php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

Patch 0001-Fix-70277-new-DateTimeZone-foo-is-ignoring-text-afte for timezonedb Bug #70277

Patch version 2015-08-16 12:49 UTC

Return to Bug #70277 | Download this patch
Patch Revisions:

Developer: cmb@php.net

From cc880dfd7c12525c581c6d30904195e18fff9269 Mon Sep 17 00:00:00 2001
From: "Christoph M. Becker" <cmb@php.net>
Date: Sun, 16 Aug 2015 14:46:00 +0200
Subject: [PATCH] Fix #70277: new DateTimeZone($foo) is ignoring text after
 null byte

The DateTimeZone constructors are not binary safe. They're parsing the timezone
as string, but discard the length when calling timezone_initialize(). This
patch adds a tz_len parameter and a respective check to timezone_initialize().
---
 ext/date/php_date.c          | 12 ++++++++----
 ext/date/tests/bug70277.phpt | 17 +++++++++++++++++
 2 files changed, 25 insertions(+), 4 deletions(-)
 create mode 100644 ext/date/tests/bug70277.phpt

diff --git a/ext/date/php_date.c b/ext/date/php_date.c
index ee30071..cd756c2 100644
--- a/ext/date/php_date.c
+++ b/ext/date/php_date.c
@@ -3601,12 +3601,16 @@ PHP_FUNCTION(date_diff)
 }
 /* }}} */
 
-static int timezone_initialize(php_timezone_obj *tzobj, /*const*/ char *tz) /* {{{ */
+static int timezone_initialize(php_timezone_obj *tzobj, /*const*/ char *tz, size_t tz_len) /* {{{ */
 {
 	timelib_time *dummy_t = ecalloc(1, sizeof(timelib_time));
 	int           dst, not_found;
 	char         *orig_tz = tz;
 
+    if (strlen(tz) != tz_len) {
+        php_error_docref(NULL, E_WARNING, "Timezone must not contain null bytes");
+        return FAILURE;
+    }
 	dummy_t->z = timelib_parse_zone(&tz, &dst, dummy_t, &not_found, DATE_TIMEZONEDB, php_date_parse_tzfile_wrapper);
 	if (not_found) {
 		php_error_docref(NULL, E_WARNING, "Unknown or bad timezone (%s)", orig_tz);
@@ -3633,7 +3637,7 @@ PHP_FUNCTION(timezone_open)
 		RETURN_FALSE;
 	}
 	tzobj = Z_PHPTIMEZONE_P(php_date_instantiate(date_ce_timezone, return_value));
-	if (SUCCESS != timezone_initialize(tzobj, tz)) {
+	if (SUCCESS != timezone_initialize(tzobj, tz, tz_len)) {
 		zval_ptr_dtor(return_value);
 		RETURN_FALSE;
 	}
@@ -3656,7 +3660,7 @@ PHP_METHOD(DateTimeZone, __construct)
 
 	zend_replace_error_handling(EH_THROW, NULL, &error_handling);
 	tzobj = Z_PHPTIMEZONE_P(getThis());
-	timezone_initialize(tzobj, tz);
+	timezone_initialize(tzobj, tz, tz_len);
 	zend_restore_error_handling(&error_handling);
 }
 /* }}} */
@@ -3674,7 +3678,7 @@ static int php_date_timezone_initialize_from_hash(zval **return_value, php_timez
 			if (Z_TYPE_P(z_timezone) != IS_STRING) {
 				return FAILURE;
 			}
-			if (SUCCESS == timezone_initialize(*tzobj, Z_STRVAL_P(z_timezone))) {
+			if (SUCCESS == timezone_initialize(*tzobj, Z_STRVAL_P(z_timezone), Z_STRLEN_P(z_timezone))) {
 				return SUCCESS;
 			}
 		}
diff --git a/ext/date/tests/bug70277.phpt b/ext/date/tests/bug70277.phpt
new file mode 100644
index 0000000..9af2d8a
--- /dev/null
+++ b/ext/date/tests/bug70277.phpt
@@ -0,0 +1,17 @@
+--TEST--
+Bug #70277 (new DateTimeZone($foo) is ignoring text after null byte)
+--FILE--
+<?php
+$timezone = "Europe/Zurich\0Foo";
+var_dump(timezone_open($timezone));
+var_dump(new DateTimeZone($timezone));
+?>
+--EXPECTF--
+Warning: timezone_open(): Timezone must not contain null byte in %sbug70277.php on line %d
+bool(false)
+
+Fatal error: Uncaught Exception: DateTimeZone::__construct(): Timezone must not contain null byte in %sbug70277.php:%d
+Stack trace:
+#0 %sbug70277.php(%d): DateTimeZone->__construct('Europe/Zurich\x00F...')
+#1 {main}
+  thrown in %sbug70277.php on line %d
-- 
1.9.5.msysgit.0

 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 15:01:29 2024 UTC