Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
devel:languages:php:php56
php5
php5-CVE-2021-21705.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File php5-CVE-2021-21705.patch of Package php5
Index: php-5.6.40/ext/filter/logical_filters.c =================================================================== --- php-5.6.40.orig/ext/filter/logical_filters.c +++ php-5.6.40/ext/filter/logical_filters.c @@ -445,6 +445,22 @@ void php_filter_validate_regexp(PHP_INPU } /* }}} */ +static int is_userinfo_valid(char *str) +{ + const char *valid = "-._~!$&'()*+,;=:"; + const char *p = str; + while (p - str < strlen(str)) { + if (isalpha(*p) || isdigit(*p) || strchr(valid, *p)) { + p++; + } else if (*p == '%' && p - str <= strlen(str) - 3 && isdigit(*(p+1)) && isxdigit(*(p+2))) { + p += 3; + } else { + return 0; + } + } + return 1; +} + void php_filter_validate_url(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */ { php_url *url; @@ -496,6 +512,15 @@ bad_url: php_url_free(url); RETURN_VALIDATION_FAILED } + + if (url->user != NULL && !is_userinfo_valid(url->user) + || url->pass != NULL && !is_userinfo_valid(url->pass) + ) { + php_url_free(url); + RETURN_VALIDATION_FAILED + + } + php_url_free(url); } /* }}} */
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor