php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login | |
Patch fix-options-5.5 for *General Issues Bug #68089Patch version 2014-09-29 01:01 UTC Return to Bug #68089 | Download this patchThis patch renders other patches obsolete Obsolete patches:
Developer: stas@php.netcommit 67c7303d453635dce8ab0ea1871d69a184998bbd Author: Stanislav Malyshev <stas@php.net> Date: Sun Sep 28 17:53:49 2014 -0700 Fix bug #68089 - do not accept options with embedded \0 diff --git a/ext/curl/interface.c b/ext/curl/interface.c index 765918c..ac5e20f 100644 --- a/ext/curl/interface.c +++ b/ext/curl/interface.c @@ -169,6 +169,11 @@ static int php_curl_option_str(php_curl *ch, long option, const char *str, const { CURLcode error = CURLE_OK; + if (strlen(str) != len) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Curl option %ld contains invalid characters (\\0)", option); + return FAILURE; + } + #if LIBCURL_VERSION_NUM >= 0x071100 if (make_copy) { #endif diff --git a/ext/curl/tests/bug68089.phpt b/ext/curl/tests/bug68089.phpt new file mode 100644 index 0000000..34bbf0d --- /dev/null +++ b/ext/curl/tests/bug68089.phpt @@ -0,0 +1,18 @@ +--TEST-- +Bug #68089 (NULL byte injection - cURL lib) +--SKIPIF-- +<?php +include 'skipif.inc'; + +?> +--FILE-- +<?php +$url = "file:///etc/passwd\0http://google.com"; +$ch = curl_init(); +var_dump(curl_setopt($ch, CURLOPT_URL, $url)); +?> +Done +--EXPECTF-- +Warning: curl_setopt(): Curl option %d contains invalid characters (\0) in %s/bug68089.php on line 4 +bool(false) +Done \ No newline at end of file |
Copyright © 2001-2024 The PHP Group All rights reserved. |
Last updated: Tue Dec 03 17:01:29 2024 UTC |