]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4839387)
Fix bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large
authorAdam Harvey <aharvey@php.net>
Mon, 27 Sep 2010 07:08:04 +0000 (07:08 +0000)
committerAdam Harvey <aharvey@php.net>
Mon, 27 Sep 2010 07:08:04 +0000 (07:08 +0000)
amount of data).

NEWS patch | blob | history
ext/filter/logical_filters.c patch | blob | history
ext/filter/tests/bug52929.phpt [new file with mode: 0644] patch | blob

diff --git a/NEWS b/NEWS
index d902359f1ebf7bc71d0cd0b8a269ef5a0408774c..3f7cb5eab95fad88b9127932ceaeda6745d6c136 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -21,6 +21,8 @@
 - Fixed possible crash in mssql_fetch_batch(). (Kalle)
 - Fixed inconsistent backlog default value (-1) in FPM on many systems. (fat)
 
+- Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with
+  large amount of data). (Adam)
 - Fixed bug #52926 (zlib fopen wrapper does not use context). (Gustavo)
 - Fixed bug #52891 (Wrong data inserted with mysqli/mysqlnd when using
   mysqli_stmt_bind_param and value> PHP_INT_MAX). (Andrey)
diff --git a/ext/filter/logical_filters.c b/ext/filter/logical_filters.c
index bfa919262d93705dc78163581a60af638fd2b9a3..a1e6aee8fab8fc9d58595dacc15c1cffe2ae70e2 100644 (file)
--- a/ext/filter/logical_filters.c
+++ b/ext/filter/logical_filters.c
@@ -531,6 +531,11 @@ void php_filter_validate_email(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
        int         matches;
 
 
+       /* The maximum length of an e-mail address is 320 octets, per RFC 2821. */
+       if (Z_STRLEN_P(value) > 320) {
+               RETURN_VALIDATION_FAILED
+       }
+
        re = pcre_get_compiled_regex((char *)regexp, &pcre_extra, &preg_options TSRMLS_CC);
        if (!re) {
                RETURN_VALIDATION_FAILED
diff --git a/ext/filter/tests/bug52929.phpt b/ext/filter/tests/bug52929.phpt
new file mode 100644 (file)
index 0000000..2933295
--- /dev/null
+++ b/ext/filter/tests/bug52929.phpt
@@ -0,0 +1,18 @@
+--TEST--
+Bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data)
+--SKIPIF--
+<?php if (!extension_loaded("filter")) die("skip"); ?>
+--FILE--
+<?php
+var_dump(filter_var('valid@email.address', FILTER_VALIDATE_EMAIL));
+
+// Beyond the allowable limit for an e-mail address.
+var_dump(filter_var('xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy.zz', FILTER_VALIDATE_EMAIL));
+
+// An invalid address likely to crash PHP due to stack exhaustion if it goes to
+// the validation regex.
+var_dump(filter_var(str_repeat('x', 8000), FILTER_VALIDATE_EMAIL));
+--EXPECT--     
+string(19) "valid@email.address"
+bool(false)
+bool(false)
Unnamed repository; edit this file 'description' to name the repository.