php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Return to Bug #73911
Patch fix-73911 revision 2017-01-12 01:30 UTC by cmb@php.net

Patch fix-73911 for EXIF related Bug #73911

Patch version 2017-01-12 01:30 UTC

Return to Bug #73911 | Download this patch
Patch Revisions:

Developer: cmb@php.net

From 09974c1209c80caab53f2d0167c7c7ea623feb95 Mon Sep 17 00:00:00 2001
From: "Christoph M. Becker" <cmbecker69@gmx.de>
Date: Thu, 12 Jan 2017 02:28:33 +0100
Subject: [PATCH] Fix #73911: Missing null byte checks for paths in
 exif_imagetype

ZPP should expect a `p` instead of an `s` here.
---
 ext/exif/exif.c              |   2 +-
 ext/exif/tests/bug73911.phpt |  17 +++++++++++++++++
 ext/exif/tests/bug73911.png  | Bin 0 -> 69 bytes
 3 files changed, 18 insertions(+), 1 deletion(-)
 create mode 100644 ext/exif/tests/bug73911.phpt
 create mode 100644 ext/exif/tests/bug73911.png

diff --git a/ext/exif/exif.c b/ext/exif/exif.c
index 3663b3f..1c8772f 100644
--- a/ext/exif/exif.c
+++ b/ext/exif/exif.c
@@ -4210,7 +4210,7 @@ PHP_FUNCTION(exif_imagetype)
 	php_stream * stream;
  	int itype = 0;
 
-	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &imagefile, &imagefile_len) == FAILURE) {
+	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "p", &imagefile, &imagefile_len) == FAILURE) {
 		return;
 	}
 
diff --git a/ext/exif/tests/bug73911.phpt b/ext/exif/tests/bug73911.phpt
new file mode 100644
index 0000000..3ee620d
--- /dev/null
+++ b/ext/exif/tests/bug73911.phpt
@@ -0,0 +1,17 @@
+--TEST--
+Bug #73911 (Missing null byte checks for paths in exif_imagetype)
+--SKIPIF--
+<?php
+if (!extension_loaded('exif')) die('skip exif extension not available');
+?>
+--FILE--
+<?php
+$filename = __DIR__ . DIRECTORY_SEPARATOR . 'bug73911.png';
+
+var_dump(exif_imagetype("$filename\0bug73911.jpg"));
+?>
+===DONE===
+--EXPECTF--
+Warning: exif_imagetype() expects parameter 1 to be a valid path, string given in %s on line %d
+NULL
+===DONE===
diff --git a/ext/exif/tests/bug73911.png b/ext/exif/tests/bug73911.png
new file mode 100644
index 0000000000000000000000000000000000000000..0f2e143b39a2e37e52841ff55d410a2000125eca
GIT binary patch
literal 69
zcmeAS@N?(olHy`uVBq!ia0vp^j3CUx1SBVv2j2ryJf1F&AsjQ46A}`DJQfDV#ayC~
Pfh-13S3j3^P6<r_huRGg

literal 0
HcmV?d00001

-- 
2.10.2.windows.1

 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Sun Jun 16 04:01:27 2019 UTC