Overview

File php7-CVE-2020-7071.patch of Package php7.20329

X-Git-Url: http://208.43.231.11:8000/?p=php-src.git;a=blobdiff_plain;f=ext%2Fstandard%2Furl.c;h=113e0100243a4391a15e8fe1727867239201af7a;hp=a33091a86b75191c469a0c1dd076f0bf911af376;hb=b7f837381ef642d7fb369bfd0069e7525d4c22ea;hpb=b4b4a75afccde07724c39f8e8eb6217bab1db8bd

Index: php-7.4.6/ext/standard/url.c
===================================================================
--- php-7.4.6.orig/ext/standard/url.c	2020-05-12 10:09:27.000000000 +0200
+++ php-7.4.6/ext/standard/url.c	2021-01-11 12:10:00.876716443 +0100
@@ -87,6 +87,22 @@ PHPAPI php_url *php_url_parse(char const
 	return php_url_parse_ex(str, strlen(str));
 }
 
+static int is_userinfo_valid(const char *str, size_t len)
+{
+	const char *valid = "-._~!$&'()*+,;=:";
+	const char *p = str;
+	while (p - str < len) {
+		if (isalpha(*p) || isdigit(*p) || strchr(valid, *p)) {
+			p++;
+		} else if (*p == '%' && p - str <= len - 3 && isdigit(*(p+1)) && isxdigit(*(p+2))) {
+			p += 3;
+		} else {
+			return 0;
+		}
+	}
+	return 1;
+}
+
 /* {{{ php_url_parse
  */
 PHPAPI php_url *php_url_parse_ex(char const *str, size_t length)
@@ -228,13 +244,17 @@ PHPAPI php_url *php_url_parse_ex(char co
 			ret->pass = zend_string_init(pp, (p-pp), 0);
 			php_replace_controlchars_ex(ZSTR_VAL(ret->pass), ZSTR_LEN(ret->pass));
 		} else {
-			ret->user = zend_string_init(s, (p-s), 0);
-			php_replace_controlchars_ex(ZSTR_VAL(ret->user), ZSTR_LEN(ret->user));
+			if (!is_userinfo_valid(s, p-s)) {
+				goto check_port;
+			}
+            ret->user = zend_string_init(s, (p-s), 0);
+            php_replace_controlchars_ex(ZSTR_VAL(ret->user), ZSTR_LEN(ret->user));
 		}
 
 		s = p + 1;
 	}
 
+check_port:
 	/* check for port */
 	if (s < ue && *s == '[' && *(e-1) == ']') {
 		/* Short circuit portscan,
openSUSE Build Service is sponsored by
Places