add length tests for iconv functions

author Stanislav Malyshev <stas@php.net>

Wed, 19 Sep 2007 00:18:01 +0000 (00:18 +0000)

committer Stanislav Malyshev <stas@php.net>

Wed, 19 Sep 2007 00:18:01 +0000 (00:18 +0000)
author Stanislav Malyshev <stas@php.net>
Wed, 19 Sep 2007 00:18:01 +0000 (00:18 +0000)
committer Stanislav Malyshev <stas@php.net>
Wed, 19 Sep 2007 00:18:01 +0000 (00:18 +0000)
diff --git a/ext/iconv/tests/iconv-charset-length-cve-2007-4840.phpt b/ext/iconv/tests/iconv-charset-length-cve-2007-4840.phpt

new file mode 100755 (executable)

index 0000000..03b3574
--- /dev/null
+++ b/ext/iconv/tests/iconv-charset-length-cve-2007-4840.phpt
@@ -0,0 +1,17 @@
+--TEST--
+iconv() charset parameter length checks (CVE-2007-4840)
+--SKIPIF--
+<?php extension_loaded('iconv') or die('skip iconv extension is not available'); ?>
+--FILE--
+<?php
+$a = str_repeat("/", 9000000);
+var_dump(iconv($a, "b", "test"));
+var_dump(iconv("x", $a, "test"));
+?>
+--EXPECTF--
+
+Warning: iconv(): Charset parameter exceeds the maximum allowed length of %d characters in %s on line %d
+bool(false)
+
+Warning: iconv(): Charset parameter exceeds the maximum allowed length of %d characters in %s on line %d
+bool(false)
diff --git a/ext/iconv/tests/iconv_mime_decode-charset-length-cve-2007-4840.phpt b/ext/iconv/tests/iconv_mime_decode-charset-length-cve-2007-4840.phpt

new file mode 100755 (executable)

index 0000000..d4ed01d
--- /dev/null
+++ b/ext/iconv/tests/iconv_mime_decode-charset-length-cve-2007-4840.phpt
@@ -0,0 +1,13 @@
+--TEST--
+iconv_mime_decode() charset parameter length checks (CVE-2007-4840)
+--SKIPIF--
+<?php extension_loaded('iconv') or die('skip iconv extension is not available'); ?>
+--FILE--
+<?php
+$a = str_repeat("/", 9000000);
+var_dump(iconv_mime_decode("a", null, $a));
+?>
+--EXPECTF--
+
+Warning: iconv_mime_decode(): Charset parameter exceeds the maximum allowed length of %d characters in %s on line %d
+bool(false)
diff --git a/ext/iconv/tests/iconv_mime_decode_headers-charset-length-cve-2007-4840.phpt b/ext/iconv/tests/iconv_mime_decode_headers-charset-length-cve-2007-4840.phpt

new file mode 100755 (executable)

index 0000000..48d664d
--- /dev/null
+++ b/ext/iconv/tests/iconv_mime_decode_headers-charset-length-cve-2007-4840.phpt
@@ -0,0 +1,13 @@
+--TEST--
+iconv_mime_decode_headers() charset parameter length checks (CVE-2007-4840)
+--SKIPIF--
+<?php extension_loaded('iconv') or die('skip iconv extension is not available'); ?>
+--FILE--
+<?php
+$a = str_repeat("/", 9000000);
+var_dump(iconv_mime_decode_headers("a", null, $a));
+?>
+--EXPECTF--
+
+Warning: iconv_mime_decode_headers(): Charset parameter exceeds the maximum allowed length of %d characters in %s on line %d
+bool(false)
diff --git a/ext/iconv/tests/iconv_set_encoding-charset-length-cve-2007-4840.phpt b/ext/iconv/tests/iconv_set_encoding-charset-length-cve-2007-4840.phpt

new file mode 100755 (executable)

index 0000000..e6abca5
--- /dev/null
+++ b/ext/iconv/tests/iconv_set_encoding-charset-length-cve-2007-4840.phpt
@@ -0,0 +1,21 @@
+--TEST--
+iconv_set_encoding() charset parameter length checks (CVE-2007-4840)
+--SKIPIF--
+<?php extension_loaded('iconv') or die('skip iconv extension is not available'); ?>
+--FILE--
+<?php
+$a = str_repeat("/", 9000000);
+var_dump(iconv_set_encoding("input_encoding", $a));
+var_dump(iconv_set_encoding("output_encoding", $a));
+var_dump(iconv_set_encoding("internal_encoding", $a));
+?>
+--EXPECTF--
+
+Warning: iconv_set_encoding(): Charset parameter exceeds the maximum allowed length of %d characters in %s on line %d
+bool(false)
+
+Warning: iconv_set_encoding(): Charset parameter exceeds the maximum allowed length of %d characters in %s on line %d
+bool(false)
+
+Warning: iconv_set_encoding(): Charset parameter exceeds the maximum allowed length of %d characters in %s on line %d
+bool(false)
diff --git a/ext/iconv/tests/iconv_strlen-charset-length-cve-2007-4840.phpt b/ext/iconv/tests/iconv_strlen-charset-length-cve-2007-4840.phpt

