MFH: Fixed bug #29913 (parse_url() is now binary safe). (Ilia)

diff --git a/ext/standard/url.c b/ext/standard/url.c
index fe61cbaf69deb57dd7a05236de4129abc2ed5f0d..714690775ab2b901f177a4cc34e33dc3faadb1c8 100644 (file)
--- a/ext/standard/url.c
+++ b/ext/standard/url.c
@@ -60,15 +60,16 @@ PHPAPI void php_url_free(php_url *theurl)
 
 /* {{{ php_replace_controlchars
  */
-PHPAPI char *php_replace_controlchars(char *str)
+PHPAPI char *php_replace_controlchars_ex(char *str, int len)
 {
        unsigned char *s = (unsigned char *)str;
+       unsigned char *e = (unsigned char *)str + len;
        
        if (!str) {
                return (NULL);
        }
        
-       while (*s) {
+       while (s < e) {
            
                if (iscntrl(*s)) {
                        *s='_';
@@ -79,11 +80,20 @@ PHPAPI char *php_replace_controlchars(char *str)
        return (str);
 } 
 /* }}} */
- 
+
+PHPAPI char *php_replace_controlchars(char *str)
+{
+       return php_replace_controlchars_ex(str, strlen(str));
+} 
+
+PHPAPI php_url *php_url_parse(char const *str)
+{
+       return php_url_parse_ex(str, strlen(str));
+} 
 
 /* {{{ php_url_parse
  */
-PHPAPI php_url *php_url_parse(char *str)
+PHPAPI php_url *php_url_parse_ex(char const *str, int length)
 {
        int length = strlen(str);
        char port_buf[6];
@@ -94,7 +104,7 @@ PHPAPI php_url *php_url_parse(char *str)
        ue = s + length;
 
        /* parse scheme */
-       if ((e = strchr(s, ':')) && (e-s)) {
+       if ((e = memchr(s, ':', length)) && (e - s)) {
                /* 
                 * certain schemas like mailto: and zlib: may not have any / after them
                 * this check ensures we support those.
@@ -113,14 +123,14 @@ PHPAPI php_url *php_url_parse(char *str)
                        }
                        
                        ret->scheme = estrndup(s, (e-s));
-                       php_replace_controlchars(ret->scheme);
+                       php_replace_controlchars_ex(ret->scheme, (e - s));
                        
                        length -= ++e - s;
                        s = e;
                        goto just_path;
                } else {
                        ret->scheme = estrndup(s, (e-s));
-                       php_replace_controlchars(ret->scheme);
+                       php_replace_controlchars_ex(ret->scheme, (e - s));
                
                        if (*(e+2) == '/') {
                                s = e + 3;
@@ -130,8 +140,8 @@ PHPAPI php_url *php_url_parse(char *str)
                                        }
                                }
                        } else {
-                               s = e + 1;
                                if (!strncasecmp("file", ret->scheme, sizeof("file"))) {
+                                       s = e + 1;
                                        goto nohost;
                                } else {
                                        length -= ++e - s;
@@ -164,8 +174,8 @@ PHPAPI php_url *php_url_parse(char *str)
        
        e = ue;
        
-       if (!(p = strchr(s, '/'))) {
-               if ((p = strchr(s, '?'))) {
+       if (!(p = memchr(s, '/', (ue - s)))) {
+               if ((p = memchr(s, '?', (ue - s)))) {
                        e = p;
                }
        } else {
@@ -177,17 +187,17 @@ PHPAPI php_url *php_url_parse(char *str)
                if ((pp = memchr(s, ':', (p-s)))) {
                        if ((pp-s) > 0) {
                                ret->user = estrndup(s, (pp-s));
-                               php_replace_controlchars(ret->user);
+                               php_replace_controlchars_ex(ret->user, (pp - s));
                        }       
                
