diff options
| author | Stanislav Malyshev <stas@php.net> | 2019-03-28 00:37:36 -0700 |
|---|---|---|
| committer | Stanislav Malyshev <stas@php.net> | 2019-03-28 00:42:56 -0700 |
| commit | 66c35b083b1f3e3c9a95e4af5e8e4c14b05f2fe7 (patch) | |
| tree | e695675fb4e2b9bbe65992195cc470a18cf53704 /ext/mbstring/php_mbregex.c | |
| parent | 62a652a0d559f2d1db7e823e0c59e3bcd254af33 (diff) | |
| parent | 402adc1df13557c805ccafbc97b9e62f829df7e0 (diff) | |
| download | php-git-66c35b083b1f3e3c9a95e4af5e8e4c14b05f2fe7.tar.gz | |
Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
Validate subject encoding in mb_split and mb_ereg_match
Validate pattern against mbregex encoding
SQLite3: add DEFENSIVE config for SQLite >= 3.26.0 as a mitigation strategy against potential security flaws
Diffstat (limited to 'ext/mbstring/php_mbregex.c')
| -rw-r--r-- | ext/mbstring/php_mbregex.c | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/ext/mbstring/php_mbregex.c b/ext/mbstring/php_mbregex.c index 319ee567c6..0058a859ca 100644 --- a/ext/mbstring/php_mbregex.c +++ b/ext/mbstring/php_mbregex.c @@ -445,13 +445,18 @@ static php_mb_regex_t *php_mbregex_compile_pattern(const char *pattern, size_t p OnigErrorInfo err_info; OnigUChar err_str[ONIG_MAX_ERROR_MESSAGE_LEN]; + if (!php_mb_check_encoding(pattern, patlen, _php_mb_regex_mbctype2name(enc))) { + php_error_docref(NULL, E_WARNING, + "Pattern is not valid under %s encoding", _php_mb_regex_mbctype2name(enc)); + return NULL; + } + rc = zend_hash_str_find_ptr(&MBREX(ht_rc), (char *)pattern, patlen); if (!rc || onig_get_options(rc) != options || onig_get_encoding(rc) != enc || onig_get_syntax(rc) != syntax) { if ((err_code = onig_new(&retval, (OnigUChar *)pattern, (OnigUChar *)(pattern + patlen), options, enc, syntax, &err_info)) != ONIG_NORMAL) { onig_error_code_to_str(err_str, err_code, &err_info); php_error_docref(NULL, E_WARNING, "mbregex compile err: %s", err_str); - retval = NULL; - goto out; + return NULL; } if (rc == MBREX(search_re)) { /* reuse the new rc? see bug #72399 */ @@ -461,7 +466,6 @@ static php_mb_regex_t *php_mbregex_compile_pattern(const char *pattern, size_t p } else { retval = rc; } -out: return retval; } /* }}} */ @@ -1249,6 +1253,11 @@ PHP_FUNCTION(mb_split) count--; } + if (!php_mb_check_encoding(string, string_len, + _php_mb_regex_mbctype2name(MBREX(current_mbctype)))) { + RETURN_FALSE; + } + /* create regex pattern buffer */ if ((re = php_mbregex_compile_pattern(arg_pattern, arg_pattern_len, MBREX(regex_default_options), MBREX(current_mbctype), MBREX(regex_default_syntax))) == NULL) { RETURN_FALSE; @@ -1338,6 +1347,11 @@ PHP_FUNCTION(mb_ereg_match) } } + if (!php_mb_check_encoding(string, string_len, + _php_mb_regex_mbctype2name(MBREX(current_mbctype)))) { + RETURN_FALSE; + } + if ((re = php_mbregex_compile_pattern(arg_pattern, arg_pattern_len, option, MBREX(current_mbctype), syntax)) == NULL) { RETURN_FALSE; } |