Patch 0001-Fix-70277-new-DateTimeZone-foo-is-ignoring-text-afte for timezonedb Bug #70277
Patch version 2015-08-16 12:49 UTC
Return to Bug #70277 |
Download this patch
Patch Revisions:
Developer: cmb@php.net
From cc880dfd7c12525c581c6d30904195e18fff9269 Mon Sep 17 00:00:00 2001
From: "Christoph M. Becker" <cmb@php.net>
Date: Sun, 16 Aug 2015 14:46:00 +0200
Subject: [PATCH] Fix #70277: new DateTimeZone($foo) is ignoring text after
null byte
The DateTimeZone constructors are not binary safe. They're parsing the timezone
as string, but discard the length when calling timezone_initialize(). This
patch adds a tz_len parameter and a respective check to timezone_initialize().
---
ext/date/php_date.c | 12 ++++++++----
ext/date/tests/bug70277.phpt | 17 +++++++++++++++++
2 files changed, 25 insertions(+), 4 deletions(-)
create mode 100644 ext/date/tests/bug70277.phpt
diff --git a/ext/date/php_date.c b/ext/date/php_date.c
index ee30071..cd756c2 100644
--- a/ext/date/php_date.c
+++ b/ext/date/php_date.c
@@ -3601,12 +3601,16 @@ PHP_FUNCTION(date_diff)
}
/* }}} */
-static int timezone_initialize(php_timezone_obj *tzobj, /*const*/ char *tz) /* {{{ */
+static int timezone_initialize(php_timezone_obj *tzobj, /*const*/ char *tz, size_t tz_len) /* {{{ */
{
timelib_time *dummy_t = ecalloc(1, sizeof(timelib_time));
int dst, not_found;
char *orig_tz = tz;
+ if (strlen(tz) != tz_len) {
+ php_error_docref(NULL, E_WARNING, "Timezone must not contain null bytes");
+ return FAILURE;
+ }
dummy_t->z = timelib_parse_zone(&tz, &dst, dummy_t, ¬_found, DATE_TIMEZONEDB, php_date_parse_tzfile_wrapper);
if (not_found) {
php_error_docref(NULL, E_WARNING, "Unknown or bad timezone (%s)", orig_tz);
@@ -3633,7 +3637,7 @@ PHP_FUNCTION(timezone_open)
RETURN_FALSE;
}
tzobj = Z_PHPTIMEZONE_P(php_date_instantiate(date_ce_timezone, return_value));
- if (SUCCESS != timezone_initialize(tzobj, tz)) {
+ if (SUCCESS != timezone_initialize(tzobj, tz, tz_len)) {
zval_ptr_dtor(return_value);
RETURN_FALSE;
}
@@ -3656,7 +3660,7 @@ PHP_METHOD(DateTimeZone, __construct)
zend_replace_error_handling(EH_THROW, NULL, &error_handling);
tzobj = Z_PHPTIMEZONE_P(getThis());
- timezone_initialize(tzobj, tz);
+ timezone_initialize(tzobj, tz, tz_len);
zend_restore_error_handling(&error_handling);
}
/* }}} */
@@ -3674,7 +3678,7 @@ static int php_date_timezone_initialize_from_hash(zval **return_value, php_timez
if (Z_TYPE_P(z_timezone) != IS_STRING) {
return FAILURE;
}
- if (SUCCESS == timezone_initialize(*tzobj, Z_STRVAL_P(z_timezone))) {
+ if (SUCCESS == timezone_initialize(*tzobj, Z_STRVAL_P(z_timezone), Z_STRLEN_P(z_timezone))) {
return SUCCESS;
}
}
diff --git a/ext/date/tests/bug70277.phpt b/ext/date/tests/bug70277.phpt
new file mode 100644
index 0000000..9af2d8a
--- /dev/null
+++ b/ext/date/tests/bug70277.phpt
@@ -0,0 +1,17 @@
+--TEST--
+Bug #70277 (new DateTimeZone($foo) is ignoring text after null byte)
+--FILE--
+<?php
+$timezone = "Europe/Zurich\0Foo";
+var_dump(timezone_open($timezone));
+var_dump(new DateTimeZone($timezone));
+?>
+--EXPECTF--
+Warning: timezone_open(): Timezone must not contain null byte in %sbug70277.php on line %d
+bool(false)
+
+Fatal error: Uncaught Exception: DateTimeZone::__construct(): Timezone must not contain null byte in %sbug70277.php:%d
+Stack trace:
+#0 %sbug70277.php(%d): DateTimeZone->__construct('Europe/Zurich\x00F...')
+#1 {main}
+ thrown in %sbug70277.php on line %d
--
1.9.5.msysgit.0
|