diff options
| -rw-r--r-- | UPGRADING | 2 | ||||
| -rw-r--r-- | ext/dom/document.c | 26 | ||||
| -rw-r--r-- | ext/dom/tests/DOMDocument_loadHTMLfile_error2.phpt | 4 | ||||
| -rw-r--r-- | ext/standard/exec.c | 8 | ||||
| -rw-r--r-- | ext/standard/mail.c | 44 | ||||
| -rw-r--r-- | ext/standard/tests/mail/mail_basic6.phpt | 329 |
6 files changed, 403 insertions, 10 deletions
@@ -663,7 +663,7 @@ out, that the corresponding SDK isn't available anymore. . ZLIB_FINISH - GD - . T1Lib support removed, thrus lifting the optional dependency on T1Lib, the + . T1Lib support removed, thus lifting the optional dependency on T1Lib, the following is therefore not available anymore: Functions: diff --git a/ext/dom/document.c b/ext/dom/document.c index d435b1c281..3e4e298654 100644 --- a/ext/dom/document.c +++ b/ext/dom/document.c @@ -1562,7 +1562,7 @@ PHP_FUNCTION(dom_document_save) char *file; zend_long options = 0; - if (zend_parse_method_parameters(ZEND_NUM_ARGS(), getThis(), "Os|l", &id, dom_document_class_entry, &file, &file_len, &options) == FAILURE) { + if (zend_parse_method_parameters(ZEND_NUM_ARGS(), getThis(), "Op|l", &id, dom_document_class_entry, &file, &file_len, &options) == FAILURE) { return; } @@ -1793,7 +1793,7 @@ static void _dom_document_schema_validate(INTERNAL_FUNCTION_PARAMETERS, int type int is_valid; char resolved_path[MAXPATHLEN + 1]; - if (zend_parse_method_parameters(ZEND_NUM_ARGS(), getThis(), "Op|l", &id, dom_document_class_entry, &source, &source_len, &flags) == FAILURE) { + if (zend_parse_method_parameters(ZEND_NUM_ARGS(), getThis(), "Os|l", &id, dom_document_class_entry, &source, &source_len, &flags) == FAILURE) { return; } @@ -1806,7 +1806,11 @@ static void _dom_document_schema_validate(INTERNAL_FUNCTION_PARAMETERS, int type switch (type) { case DOM_LOAD_FILE: - valid_file = _dom_get_valid_file_path(source, resolved_path, MAXPATHLEN ); + if (CHECK_NULL_PATH(source, source_len)) { + php_error_docref(NULL, E_WARNING, "Invalid Schema file source"); + RETURN_FALSE; + } + valid_file = _dom_get_valid_file_path(source, resolved_path, MAXPATHLEN TSRMLS_CC); if (!valid_file) { php_error_docref(NULL, E_WARNING, "Invalid Schema file source"); RETURN_FALSE; @@ -1889,7 +1893,7 @@ static void _dom_document_relaxNG_validate(INTERNAL_FUNCTION_PARAMETERS, int typ int is_valid; char resolved_path[MAXPATHLEN + 1]; - if (zend_parse_method_parameters(ZEND_NUM_ARGS(), getThis(), "Op", &id, dom_document_class_entry, &source, &source_len) == FAILURE) { + if (zend_parse_method_parameters(ZEND_NUM_ARGS(), getThis(), "Os", &id, dom_document_class_entry, &source, &source_len) == FAILURE) { return; } @@ -1902,7 +1906,11 @@ static void _dom_document_relaxNG_validate(INTERNAL_FUNCTION_PARAMETERS, int typ switch (type) { case DOM_LOAD_FILE: - valid_file = _dom_get_valid_file_path(source, resolved_path, MAXPATHLEN ); + if (CHECK_NULL_PATH(source, source_len)) { + php_error_docref(NULL, E_WARNING, "Invalid RelaxNG file source"); + RETURN_FALSE; + } + valid_file = _dom_get_valid_file_path(source, resolved_path, MAXPATHLEN TSRMLS_CC); if (!valid_file) { php_error_docref(NULL, E_WARNING, "Invalid RelaxNG file source"); RETURN_FALSE; @@ -1983,7 +1991,7 @@ static void dom_load_html(INTERNAL_FUNCTION_PARAMETERS, int mode) /* {{{ */ id = getThis(); - if (zend_parse_parameters(ZEND_NUM_ARGS(), "p|l", &source, &source_len, &options) == FAILURE) { + if (zend_parse_parameters(ZEND_NUM_ARGS(), "s|l", &source, &source_len, &options) == FAILURE) { return; } @@ -1993,6 +2001,10 @@ static void dom_load_html(INTERNAL_FUNCTION_PARAMETERS, int mode) /* {{{ */ } if (mode == DOM_LOAD_FILE) { + if (CHECK_NULL_PATH(source, source_len)) { + php_error_docref(NULL, E_WARNING, "Invalid file source"); + RETURN_FALSE; + } ctxt = htmlCreateFileParserCtxt(source, NULL); } else { source_len = xmlStrlen((xmlChar *) source); @@ -2082,7 +2094,7 @@ PHP_FUNCTION(dom_document_save_html_file) char *file; const char *encoding; - if (zend_parse_method_parameters(ZEND_NUM_ARGS(), getThis(), "Os", &id, dom_document_class_entry, &file, &file_len) == FAILURE) { + if (zend_parse_method_parameters(ZEND_NUM_ARGS(), getThis(), "Op", &id, dom_document_class_entry, &file, &file_len) == FAILURE) { return; } diff --git a/ext/dom/tests/DOMDocument_loadHTMLfile_error2.phpt b/ext/dom/tests/DOMDocument_loadHTMLfile_error2.phpt index 75004e2a74..e0d0923642 100644 --- a/ext/dom/tests/DOMDocument_loadHTMLfile_error2.phpt +++ b/ext/dom/tests/DOMDocument_loadHTMLfile_error2.phpt @@ -15,9 +15,9 @@ $result = $doc->loadHTMLFile(""); assert('$result === false'); $doc = new DOMDocument(); $result = $doc->loadHTMLFile("text.html\0something"); -assert('$result === null'); +assert('$result === false'); ?> --EXPECTF-- %r(PHP ){0,1}%rWarning: DOMDocument::loadHTMLFile(): Empty string supplied as input %s -%r(PHP ){0,1}%rWarning: DOMDocument::loadHTMLFile() expects parameter 1 to be a valid path, string given %s +%r(PHP ){0,1}%rWarning: DOMDocument::loadHTMLFile(): Invalid file source %s diff --git a/ext/standard/exec.c b/ext/standard/exec.c index 71dfc7c361..60fd7ba1aa 100644 --- a/ext/standard/exec.c +++ b/ext/standard/exec.c @@ -383,6 +383,14 @@ PHPAPI zend_string *php_escape_shell_arg(char *str) } } #ifdef PHP_WIN32 + if (y > 0 && '\\' == cmd->val[y - 1]) { + int k = 0, n = y - 1; + for (; n >= 0 && '\\' == cmd->val[n]; n--, k++); + if (k % 2) { + cmd->val[y++] = '\\'; + } + } + cmd->val[y++] = '"'; #else cmd->val[y++] = '\''; diff --git a/ext/standard/mail.c b/ext/standard/mail.c index 5633372022..a9046cea69 100644 --- a/ext/standard/mail.c +++ b/ext/standard/mail.c @@ -224,6 +224,44 @@ void php_mail_log_to_file(char *filename, char *message, size_t message_size) { } +static int php_mail_detect_multiple_crlf(char *hdr) { + /* This function detects multiple/malformed multiple newlines. */ + size_t len; + + if (!hdr) { + return 0; + } + + /* Should not have any newlines at the beginning. */ + /* RFC 2822 2.2. Header Fields */ + if (*hdr < 33 || *hdr > 126 || *hdr == ':') { + return 1; + } + + while(*hdr) { + if (*hdr == '\r') { + if (*(hdr+1) == '\0' || *(hdr+1) == '\r' || (*(hdr+1) == '\n' && (*(hdr+2) == '\0' || *(hdr+2) == '\n' || *(hdr+2) == '\r'))) { + /* Malformed or multiple newlines. */ + return 1; + } else { + hdr += 2; + } + } else if (*hdr == '\n') { + if (*(hdr+1) == '\0' || *(hdr+1) == '\r' || *(hdr+1) == '\n') { + /* Malformed or multiple newlines. */ + return 1; + } else { + hdr += 2; + } + } else { + hdr++; + } + } + + return 0; +} + + /* {{{ php_mail */ PHPAPI int php_mail(char *to, char *subject, char *message, char *headers, char *extra_cmd) @@ -278,6 +316,7 @@ PHPAPI int php_mail(char *to, char *subject, char *message, char *headers, char efree(tmp); } + if (PG(mail_x_header)) { const char *tmp = zend_get_executed_filename(); zend_string *f; @@ -292,6 +331,11 @@ PHPAPI int php_mail(char *to, char *subject, char *message, char *headers, char zend_string_release(f); } + if (hdr && php_mail_detect_multiple_crlf(hdr)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Multiple