new file mode 100755 (executable)

index 0000000..348cfb1
--- /dev/null
+++ b/ext/iconv/tests/iconv_strlen-charset-length-cve-2007-4840.phpt
@@ -0,0 +1,13 @@
+--TEST--
+iconv_strlen() charset parameter length checks (CVE-2007-4840)
+--SKIPIF--
+<?php extension_loaded('iconv') or die('skip iconv extension is not available'); ?>
+--FILE--
+<?php
+$a = str_repeat("/", 9791999);
+var_dump(iconv_strlen(1, $a));
+?>
+--EXPECTF--
+
+Warning: iconv_strlen(): Charset parameter exceeds the maximum allowed length of %d characters in %s on line %d
+bool(false)
diff --git a/ext/iconv/tests/iconv_strpos-charset-length-cve-2007-4840.phpt b/ext/iconv/tests/iconv_strpos-charset-length-cve-2007-4840.phpt

new file mode 100755 (executable)

index 0000000..4cb858f
--- /dev/null
+++ b/ext/iconv/tests/iconv_strpos-charset-length-cve-2007-4840.phpt
@@ -0,0 +1,13 @@
+--TEST--
+iconv_strpos() charset parameter length checks (CVE-2007-4840)
+--SKIPIF--
+<?php extension_loaded('iconv') or die('skip iconv extension is not available'); ?>
+--FILE--
+<?php
+$a = str_repeat("/", 9000000);
+var_dump(iconv_strpos("a", "b", 0, $a));
+?>
+--EXPECTF--
+
+Warning: iconv_strpos(): Charset parameter exceeds the maximum allowed length of %d characters in %s on line %d
+bool(false)
diff --git a/ext/iconv/tests/iconv_strrpos-charset-length-cve-2007-4840.phpt b/ext/iconv/tests/iconv_strrpos-charset-length-cve-2007-4840.phpt

new file mode 100755 (executable)

index 0000000..948cc67
--- /dev/null
+++ b/ext/iconv/tests/iconv_strrpos-charset-length-cve-2007-4840.phpt
@@ -0,0 +1,13 @@
+--TEST--
+iconv_strrpos() charset parameter length checks (CVE-2007-4840)
+--SKIPIF--
+<?php extension_loaded('iconv') or die('skip iconv extension is not available'); ?>
+--FILE--
+<?php
+$a = str_repeat("/", 9000000);
+var_dump(iconv_strrpos("a", "b", $a));
+?>
+--EXPECTF--
+
+Warning: iconv_strrpos(): Charset parameter exceeds the maximum allowed length of %d characters in %s on line %d
+bool(false)
diff --git a/ext/iconv/tests/iconv_substr-charset-length-cve-2007-4783.phpt b/ext/iconv/tests/iconv_substr-charset-length-cve-2007-4783.phpt

new file mode 100755 (executable)

index 0000000..c27e60d
--- /dev/null
+++ b/ext/iconv/tests/iconv_substr-charset-length-cve-2007-4783.phpt
@@ -0,0 +1,14 @@
+--TEST--
+iconv_substr() charset parameter length checks (CVE-2007-4783)
+--SKIPIF--
+<?php extension_loaded('iconv') or die('skip iconv extension is not available'); ?>
+--FILE--
+<?php
+$a = str_repeat('A', 99897);
+$b = str_repeat('/', 2798349);
+var_dump(iconv_substr($a, 0, 1, $b));
+?>
+--EXPECTF--
+
+Warning: iconv_substr(): Charset parameter exceeds the maximum allowed length of %d characters in %s on line %d
+bool(false)
author	Stanislav Malyshev <stas@php.net>
	Wed, 19 Sep 2007 00:18:01 +0000 (00:18 +0000)
committer	Stanislav Malyshev <stas@php.net>
	Wed, 19 Sep 2007 00:18:01 +0000 (00:18 +0000)
ext/iconv/tests/iconv-charset-length-cve-2007-4840.phpt	[new file with mode: 0755]	patch \| blob
ext/iconv/tests/iconv_mime_decode-charset-length-cve-2007-4840.phpt	[new file with mode: 0755]	patch \| blob
ext/iconv/tests/iconv_mime_decode_headers-charset-length-cve-2007-4840.phpt	[new file with mode: 0755]	patch \| blob
ext/iconv/tests/iconv_set_encoding-charset-length-cve-2007-4840.phpt	[new file with mode: 0755]	patch \| blob
ext/iconv/tests/iconv_strlen-charset-length-cve-2007-4840.phpt	[new file with mode: 0755]	patch \| blob
ext/iconv/tests/iconv_strpos-charset-length-cve-2007-4840.phpt	[new file with mode: 0755]	patch \| blob
ext/iconv/tests/iconv_strrpos-charset-length-cve-2007-4840.phpt	[new file with mode: 0755]	patch \| blob
ext/iconv/tests/iconv_substr-charset-length-cve-2007-4783.phpt	[new file with mode: 0755]	patch \| blob