summaryrefslogtreecommitdiff
path: root/ext/standard/url.c
diff options
context:
space:
mode:
authorChristoph M. Becker <cmbecker69@gmx.de>2020-05-13 09:36:52 +0200
committerStanislav Malyshev <stas@php.net>2021-01-01 20:08:01 -0800
commit2d3d72412a6734e19a38ed10f385227a6238e4a6 (patch)
tree81578dce9403f80fc48d2589949b713e2e543667 /ext/standard/url.c
parent662083fc4f3a570f5b9180e80c2ddec86a8fded8 (diff)
downloadphp-git-PHP-7.2.tar.gz
Fix #77423: parse_url() will deliver a wrong host to userPHP-7.2
To avoid that `parse_url()` returns an erroneous host, which would be valid for `FILTER_VALIDATE_URL`, we make sure that only userinfo which is valid according to RFC 3986 is treated as such. For consistency with the existing url parsing code, we use ctype functions, although that is not necessarily correct.
Diffstat (limited to 'ext/standard/url.c')
-rw-r--r--ext/standard/url.c21
1 files changed, 21 insertions, 0 deletions
diff --git a/ext/standard/url.c b/ext/standard/url.c
index 1dd073e2bb..8d155bb984 100644
--- a/ext/standard/url.c
+++ b/ext/standard/url.c
@@ -92,6 +92,22 @@ PHPAPI php_url *php_url_parse(char const *str)
return php_url_parse_ex(str, strlen(str));
}
+static int is_userinfo_valid(const char *str, size_t len)
+{
+ char *valid = "-._~!$&'()*+,;=:";
+ char *p = str;
+ while (p - str < len) {
+ if (isalpha(*p) || isdigit(*p) || strchr(valid, *p)) {
+ p++;
+ } else if (*p == '%' && p - str <= len - 3 && isdigit(*(p+1)) && isxdigit(*(p+2))) {
+ p += 3;
+ } else {
+ return 0;
+ }
+ }
+ return 1;
+}
+
/* {{{ php_url_parse
*/
PHPAPI php_url *php_url_parse_ex(char const *str, size_t length)
@@ -235,13 +251,18 @@ PHPAPI php_url *php_url_parse_ex(char const *str, size_t length)
ret->pass = estrndup(pp, (p-pp));
php_replace_controlchars_ex(ret->pass, (p-pp));
} else {
+ if (!is_userinfo_valid(s, p-s)) {
+ goto check_port;
+ }
ret->user = estrndup(s, (p-s));
php_replace_controlchars_ex(ret->user, (p-s));
+
}
s = p + 1;
}
+check_port:
/* check for port */
if (s < ue && *s == '[' && *(e-1) == ']') {
/* Short circuit portscan,
View Lorry Controller Status