or malformed newlines found in additional_header"); + MAIL_RET(0); + } + if (!sendmail_path) { #if (defined PHP_WIN32 || defined NETWARE) /* handle old style win smtp sending */ diff --git a/ext/standard/tests/mail/mail_basic6.phpt b/ext/standard/tests/mail/mail_basic6.phpt new file mode 100644 index 0000000000..d0d45b78f3 --- /dev/null +++ b/ext/standard/tests/mail/mail_basic6.phpt @@ -0,0 +1,329 @@ +--TEST-- +Test mail() function : basic functionality +--INI-- +sendmail_path=tee mailBasic.out >/dev/null +mail.add_x_header = Off +--SKIPIF-- +<?php +if(substr(PHP_OS, 0, 3) == "WIN") + die("skip Won't run on Windows"); +?> +--FILE-- +<?php +/* Prototype : int mail(string to, string subject, string message [, string additional_headers [, string additional_parameters]]) + * Description: Send an email message with invalid addtional_headers + * Source code: ext/standard/mail.c + * Alias to functions: + */ + +echo "*** Testing mail() : basic functionality ***\n"; + + +// Valid header +$to = 'user@example.com'; +$subject = 'Test Subject'; +$message = 'A Message'; +$additional_headers = "HEAD1: a\r\nHEAD2: b\r\n"; +$outFile = "mailBasic.out"; +@unlink($outFile); + +echo "-- Valid Header --\n"; +// Calling mail() with all additional headers +var_dump( mail($to, $subject, $message, $additional_headers) ); +echo file_get_contents($outFile); +unlink($outFile); + +// Valid header +$additional_headers = "HEAD1: a\nHEAD2: b\n"; +@unlink($outFile); + +echo "-- Valid Header --\n"; +// Calling mail() with all additional headers +var_dump( mail($to, $subject, $message, $additional_headers) ); +echo @file_get_contents($outFile); +@unlink($outFile); + +// Valid header +// \r is accepted as valid. This may be changed to invalid. +$additional_headers = "HEAD1: a\rHEAD2: b\r"; +@unlink($outFile); + +echo "-- Valid Header --\n"; +// Calling mail() with all additional headers +var_dump( mail($to, $subject, $message, $additional_headers) ); +echo @file_get_contents($outFile); +@unlink($outFile); + +//=============================================================================== +// Invalid header +$additional_headers = "\nHEAD1: a\nHEAD2: b\n"; +@unlink($outFile); + +echo "-- Invalid Header - preceeding newline--\n"; +// Calling mail() with all additional headers +var_dump( mail($to, $subject, $message, $additional_headers) ); +echo @file_get_contents($outFile); +@unlink($outFile); + +// Invalid header +$additional_headers = "\rHEAD1: a\nHEAD2: b\r"; +@unlink($outFile); + +echo "-- Invalid Header - preceeding newline--\n"; +// Calling mail() with all additional headers +var_dump( mail($to, $subject, $message, $additional_headers) ); +echo @file_get_contents($outFile); +@unlink($outFile); + +// Invalid header +$additional_headers = "\r\nHEAD1: a\r\nHEAD2: b\r\n"; +@unlink($outFile); + +echo "-- Invalid Header - preceeding newline--\n"; +// Calling mail() with all additional headers +var_dump( mail($to, $subject, $message, $additional_headers) ); +echo @file_get_contents($outFile); +@unlink($outFile); + +// Invalid header +$additional_headers = "\r\n\r\nHEAD1: a\r\nHEAD2: b\r\n"; +@unlink($outFile); + +echo "-- Invalid Header - preceeding newline--\n"; +// Calling mail() with all additional headers +var_dump( mail($to, $subject, $message, $additional_headers) ); +echo @file_get_contents($outFile); +@unlink($outFile); + +// Invalid header +$additional_headers = "\n\nHEAD1: a\r\nHEAD2: b\r\n"; +@unlink($outFile); + +echo "-- Invalid Header - preceeding newline--\n"; +// Calling mail() with all additional headers +var_dump( mail($to, $subject, $message, $additional_headers) ); +echo @file_get_contents($outFile); +@unlink($outFile); + +// Invalid header +$additional_headers = "\r\rHEAD1: a\r\nHEAD2: b\r\n"; +@unlink($outFile); + +echo "-- Invalid Header - preceeding newline--\n"; +// Calling mail() with all additional headers +var_dump( mail($to, $subject, $message, $additional_headers) ); +echo @file_get_contents($outFile); +@unlink($outFile); + +// Invalid header +$additional_headers = "HEAD1: a\r\n\r\nHEAD2: b\r\n"; +@unlink($outFile); + +echo "-- Invalid Header - multiple newlines in the middle --\n"; +// Calling mail() with all additional headers +var_dump( mail($to, $subject, $message, $additional_headers) ); +echo @file_get_contents($outFile); +@unlink($outFile); + +// Invalid header +$additional_headers = "HEAD1: a\r\n\nHEAD2: b\r\n"; +@unlink($outFile); + +echo "-- Invalid Header - multiple newlines in the middle --\n"; +// Calling mail() with all additional headers +var_dump( mail($to, $subject, $message, $additional_headers) ); +echo @file_get_contents($outFile); +@unlink($outFile); + +// Invalid header +$additional_headers = "HEAD1: a\n\nHEAD2: b\r\n"; +@unlink($outFile); + +echo "-- Invalid Header - multiple newlines in the middle --\n"; +// Calling mail() with all additional headers +var_dump( mail($to, $subject, $message, $additional_headers) ); +echo @file_get_contents($outFile); +@unlink($outFile); + +// Invalid header +$additional_headers = "HEAD1: a\r\rHEAD2: b\r\n"; +@unlink($outFile); + +echo "-- Invalid Header - multiple newlines in the middle --\n"; +// Calling mail() with all additional headers +var_dump( mail($to, $subject, $message, $additional_headers) ); +echo @file_get_contents($outFile); +@unlink($outFile); + +// Invalid header +$additional_headers = "HEAD1: a\n\rHEAD2: b\r\n"; +@unlink($outFile); + +echo "-- Invalid Header - multiple newlines in the middle --\n"; +// Calling mail() with all additional headers +var_dump( mail($to, $subject, $message, $additional_headers) ); +echo @file_get_contents($outFile); +@unlink($outFile); + +// Invalid header +$additional_headers = "HEAD1: a\n\r\nHEAD2: b\r\n"; +@unlink($outFile); + +echo "-- Invalid Header - multiple newlines in the middle --\n"; +// Calling mail() with all additional headers +var_dump( mail($to, $subject, $message, $additional_headers) ); +echo @file_get_contents($outFile); +@unlink($outFile); + +// Invalid header +// Invalid, but PHP_FUNCTION(mail) trims newlines +$additional_headers = "HEAD1: a\r\nHEAD2: b\r\n\n"; +@unlink($outFile); + +echo "-- Invalid Header - trailing newlines --\n"; +// Calling mail() with all additional headers +var_dump( mail($to, $subject, $message, $additional_headers) ); +echo @file_get_contents($outFile); +@unlink($outFile); + +// Invalid header +// Invalid, but PHP_FUNCTION(mail) trims newlines +$additional_headers = "HEAD1: a\r\nHEAD2: b\n\n"; +@unlink($outFile); + +echo "-- Invalid Header - trailing newlines --\n"; +// Calling mail() with all additional headers +var_dump( mail($to, $subject, $message, $additional_headers) ); +echo @file_get_contents($outFile); +@unlink($outFile); + +// Invalid header +// Invalid, but PHP_FUNCTION(mail) trims newlines +$additional_headers = "HEAD1: a\r\nHEAD2: b\n"; +@unlink($outFile); + +echo "-- Invalid Header - trailing newlines --\n"; +// Calling mail() with all additional headers +var_dump( mail($to, $subject, $message, $additional_headers) ); +echo @file_get_contents($outFile); +@unlink($outFile); + +// Invalid header +// Invalid, but PHP_FUNCTION(mail) trims newlines +$additional_headers = "HEAD1: a\r\nHEAD2: b\r"; +@unlink($outFile); + +echo "-- Invalid Header - trailing newlines --\n"; +// Calling mail() with all additional headers +var_dump( mail($to, $subject, $message, $additional_headers) ); +echo @file_get_contents($outFile); +@unlink($outFile); + +?