archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 05:58:45 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fix #79971: special character is breaking the path in xml function

Browse source 
The libxml based XML functions accepting a filename actually accept
URIs with possibly percent-encoded characters.  Percent-encoded NUL
bytes lead to truncation, like non-encoded NUL bytes would.  We catch
those, and let the functions fail with a respective warning.
This commit is contained in:
Christoph M. Becker 2020-09-01 10:04:28 +02:00 committed by Stanislav Malyshev
parent 88f99c9c1d
commit f15f8fc573
No known key found for this signature in database
GPG key ID: 94B3CB48C3ECA219
5 changed files with 63 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

9
ext/libxml/libxml.c
View file

@ -306,6 +306,10 @@ static void *php_libxml_streams_IO_open_wrapper(const char *filename, const char
int isescaped=0;
xmlURI *uri;
if (strstr(filename, "%00")) {
php_error_docref(NULL, E_WARNING, "URI must not contain percent-encoded NUL bytes");
return NULL;
}
uri = xmlParseURI(filename);
if (uri && (uri->scheme == NULL ||
@ -437,6 +441,11 @@ php_libxml_output_buffer_create_filename(const char *URI,
if (URI == NULL)
return(NULL);
if (strstr(URI, "%00")) {
php_error_docref(NULL, E_WARNING, "URI must not contain percent-encoded NUL bytes");
return NULL;
}
puri = xmlParseURI(URI);
if (puri != NULL) {
if (puri->scheme != NULL)