rev 311407) @@ -1050,20 +1050,16 @@ } } /* break is missing intentionally */ - case 2: { - unsigned int nbl; - + case 2: { if (icnt <= 0) { goto out; } - nbl = (*ps >= 'A' ? *ps - 0x37 : *ps - 0x30); - if (nbl > 15) { + if (!isxdigit((int) *ps)) { err = PHP_CONV_ERR_INVALID_SEQ; goto out; } - next_char = (next_char << 4) | nbl; - + next_char = (next_char << 4) | (*ps >= 'A' ? *ps - 0x37 : *ps - 0x30); scan_stat++; ps++, icnt--; if (scan_stat != 3) { Added: php/php-src/trunk/ext/standard/tests/filters/bug50363.phpt =================================================================== --- php/php-src/trunk/ext/standard/tests/filters/bug50363.phpt (rev 0) +++ php/php-src/trunk/ext/standard/tests/filters/bug50363.phpt 2011-05-24 23:49:26 UTC (rev 311407) @@ -0,0 +1,17 @@ +--TEST-- +Bug #50363 (Invalid parsing in convert.quoted-printable-decode filter) +--FILE-- +<?php + +$foo = "Sauvegarder=C3=A9ussi(e) n=C3=A3o N=C3=83O\n"; +$foo .= "Sauvegarder=c3=a9ussi(e) n=c3=a3o N=c3=83O\n"; // Does not work! +$b = fopen('php://temp', 'w+'); +stream_filter_append($b, 'convert.quoted-printable-decode', STREAM_FILTER_WRITE); +fwrite($b, $foo); +rewind($b); +fpassthru($b); + +?> +--EXPECTF-- +Sauvegarderéussi(e) não NÃO +Sauvegarderéussi(e) não NÃO
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php