diff options
| author | Stanislav Malyshev <stas@php.net> | 2019-03-28 00:35:22 -0700 |
|---|---|---|
| committer | Stanislav Malyshev <stas@php.net> | 2019-03-28 00:35:22 -0700 |
| commit | 402adc1df13557c805ccafbc97b9e62f829df7e0 (patch) | |
| tree | ff9a240a2ff5f27f4c309031d27168057c85f146 /ext/mbstring/php_mbregex.c | |
| parent | b7442f1bb81303d3211844445f69d4a03565aa39 (diff) | |
| parent | 0ecac37c40a27ffbd59f34b5920735ee0b7f994c (diff) | |
| download | php-git-402adc1df13557c805ccafbc97b9e62f829df7e0.tar.gz | |
Merge branch 'PHP-7.1' into PHP-7.2
* PHP-7.1:
Validate subject encoding in mb_split and mb_ereg_match
Validate pattern against mbregex encoding
SQLite3: add DEFENSIVE config for SQLite >= 3.26.0 as a mitigation strategy against potential security flaws
Diffstat (limited to 'ext/mbstring/php_mbregex.c')
| -rw-r--r-- | ext/mbstring/php_mbregex.c | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/ext/mbstring/php_mbregex.c b/ext/mbstring/php_mbregex.c index 2ff304f277..b05300628c 100644 --- a/ext/mbstring/php_mbregex.c +++ b/ext/mbstring/php_mbregex.c @@ -448,13 +448,18 @@ static php_mb_regex_t *php_mbregex_compile_pattern(const char *pattern, int patl OnigErrorInfo err_info; OnigUChar err_str[ONIG_MAX_ERROR_MESSAGE_LEN]; + if (!php_mb_check_encoding(pattern, patlen, _php_mb_regex_mbctype2name(enc))) { + php_error_docref(NULL, E_WARNING, + "Pattern is not valid under %s encoding", _php_mb_regex_mbctype2name(enc)); + return NULL; + } + rc = zend_hash_str_find_ptr(&MBREX(ht_rc), (char *)pattern, patlen); if (!rc || onig_get_options(rc) != options || onig_get_encoding(rc) != enc || onig_get_syntax(rc) != syntax) { if ((err_code = onig_new(&retval, (OnigUChar *)pattern, (OnigUChar *)(pattern + patlen), options, enc, syntax, &err_info)) != ONIG_NORMAL) { onig_error_code_to_str(err_str, err_code, &err_info); php_error_docref(NULL, E_WARNING, "mbregex compile err: %s", err_str); - retval = NULL; - goto out; + return NULL; } if (rc == MBREX(search_re)) { /* reuse the new rc? see bug #72399 */ @@ -464,7 +469,6 @@ static php_mb_regex_t *php_mbregex_compile_pattern(const char *pattern, int patl } else { retval = rc; } -out: return retval; } /* }}} */ @@ -1107,6 +1111,11 @@ PHP_FUNCTION(mb_split) count--; } + if (!php_mb_check_encoding(string, string_len, + _php_mb_regex_mbctype2name(MBREX(current_mbctype)))) { + RETURN_FALSE; + } + /* create regex pattern buffer */ if ((re = php_mbregex_compile_pattern(arg_pattern, arg_pattern_len, MBREX(regex_default_options), MBREX(current_mbctype), MBREX(regex_default_syntax))) == NULL) { RETURN_FALSE; @@ -1196,6 +1205,11 @@ PHP_FUNCTION(mb_ereg_match) } } + if (!php_mb_check_encoding(string, string_len, + _php_mb_regex_mbctype2name(MBREX(current_mbctype)))) { + RETURN_FALSE; + } + if ((re = php_mbregex_compile_pattern(arg_pattern, arg_pattern_len, option, MBREX(current_mbctype), syntax)) == NULL) { RETURN_FALSE; } |