Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
Please login to access the resource
home:bastianfriedrich:branches:openSUSE:Leap:15.3:Update
php7
php7-CVE-2021-21705.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File php7-CVE-2021-21705.patch of Package php7
Index: php-7.4.6/ext/filter/logical_filters.c =================================================================== --- php-7.4.6.orig/ext/filter/logical_filters.c 2020-05-12 10:09:22.000000000 +0200 +++ php-7.4.6/ext/filter/logical_filters.c 2021-07-09 14:56:54.242534739 +0200 @@ -555,6 +555,22 @@ void php_filter_validate_domain(PHP_INPU } /* }}} */ +static int is_userinfo_valid(zend_string *str) +{ + const char *valid = "-._~!$&'()*+,;=:"; + const char *p = ZSTR_VAL(str); + while (p - ZSTR_VAL(str) < ZSTR_LEN(str)) { + if (isalpha(*p) || isdigit(*p) || strchr(valid, *p)) { + p++; + } else if (*p == '%' && p - ZSTR_VAL(str) <= ZSTR_LEN(str) - 3 && isdigit(*(p+1)) && isxdigit(*(p+2))) { + p += 3; + } else { + return 0; + } + } + return 1; +} + void php_filter_validate_url(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */ { php_url *url; @@ -615,6 +631,15 @@ bad_url: php_url_free(url); RETURN_VALIDATION_FAILED } + + if (url->user != NULL && !is_userinfo_valid(url->user) + || url->pass != NULL && !is_userinfo_valid(url->pass) + ) { + php_url_free(url); + RETURN_VALIDATION_FAILED + + } + php_url_free(url); } /* }}} */
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor