bug52929.phpt

Adam Harvey Wed, 29 Sep 2010 19:35:55 -0700

aharvey                                  Thu, 30 Sep 2010 02:35:37 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=303885


Log:
MFH: Fix for bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with
large amount of data).

Bug: http://bugs.php.net/52929 (Closed) Segfault in filter_var with 
FILTER_VALIDATE_EMAIL with large amount of data
      
Changed paths:
    U   php/php-src/branches/PHP_5_2/NEWS
    U   php/php-src/branches/PHP_5_2/ext/filter/logical_filters.c
    A + php/php-src/branches/PHP_5_2/ext/filter/tests/bug52929.phpt
        (from php/php-src/trunk/ext/filter/tests/bug52929.phpt:r303779)

Modified: php/php-src/branches/PHP_5_2/NEWS
===================================================================
--- php/php-src/branches/PHP_5_2/NEWS   2010-09-30 00:59:26 UTC (rev 303884)
+++ php/php-src/branches/PHP_5_2/NEWS   2010-09-30 02:35:37 UTC (rev 303885)
@@ -4,6 +4,8 @@
 - Fixed possible flaw in open_basedir (CVE-2010-3436). (Pierre)
 - Fixed possible crash in mssql_fetch_batch(). (Kalle)

+- Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with
+  large amount of data). (Adam)
 - Fixed bug #52772 (var_dump() doesn't check for the existence of
   get_class_name before calling it). (Kalle, Gustavo)
 - Fixed bug #52546 (pdo_dblib segmentation fault when iterating MONEY values).

Modified: php/php-src/branches/PHP_5_2/ext/filter/logical_filters.c
===================================================================
--- php/php-src/branches/PHP_5_2/ext/filter/logical_filters.c   2010-09-30 
00:59:26 UTC (rev 303884)
+++ php/php-src/branches/PHP_5_2/ext/filter/logical_filters.c   2010-09-30 
02:35:37 UTC (rev 303885)
@@ -531,6 +531,11 @@
        int         matches;


+       /* The maximum length of an e-mail address is 320 octets, per RFC 2821. 
*/
+       if (Z_STRLEN_P(value) > 320) {
+               RETURN_VALIDATION_FAILED
+       }
+
        re = pcre_get_compiled_regex((char *)regexp, &pcre_extra, &preg_options 
TSRMLS_CC);
        if (!re) {
                RETURN_VALIDATION_FAILED

Copied: php/php-src/branches/PHP_5_2/ext/filter/tests/bug52929.phpt (from rev 
303779, php/php-src/trunk/ext/filter/tests/bug52929.phpt)
===================================================================
--- php/php-src/branches/PHP_5_2/ext/filter/tests/bug52929.phpt                 
        (rev 0)
+++ php/php-src/branches/PHP_5_2/ext/filter/tests/bug52929.phpt 2010-09-30 
02:35:37 UTC (rev 303885)
@@ -0,0 +1,18 @@
+--TEST--
+Bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large 
amount of data)
+--SKIPIF--
+<?php if (!extension_loaded("filter")) die("skip"); ?>
+--FILE--
+<?php
+var_dump(filter_var('va...@email.address', FILTER_VALIDATE_EMAIL));
+
+// Beyond the allowable limit for an e-mail address.
+var_dump(filter_var('xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...@yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy.zz',
 FILTER_VALIDATE_EMAIL));
+
+// An invalid address likely to crash PHP due to stack exhaustion if it goes to
+// the validation regex.
+var_dump(filter_var(str_repeat('x', 8000), FILTER_VALIDATE_EMAIL));
+--EXPECT--
+string(19) "va...@email.address"
+bool(false)
+bool(false)

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-CVS] svn: /php/php-src/branches/PHP_5_2/ NEWS ext/filter/logical_filters.c ext/filter/tests/bug52929.phpt

Reply via email to