summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ext/filter/logical_filters.c5
-rw-r--r--ext/filter/tests/bug52929.phpt18
2 files changed, 23 insertions, 0 deletions
diff --git a/ext/filter/logical_filters.c b/ext/filter/logical_filters.c
index bfa919262d..a1e6aee8fa 100644
--- a/ext/filter/logical_filters.c
+++ b/ext/filter/logical_filters.c
@@ -531,6 +531,11 @@ void php_filter_validate_email(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
int matches;
+ /* The maximum length of an e-mail address is 320 octets, per RFC 2821. */
+ if (Z_STRLEN_P(value) > 320) {
+ RETURN_VALIDATION_FAILED
+ }
+
re = pcre_get_compiled_regex((char *)regexp, &pcre_extra, &preg_options TSRMLS_CC);
if (!re) {
RETURN_VALIDATION_FAILED
diff --git a/ext/filter/tests/bug52929.phpt b/ext/filter/tests/bug52929.phpt
new file mode 100644
index 0000000000..29332959f7
--- /dev/null
+++ b/ext/filter/tests/bug52929.phpt
@@ -0,0 +1,18 @@
+--TEST--
+Bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data)
+--SKIPIF--
+<?php if (!extension_loaded("filter")) die("skip"); ?>
+--FILE--
+<?php
+var_dump(filter_var('valid@email.address', FILTER_VALIDATE_EMAIL));
+
+// Beyond the allowable limit for an e-mail address.
+var_dump(filter_var('xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy.zz', FILTER_VALIDATE_EMAIL));
+
+// An invalid address likely to crash PHP due to stack exhaustion if it goes to
+// the validation regex.
+var_dump(filter_var(str_repeat('x', 8000), FILTER_VALIDATE_EMAIL));
+--EXPECT--
+string(19) "valid@email.address"
+bool(false)
+bool(false)
View Lorry Controller Status