Implement NUL byte checks for dbnames

Since we're passing these parameter to C functions accepting `char*` without any further checking, we should reject strings with NUL bytes in the first place.
author: Christoph M. Becker <cmbecker69@gmx.de> 2019-09-10 13:02:59 +0200
committer: Christoph M. Becker <cmbecker69@gmx.de> 2019-09-17 16:37:28 +0200
commit: 9a734c5c19eb5858989667fd790d10344ff836e9 (patch)
tree: 4ec5a468c1af6fbe5cf464a53dc05c76c7b10da6 /ext/sqlite3/sqlite3.c
parent: 8a66cb35a3e097dc2b977a16a1806d740668ca3b (diff)
download: php-git-9a734c5c19eb5858989667fd790d10344ff836e9.tar.gz
1 files changed, 12 insertions, 0 deletions
diff --git a/ext/sqlite3/sqlite3.c b/ext/sqlite3/sqlite3.c
index fa0d91bca4..39b015e2f9 100644
--- a/ext/sqlite3/sqlite3.c
+++ b/ext/sqlite3/sqlite3.c
@@ -1300,6 +1300,11 @@ PHP_METHOD(sqlite3, openBlob)
 		return;
 	}
 
+	if (ZEND_NUM_ARGS() >= 4 && CHECK_NULL_PATH(dbname, dbname_len)) {
+		zend_value_error("dbname must not contain NUL bytes");
+		return;
+	}
+
 	sqlite_flags = (flags & SQLITE_OPEN_READWRITE) ? 1 : 0;
 
 	if (sqlite3_blob_open(db_obj->db, dbname, table, column, rowid, sqlite_flags, &blob) != SQLITE_OK) {
@@ -1368,6 +1373,13 @@ PHP_METHOD(sqlite3, backup)
 		return;
 	}
 
+	if ((ZEND_NUM_ARGS() >= 2 && CHECK_NULL_PATH(source_dbname, source_dbname_length))
+		|| (ZEND_NUM_ARGS() >= 3 && CHECK_NULL_PATH(destination_dbname, destination_dbname_length))
+	) {
+		zend_value_error("dbname must not contain NUL bytes");
+		return;
+	}
+
 	destination_obj = Z_SQLITE3_DB_P(destination_zval);
 
 	SQLITE3_CHECK_INITIALIZED(destination_obj, destination_obj->initialised, SQLite3)
author	Christoph M. Becker <cmbecker69@gmx.de>	2019-09-10 13:02:59 +0200
committer	Christoph M. Becker <cmbecker69@gmx.de>	2019-09-17 16:37:28 +0200
commit	9a734c5c19eb5858989667fd790d10344ff836e9 (patch)
tree	4ec5a468c1af6fbe5cf464a53dc05c76c7b10da6 /ext/sqlite3/sqlite3.c
parent	8a66cb35a3e097dc2b977a16a1806d740668ca3b (diff)
download	php-git-9a734c5c19eb5858989667fd790d10344ff836e9.tar.gz