Patch fix-options-5.5 for *General Issues Bug #68089

Patch version 2014-09-29 01:01 UTC

Obsolete patches:

• bug68089.diff, revision 2014-09-25 10:40 UTC
• fix-5.5, revision 2014-09-29 00:54 UTC
• fix-options-5.5, revision 2014-09-29 00:56 UTC
• fix-options-5.5, revision 2014-09-29 00:57 UTC

• 2014-09-29 01:01 UTC [diff to current]
• 2014-09-29 00:57 UTC [diff to current]
• 2014-09-29 00:56 UTC [diff to current]

Developer: stas@php.net

commit 67c7303d453635dce8ab0ea1871d69a184998bbd
Author: Stanislav Malyshev <stas@php.net>
Date:   Sun Sep 28 17:53:49 2014 -0700

    Fix bug #68089 - do not accept options with embedded \0

diff --git a/ext/curl/interface.c b/ext/curl/interface.c
index 765918c..ac5e20f 100644
--- a/ext/curl/interface.c
+++ b/ext/curl/interface.c
@@ -169,6 +169,11 @@ static int php_curl_option_str(php_curl *ch, long option, const char *str, const
 {
 	CURLcode error = CURLE_OK;
 
+	if (strlen(str) != len) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Curl option %ld contains invalid characters (\\0)", option);
+		return FAILURE;
+	}
+
 #if LIBCURL_VERSION_NUM >= 0x071100
 	if (make_copy) {
 #endif
diff --git a/ext/curl/tests/bug68089.phpt b/ext/curl/tests/bug68089.phpt
new file mode 100644
index 0000000..34bbf0d
--- /dev/null
+++ b/ext/curl/tests/bug68089.phpt
@@ -0,0 +1,18 @@
+--TEST--
+Bug #68089 (NULL byte injection - cURL lib)
+--SKIPIF--
+<?php 
+include 'skipif.inc';
+
+?>
+--FILE--
+<?php
+$url = "file:///etc/passwd\0http://google.com";
+$ch = curl_init();
+var_dump(curl_setopt($ch, CURLOPT_URL, $url));
+?>
+Done
+--EXPECTF--
+Warning: curl_setopt(): Curl option %d contains invalid characters (\0) in %s/bug68089.php on line 4
+bool(false)
+Done
\ No newline at end of file