Overview

File php5-CVE-2021-21707.patch of Package php5

Index: php-5.6.40/ext/dom/domimplementation.c
===================================================================
--- php-5.6.40.orig/ext/dom/domimplementation.c
+++ php-5.6.40/ext/dom/domimplementation.c
@@ -111,6 +111,11 @@ PHP_METHOD(domimplementation, createDocu
 	if (systemid_len > 0)
 		pch2 = systemid;
 
+	if (strstr(name, "%00")) {
+		php_error_docref(NULL, E_WARNING, "URI must not contain percent-encoded NUL bytes");
+		RETURN_FALSE;
+	}
+
 	uri = xmlParseURI(name);
 	if (uri != NULL && uri->opaque != NULL) {
 		localname = xmlStrdup(uri->opaque);
Index: php-5.6.40/ext/libxml/libxml.c
===================================================================
--- php-5.6.40.orig/ext/libxml/libxml.c
+++ php-5.6.40/ext/libxml/libxml.c
@@ -301,6 +301,11 @@ static void *php_libxml_streams_IO_open_
 
 	TSRMLS_FETCH();
 
+	if (strstr(filename, "%00")) {
+		php_error_docref(NULL, E_WARNING, "URI must not contain percent-encoded NUL bytes");
+		return NULL;
+	}
+
 	uri = xmlParseURI(filename);
 	if (uri && (uri->scheme == NULL ||
 			(xmlStrncmp(BAD_CAST uri->scheme, BAD_CAST "file", 4) == 0))) {
@@ -431,6 +436,11 @@ php_libxml_output_buffer_create_filename
 	if (URI == NULL)
 		return(NULL);
 
+	if (strstr(URI, "%00")) {
+		php_error_docref(NULL, E_WARNING, "URI must not contain percent-encoded NUL bytes");
+		return NULL;
+	}
+
 	puri = xmlParseURI(URI);
 	if (puri != NULL) {
 		if (puri->scheme != NULL)
openSUSE Build Service is sponsored by
Places