diff options
author | Stanislav Malyshev <stas@php.net> | 2015-05-31 22:47:52 -0700 |
---|---|---|
committer | Stanislav Malyshev <stas@php.net> | 2015-06-09 10:52:38 -0700 |
commit | f7d7befae8bcc2db0093f8adaa9f72eeb7ad891e (patch) | |
tree | 76b673eb60b003ce5add72a58de1a01f7191703a /ext/dom | |
parent | 531c306fe6715b1f4e060bbeef88b4fb9cb954f9 (diff) | |
download | php-git-f7d7befae8bcc2db0093f8adaa9f72eeb7ad891e.tar.gz |
Fix #69719 - more checks for nulls in paths
Diffstat (limited to 'ext/dom')
-rw-r--r-- | ext/dom/document.c | 22 |
1 files changed, 17 insertions, 5 deletions
diff --git a/ext/dom/document.c b/ext/dom/document.c index 48a19dd05d..097fcba467 100644 --- a/ext/dom/document.c +++ b/ext/dom/document.c @@ -1761,7 +1761,7 @@ PHP_FUNCTION(dom_document_save) char *file; long options = 0; - if (zend_parse_method_parameters(ZEND_NUM_ARGS() TSRMLS_CC, getThis(), "Os|l", &id, dom_document_class_entry, &file, &file_len, &options) == FAILURE) { + if (zend_parse_method_parameters(ZEND_NUM_ARGS() TSRMLS_CC, getThis(), "Op|l", &id, dom_document_class_entry, &file, &file_len, &options) == FAILURE) { return; } @@ -1990,7 +1990,7 @@ static void _dom_document_schema_validate(INTERNAL_FUNCTION_PARAMETERS, int type int is_valid; char resolved_path[MAXPATHLEN + 1]; - if (zend_parse_method_parameters(ZEND_NUM_ARGS() TSRMLS_CC, getThis(), "Op", &id, dom_document_class_entry, &source, &source_len) == FAILURE) { + if (zend_parse_method_parameters(ZEND_NUM_ARGS() TSRMLS_CC, getThis(), "Os", &id, dom_document_class_entry, &source, &source_len) == FAILURE) { return; } @@ -2003,6 +2003,10 @@ static void _dom_document_schema_validate(INTERNAL_FUNCTION_PARAMETERS, int type switch (type) { case DOM_LOAD_FILE: + if (CHECK_NULL_PATH(source, source_len)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid Schema file source"); + RETURN_FALSE; + } valid_file = _dom_get_valid_file_path(source, resolved_path, MAXPATHLEN TSRMLS_CC); if (!valid_file) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid Schema file source"); @@ -2079,7 +2083,7 @@ static void _dom_document_relaxNG_validate(INTERNAL_FUNCTION_PARAMETERS, int typ int is_valid; char resolved_path[MAXPATHLEN + 1]; - if (zend_parse_method_parameters(ZEND_NUM_ARGS() TSRMLS_CC, getThis(), "Op", &id, dom_document_class_entry, &source, &source_len) == FAILURE) { + if (zend_parse_method_parameters(ZEND_NUM_ARGS() TSRMLS_CC, getThis(), "Os", &id, dom_document_class_entry, &source, &source_len) == FAILURE) { return; } @@ -2092,6 +2096,10 @@ static void _dom_document_relaxNG_validate(INTERNAL_FUNCTION_PARAMETERS, int typ switch (type) { case DOM_LOAD_FILE: + if (CHECK_NULL_PATH(source, source_len)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid RelaxNG file source"); + RETURN_FALSE; + } valid_file = _dom_get_valid_file_path(source, resolved_path, MAXPATHLEN TSRMLS_CC); if (!valid_file) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid RelaxNG file source"); @@ -2172,7 +2180,7 @@ static void dom_load_html(INTERNAL_FUNCTION_PARAMETERS, int mode) /* {{{ */ id = getThis(); - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "p|l", &source, &source_len, &options) == FAILURE) { + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|l", &source, &source_len, &options) == FAILURE) { return; } @@ -2182,6 +2190,10 @@ static void dom_load_html(INTERNAL_FUNCTION_PARAMETERS, int mode) /* {{{ */ } if (mode == DOM_LOAD_FILE) { + if (CHECK_NULL_PATH(source, source_len)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid file source"); + RETURN_FALSE; + } ctxt = htmlCreateFileParserCtxt(source, NULL); } else { source_len = xmlStrlen(source); @@ -2270,7 +2282,7 @@ PHP_FUNCTION(dom_document_save_html_file) char *file; const char *encoding; - if (zend_parse_method_parameters(ZEND_NUM_ARGS() TSRMLS_CC, getThis(), "Os", &id, dom_document_class_entry, &file, &file_len) == FAILURE) { + if (zend_parse_method_parameters(ZEND_NUM_ARGS() TSRMLS_CC, getThis(), "Op", &id, dom_document_class_entry, &file, &file_len) == FAILURE) { return; } |