archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 05:58:45 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fix signedness confusion in php_filter_validate_domain()

Browse source 
As is, there is the possibility that integer underflow occurs, making
`_php_filter_validate_domain()` succeed for very long domain names.

Cf. <https://pwning.systems/posts/php_filter_var_shenanigans/>.
This commit is contained in:
Christoph M. Becker 2022-03-28 11:26:17 +02:00
parent aa352c2c54
commit 771dbdb319
No known key found for this signature in database
GPG key ID: D66C9593118BCCB6
2 changed files with 4 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
NEWS
View file

@ -8,6 +8,9 @@ PHP NEWS
(Tim Düsterhus)
. Fixed bug GH-8160 (ZTS support on Alpine is broken). (Michael Voříšek)
- Filter:
. Fixed signedness confusion in php_filter_validate_domain(). (cmb)
- Intl:
. Fixed bug GH-8142 (Compilation error on cygwin). (David Carlier)

2
ext/filter/logical_filters.c
View file

@ -496,7 +496,7 @@ void php_filter_validate_regexp(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
}
}
static int _php_filter_validate_domain(char * domain, int len, zend_long flags) /* {{{ */
static int _php_filter_validate_domain(char * domain, size_t len, zend_long flags) /* {{{ */
{
char *e, *s, *t;
size_t l;