File php5-CVE-2020-7071.patch of Package php5

X-Git-Url: http://208.43.231.11:8000/?p=php-src.git;a=blobdiff_plain;f=ext%2Fstandard%2Furl.c;h=8d155bb9846c97701dee5ac54c7e0bbcc6c84366;hp=1dd073e2bb423652821f351135b9582d76e175d5;hb=2d3d72412a6734e19a38ed10f385227a6238e4a6;hpb=662083fc4f3a570f5b9180e80c2ddec86a8fded8

Index: php-5.6.40/ext/standard/url.c
===================================================================
--- php-5.6.40.orig/ext/standard/url.c	2021-01-11 12:21:34.005553916 +0100
+++ php-5.6.40/ext/standard/url.c	2021-01-11 12:21:34.037554139 +0100
@@ -92,6 +92,22 @@ PHPAPI php_url *php_url_parse(char const
 	return php_url_parse_ex(str, strlen(str));
 }
 
+static int is_userinfo_valid(const char *str, size_t len)
+{
+	char *valid = "-._~!$&'()*+,;=:";
+	char *p = str;
+	while (p - str < len) {
+		if (isalpha(*p) || isdigit(*p) || strchr(valid, *p)) {
+			p++;
+		} else if (*p == '%' && p - str <= len - 3 && isdigit(*(p+1)) && isxdigit(*(p+2))) {
+			p += 3;
+		} else {
+			return 0;
+		}
+	}
+	return 1;
+}
+
 /* {{{ php_url_parse
  */
 PHPAPI php_url *php_url_parse_ex(char const *str, int length)
@@ -230,13 +246,18 @@ PHPAPI php_url *php_url_parse_ex(char co
 			ret->pass = estrndup(pp, (p-pp));
 			php_replace_controlchars_ex(ret->pass, (p-pp));
 		} else {
+			if (!is_userinfo_valid(s, p-s)) {
+				goto check_port;
+			}
 			ret->user = estrndup(s, (p-s));
 			php_replace_controlchars_ex(ret->user, (p-s));
+
 		}
 
 		s = p + 1;
 	}
 
+check_port:
 	/* check for port */
 	if (s < ue && *s == '[' && *(e-1) == ']') {
 		/* Short circuit portscan,