> +===DONE=== +--EXPECTF-- +*** Testing mail() : basic functionality *** +-- Valid Header -- +bool(true) +To: user@example.com +Subject: Test Subject +HEAD1: a +HEAD2: b + +A Message +-- Valid Header -- +bool(true) +To: user@example.com +Subject: Test Subject +HEAD1: a +HEAD2: b + +A Message +-- Valid Header -- +bool(true) +To: user@example.com +Subject: Test Subject +HEAD1: a
HEAD2: b + +A Message +-- Invalid Header - preceeding newline-- + +Warning: mail(): Multiple or malformed newlines found in additional_header in %s/mail_basic6.php on line %d +bool(false) +-- Invalid Header - preceeding newline-- + +Warning: mail(): Multiple or malformed newlines found in additional_header in %s/mail_basic6.php on line %d +bool(false) +-- Invalid Header - preceeding newline-- + +Warning: mail(): Multiple or malformed newlines found in additional_header in %s/mail_basic6.php on line %d +bool(false) +-- Invalid Header - preceeding newline-- + +Warning: mail(): Multiple or malformed newlines found in additional_header in %s/mail_basic6.php on line %d +bool(false) +-- Invalid Header - preceeding newline-- + +Warning: mail(): Multiple or malformed newlines found in additional_header in %s/mail_basic6.php on line %d +bool(false) +-- Invalid Header - preceeding newline-- + +Warning: mail(): Multiple or malformed newlines found in additional_header in %s/mail_basic6.php on line %d +bool(false) +-- Invalid Header - multiple newlines in the middle -- + +Warning: mail(): Multiple or malformed newlines found in additional_header in %s/mail_basic6.php on line %d +bool(false) +-- Invalid Header - multiple newlines in the middle -- + +Warning: mail(): Multiple or malformed newlines found in additional_header in %s/mail_basic6.php on line %d +bool(false) +-- Invalid Header - multiple newlines in the middle -- + +Warning: mail(): Multiple or malformed newlines found in additional_header in %s/mail_basic6.php on line %d +bool(false) +-- Invalid Header - multiple newlines in the middle -- + +Warning: mail(): Multiple or malformed newlines found in additional_header in %s/mail_basic6.php on line %d +bool(false) +-- Invalid Header - multiple newlines in the middle -- + +Warning: mail(): Multiple or malformed newlines found in additional_header in %s/mail_basic6.php on line %d +bool(false) +-- Invalid Header - multiple newlines in the middle -- + +Warning: mail(): Multiple or malformed newlines found in additional_header in %s/mail_basic6.php on line %d +bool(false) +-- Invalid Header - trailing newlines -- +bool(true) +To: user@example.com +Subject: Test Subject +HEAD1: a +HEAD2: b + +A Message +-- Invalid Header - trailing newlines -- +bool(true) +To: user@example.com +Subject: Test Subject +HEAD1: a +HEAD2: b + +A Message +-- Invalid Header - trailing newlines -- +bool(true) +To: user@example.com +Subject: Test Subject +HEAD1: a +HEAD2: b + +A Message +-- Invalid Header - trailing newlines -- +bool(true) +To: user@example.com +Subject: Test Subject +HEAD1: a +HEAD2: b + +A Message +===DONE=== |