                        pp++;
                        if (p-pp > 0) {
                                ret->pass = estrndup(pp, (p-pp));
-                               php_replace_controlchars(ret->pass);
+                               php_replace_controlchars_ex(ret->pass, (p-pp));
                        }       
                } else {
                        ret->user = estrndup(s, (p-s));
-                       php_replace_controlchars(ret->user);
+                       php_replace_controlchars_ex(ret->user, (p-s));
                }
                
                s = p + 1;
@@ -235,7 +245,7 @@ PHPAPI php_url *php_url_parse(char *str)
        }
        
        ret->host = estrndup(s, (p-s));
-       php_replace_controlchars(ret->host);
+       php_replace_controlchars_ex(ret->host, (p - s));
        
        if (e == ue) {
                return ret;
@@ -245,7 +255,7 @@ PHPAPI php_url *php_url_parse(char *str)
        
        nohost:
        
-       if ((p = strchr(s, '?'))) {
+       if ((p = memchr(s, '?', (ue - s)))) {
                pp = strchr(s, '#');
                
                if (pp && pp < p) {
@@ -255,24 +265,24 @@ PHPAPI php_url *php_url_parse(char *str)
        
                if (p - s) {
                        ret->path = estrndup(s, (p-s));
-                       php_replace_controlchars(ret->path);
+                       php_replace_controlchars_ex(ret->path, (p - s));
                }       
        
                if (pp) {
                        if (pp - ++p) { 
                                ret->query = estrndup(p, (pp-p));
-                               php_replace_controlchars(ret->query);
+                               php_replace_controlchars_ex(ret->query, (pp - p));
                        }
                        p = pp;
                        goto label_parse;
                } else if (++p - ue) {
                        ret->query = estrndup(p, (ue-p));
-                       php_replace_controlchars(ret->query);
+                       php_replace_controlchars_ex(ret->query, (ue - p));
                }
-       } else if ((p = strchr(s, '#'))) {
+       } else if ((p = memchr(s, '#', (ue - s)))) {
                if (p - s) {
                        ret->path = estrndup(s, (p-s));
-                       php_replace_controlchars(ret->path);
+                       php_replace_controlchars_ex(ret->path, (p - s));
                }       
                
                label_parse:
@@ -280,11 +290,11 @@ PHPAPI php_url *php_url_parse(char *str)
                
                if (ue - p) {
                        ret->fragment = estrndup(p, (ue-p));
-                       php_replace_controlchars(ret->fragment);
+                       php_replace_controlchars_ex(ret->fragment, (ue - p));
                }       
        } else {
                ret->path = estrndup(s, (ue-s));
-               php_replace_controlchars(ret->path);
+               php_replace_controlchars_ex(ret->path, (ue - s));
        }
 
        return ret;
@@ -303,7 +313,7 @@ PHP_FUNCTION(parse_url)
                return;
        }
 
-       resource = php_url_parse(str);
+       resource = php_url_parse_ex(str, str_len);
        if (resource == NULL) {
                php_error_docref1(NULL TSRMLS_CC, str, E_WARNING, "Unable to parse url");
                RETURN_FALSE;

diff --git a/ext/standard/url.h b/ext/standard/url.h
index 0fce2214842a04642324253d2ccf53540a5175d1..cc63d18cff6e3e78ef6d195ffdf18a5e5840c2e7 100644 (file)
--- a/ext/standard/url.h
+++ b/ext/standard/url.h
@@ -32,7 +32,8 @@ typedef struct php_url {
 } php_url;
 
 PHPAPI void php_url_free(php_url *theurl);
-PHPAPI php_url *php_url_parse(char *str);
+PHPAPI php_url *php_url_parse(char const *str);
+PHPAPI php_url *php_url_parse_ex(char const *str, int length);
 PHPAPI int php_url_decode(char *str, int len); /* return value: length of decoded string */
 PHPAPI int php_raw_url_decode(char *str, int len); /* return value: length of decoded string */
 PHPAPI char *php_url_encode(char *s, int len, int *new_length);