summaryrefslogtreecommitdiff
path: root/ext/intl
diff options
context:
space:
mode:
authorAnatol Belski <ab@php.net>2018-09-01 00:14:23 +0200
committerAnatol Belski <ab@php.net>2018-09-01 00:14:23 +0200
commitb9ca573a1bf62e7fb55e863e2073e29ae94d59eb (patch)
treef2ce0875ccec6e30833ad50b37869cb83d9cac93 /ext/intl
parent3f2a3c5aec2c0a3168efbfa9c6ac38fa927d1766 (diff)
downloadphp-git-b9ca573a1bf62e7fb55e863e2073e29ae94d59eb.tar.gz
Fixed bug #76829 Incorrect validation of domain on idn_to_utf8() function
As stated by RFC 5890, U-Labels might be up to 252 Unicode code points long. This can be fixed in 7.1+ as well, but there might potentially be issues in some existing apps expecting the output to be max 255 octets long. Thus it seems to be safer to not to touch stable branches.
Diffstat (limited to 'ext/intl')
-rw-r--r--ext/intl/idn/idn.c4
-rw-r--r--ext/intl/tests/idn_bug76829.phpt16
2 files changed, 18 insertions, 2 deletions
diff --git a/ext/intl/idn/idn.c b/ext/intl/idn/idn.c
index 99c7bd7331..fd05600731 100644
--- a/ext/intl/idn/idn.c
+++ b/ext/intl/idn/idn.c
@@ -138,7 +138,7 @@ static void php_intl_idn_to_46(INTERNAL_FUNCTION_PARAMETERS,
UErrorCode status = U_ZERO_ERROR;
UIDNA *uts46;
int32_t len;
- int32_t buffer_capac = 255; /* no domain name may exceed this */
+ int32_t buffer_capac = 252*4; /* no domain name may exceed this */
zend_string *buffer = zend_string_alloc(buffer_capac, 0);
UIDNAInfo info = UIDNA_INFO_INITIALIZER;
int buffer_used = 0;
@@ -156,7 +156,7 @@ static void php_intl_idn_to_46(INTERNAL_FUNCTION_PARAMETERS,
len = uidna_nameToUnicodeUTF8(uts46, ZSTR_VAL(domain), ZSTR_LEN(domain),
ZSTR_VAL(buffer), buffer_capac, &info, &status);
}
- if (len >= 255 || php_intl_idn_check_status(status, "failed to convert name") == FAILURE) {
+ if (len >= 252*4 || php_intl_idn_check_status(status, "failed to convert name") == FAILURE) {
uidna_close(uts46);
zend_string_efree(buffer);
RETURN_FALSE;
diff --git a/ext/intl/tests/idn_bug76829.phpt b/ext/intl/tests/idn_bug76829.phpt
new file mode 100644
index 0000000000..a751c61d71
--- /dev/null
+++ b/ext/intl/tests/idn_bug76829.phpt
@@ -0,0 +1,16 @@
+--TEST--
+Bug #76829 Incorrect validation of domain on idn_to_utf8() function
+--SKIPIF--
+<?php if( !extension_loaded( 'intl' ) ) print 'skip'; ?>
+--FILE--
+<?php
+
+$punycode = idn_to_ascii('абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаеж.рф', IDNA_DEFAULT, INTL_IDNA_VARIANT_UTS46);
+
+$unicode = idn_to_utf8($punycode, IDNA_DEFAULT, INTL_IDNA_VARIANT_UTS46);
+
+var_dump($unicode);
+
+?>
+--EXPECT--
+string(294) "абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаеж.рф"
View Lorry Controller Status