Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP1:GA
php7.27849
php7-CVE-2021-21705.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File php7-CVE-2021-21705.patch of Package php7.27849
Index: php-7.2.34/ext/filter/logical_filters.c =================================================================== --- php-7.2.34.orig/ext/filter/logical_filters.c +++ php-7.2.34/ext/filter/logical_filters.c @@ -514,6 +514,22 @@ void php_filter_validate_domain(PHP_INPU } /* }}} */ +static int is_userinfo_valid(zend_string *str) +{ + const char *valid = "-._~!$&'()*+,;=:"; + const char *p = ZSTR_VAL(str); + while (p - ZSTR_VAL(str) < ZSTR_LEN(str)) { + if (isalpha(*p) || isdigit(*p) || strchr(valid, *p)) { + p++; + } else if (*p == '%' && p - ZSTR_VAL(str) <= ZSTR_LEN(str) - 3 && isdigit(*(p+1)) && isxdigit(*(p+2))) { + p += 3; + } else { + return 0; + } + } + return 1; +} + void php_filter_validate_url(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */ { php_url *url; @@ -568,6 +584,15 @@ bad_url: php_url_free(url); RETURN_VALIDATION_FAILED } + + if (url->user != NULL && !is_userinfo_valid(url->user) + || url->pass != NULL && !is_userinfo_valid(url->pass) + ) { + php_url_free(url); + RETURN_VALIDATION_FAILED + + } + php_url_free(url); } /* }}} */
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor