iliaa Sat Dec 16 21:48:21 2006 UTC Modified files: /php-src/ext/filter/tests bug39846.phpt /php-src/ext/filter logical_filters.c Log: MFB: Fixed bug #39846 (Invalid IPv4 treated as valid). http://cvs.php.net/viewvc.cgi/php-src/ext/filter/tests/bug39846.phpt?r1=1.1&r2=1.2&diff_format=u Index: php-src/ext/filter/tests/bug39846.phpt diff -u /dev/null php-src/ext/filter/tests/bug39846.phpt:1.2 --- /dev/null Sat Dec 16 21:48:21 2006 +++ php-src/ext/filter/tests/bug39846.phpt Sat Dec 16 21:48:21 2006 @@ -0,0 +1,10 @@ +--TEST-- +Bug #39846 ipv4 trailing data validation +--FILE-- +<?php +var_dump(filter_var('192.168.1.100random-text-here', FILTER_VALIDATE_IP)); +var_dump(filter_var("192.168.1.155\0foo", FILTER_VALIDATE_IP)); +?> +--EXPECT-- +bool(false) +bool(false) http://cvs.php.net/viewvc.cgi/php-src/ext/filter/logical_filters.c?r1=1.15&r2=1.16&diff_format=u Index: php-src/ext/filter/logical_filters.c diff -u php-src/ext/filter/logical_filters.c:1.15 php-src/ext/filter/logical_filters.c:1.16 --- php-src/ext/filter/logical_filters.c:1.15 Sun Oct 22 22:24:33 2006 +++ php-src/ext/filter/logical_filters.c Sat Dec 16 21:48:21 2006 @@ -17,7 +17,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: logical_filters.c,v 1.15 2006/10/22 22:24:33 iliaa Exp $ */ +/* $Id: logical_filters.c,v 1.16 2006/12/16 21:48:21 iliaa Exp $ */ #include "php_filter.h" #include "filter_private.h" @@ -28,6 +28,10 @@ #define zend_ascii_hash_find(hash, name, sizeof_name, val) zend_hash_find(hash, name, sizeof_name, val) #endif +#if HAVE_ARPA_INET_H +# include <arpa/inet.h> +#endif + /* {{{ FETCH_LONG_OPTION(var_name, option_name) */ #define FETCH_LONG_OPTION(var_name, option_name) \ var_name = 0; \ @@ -527,70 +531,31 @@ } /* }}} */ -static int _php_filter_validate_ipv4_count_dots(char *str) /* {{{ */ -{ - char *s1, *s2, *s3, *s4; - - s1 = strchr(str, '.'); - if (!s1) - return 0; - s2 = strchr(s1 + 1, '.'); - if (!s2) - return 1; - s3 = strchr(s2 + 1, '.'); - if (!s3) - return 2; - s4 = strchr(s3 + 1, '.'); - if (!s4) - return 3; - return 4; /* too many */ -} -/* }}} */ - -static int _php_filter_validate_ipv4_get_nr(char **str) /* {{{ */ +static int _php_filter_validate_ipv4(char *str, int str_len, int *ip) /* {{{ */ { - char *begin, *end, *ptr, *tmp_str; - int tmp_nr = -1; - - begin = ptr = *str; - while ((*ptr >= '0') && (*ptr <= '9')) { - ++ptr; - } - end = ptr; - *str = end + 1; - - if (end == begin) { - return -1; - } - - tmp_str = calloc(1, end - begin + 1); - memcpy(tmp_str, begin, end - begin); - tmp_nr = strtol(tmp_str, NULL, 10); - free(tmp_str); - - if (tmp_nr < 0 || tmp_nr > 255) { - tmp_nr = -1; + unsigned long int i = inet_addr(str); + char ip_chk[16]; + int l; + + if (i == INADDR_NONE) { + if (!strcmp(str, "255.255.255.255")) { + ip[0] = ip[1] = ip[2] = ip[3] = 255; + return 1; + } else { + return 0; + } } - return tmp_nr; -} -/* }}} */ - -static int _php_filter_validate_ipv4(char *str, int *ip TSRMLS_DC) /* {{{ */ -{ - char *p; - int x; - - if (_php_filter_validate_ipv4_count_dots(str) != 3) { + ip[0] = i & 0xFF; + ip[1] = (i & 0xFF00) / 256; + ip[2] = (i & 0xFF0000) / 256 / 256; + ip[3] = (i & 0xFF000000) / 256 / 256 / 256; + + /* make sure that the input does not have any trailing values */ + l = sprintf(ip_chk, "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]); + if (l != str_len || strcmp(ip_chk, str)) { return 0; } - p = str; - for (x = 0; x < 4; ++x) { - ip[x] = _php_filter_validate_ipv4_get_nr(&p); - if (ip[x] == -1) { - return 0; - } - } return 1; } /* }}} */ @@ -611,7 +576,7 @@ hexcode_found++; \ } -static int _php_filter_validate_ipv6_(char *str TSRMLS_DC) /* {{{ */ +static int _php_filter_validate_ipv6_(char *str, int str_len TSRMLS_DC) /* {{{ */ { int hexcode_found = 0; int compressed_2end = 0; @@ -621,21 +586,21 @@ char *s2 = NULL, *ipv4=NULL; int ip4elm[4]; - if (!strchr(str, ':')) { + if (!memchr(str, ':', str_len)) { return 0; } /* Check for compressed expression. only one is allowed */ - compressed = strstr(str, "::"); + compressed = php_memnstr(str, "::", sizeof("::")-1, str+str_len); if (compressed) { - s2 = strstr(compressed+1, "::"); + s2 = php_memnstr(compressed+1, "::", sizeof("::")-1, str + str_len); if (s2) { return 0; } } /* check for bundled IPv4 */ - ipv4 = strchr(str, '.'); + ipv4 = memchr(str, '.', str_len); if (ipv4) { while (*ipv4 != ':' && ipv4 >= start) { @@ -648,7 +613,7 @@ } ipv4++; - if (!_php_filter_validate_ipv4(ipv4, ip4elm TSRMLS_CC)) { + if (!_php_filter_validate_ipv4(ipv4, (str + str_len - ipv4), ip4elm TSRMLS_CC)) { return 0; } @@ -662,7 +627,7 @@ if (ipv4) { end = ipv4 - 1; } else { - end = str + strlen(start); + end = str + str_len; } while (*str && str <= end) { @@ -775,7 +740,7 @@ switch (mode) { case FORMAT_IPV4: - if (!_php_filter_validate_ipv4(str, ip TSRMLS_CC)) { + if (!_php_filter_validate_ipv4(str, Z_STRLEN_P(value), ip)) { RETURN_VALIDATION_FAILED } @@ -805,7 +770,7 @@ case FORMAT_IPV6: { int res = 0; - res = _php_filter_validate_ipv6_(str TSRMLS_CC); + res = _php_filter_validate_ipv6_(str, Z_STRLEN_P(value) TSRMLS_CC); if (res < 1) { RETURN_VALIDATION_FAILED }
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php