File php7-CVE-2021-21705.patch of Package php7.24162

Index: php-7.2.5/ext/filter/logical_filters.c
===================================================================
--- php-7.2.5.orig/ext/filter/logical_filters.c	2018-04-24 17:09:54.000000000 +0200
+++ php-7.2.5/ext/filter/logical_filters.c	2021-07-09 15:26:49.054540192 +0200
@@ -514,6 +514,22 @@ void php_filter_validate_domain(PHP_INPU
 }
 /* }}} */
 
+static int is_userinfo_valid(zend_string *str)
+{
+	const char *valid = "-._~!$&'()*+,;=:";
+	const char *p = ZSTR_VAL(str);
+	while (p - ZSTR_VAL(str) < ZSTR_LEN(str)) {
+		if (isalpha(*p) || isdigit(*p) || strchr(valid, *p)) {
+			p++;
+		} else if (*p == '%' && p - ZSTR_VAL(str) <= ZSTR_LEN(str) - 3 && isdigit(*(p+1)) && isxdigit(*(p+2))) {
+			p += 3;
+		} else {
+			return 0;
+		}
+	}
+	return 1;
+}
+
 void php_filter_validate_url(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
 {
 	php_url *url;
@@ -568,6 +584,15 @@ bad_url:
 		php_url_free(url);
 		RETURN_VALIDATION_FAILED
 	}
+
+	if (url->user != NULL && !is_userinfo_valid(url->user)
+		|| url->pass != NULL && !is_userinfo_valid(url->pass)
+	) {
+		php_url_free(url);
+		RETURN_VALIDATION_FAILED
+
+	}
+
 	php_url_free(url);
 }
 /* }}} */