{
CURLcode error = CURLE_OK;
+ if (strlen(str) != len) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Curl option contains invalid characters (\\0)");
+ return 0;
+ }
+
#if LIBCURL_VERSION_NUM >= 0x071100
if (make_copy) {
#endif
- char *copystr;
- /* Strings passed to libcurl as 'char *' arguments, are copied by the library since 7.17.0 */
- copystr = estrndup(str, len);
- error = curl_easy_setopt(ch->cp, option, copystr);
- zend_llist_add_element(&ch->to_free->str, ©str);
-#if LIBCURL_VERSION_NUM >= 0x071100
- } else {
- error = curl_easy_setopt(ch->cp, option, str);
+ if (strlen(url) != len) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Curl option contains invalid characters (\\0)");
+ return 0;
}
-#endif
- SAVE_CURL_ERROR(ch, error)
-
- return error == CURLE_OK ? SUCCESS : FAILURE;
-}
-
-static int php_curl_option_url(php_curl *ch, const char *url, const int len TSRMLS_DC) /* {{{ */
-{
/* Disable file:// if open_basedir are used */
if (PG(open_basedir) && *PG(open_basedir)) {
#if LIBCURL_VERSION_NUM >= 0x071304
--- /dev/null
+--TEST--
+Bug #68089 (NULL byte injection - cURL lib)
+--SKIPIF--
+<?php
+include 'skipif.inc';
+
+?>
+--FILE--
+<?php
+$url = "file:///etc/passwd\0http://google.com";
+$ch = curl_init();
+var_dump(curl_setopt($ch, CURLOPT_URL, $url));
+?>
+Done
+--EXPECTF--
+Warning: curl_setopt(): Curl option contains invalid characters (\0) in %s/bug68089.php on line 4
+bool(false)
+Done
projects / php / commitdiff