Fixed bug #76829 Incorrect validation of domain on idn_to_utf8() function

As stated by RFC 5890, U-Labels might be up to 252 Unicode code points
long. This can be fixed in 7.1+ as well, but there might potentially be
issues in some existing apps expecting the output to be max 255 octets
long. Thus it seems to be safer to not to touch stable branches.

diff --git a/ext/intl/idn/idn.c b/ext/intl/idn/idn.c
index 99c7bd7331e6a805a4a8f03e3803610335ee6b34..fd05600731271878dd9eeb3a3341b28133c7e077 100644 (file)
--- a/ext/intl/idn/idn.c
+++ b/ext/intl/idn/idn.c
@@ -138,7 +138,7 @@ static void php_intl_idn_to_46(INTERNAL_FUNCTION_PARAMETERS,
        UErrorCode        status = U_ZERO_ERROR;
        UIDNA             *uts46;
        int32_t           len;
-       int32_t           buffer_capac = 255; /* no domain name may exceed this */
+       int32_t           buffer_capac = 252*4; /* no domain name may exceed this */
        zend_string       *buffer = zend_string_alloc(buffer_capac, 0);
        UIDNAInfo         info = UIDNA_INFO_INITIALIZER;
        int                       buffer_used = 0;
@@ -156,7 +156,7 @@ static void php_intl_idn_to_46(INTERNAL_FUNCTION_PARAMETERS,
                len = uidna_nameToUnicodeUTF8(uts46, ZSTR_VAL(domain), ZSTR_LEN(domain),
                                ZSTR_VAL(buffer), buffer_capac, &info, &status);
        }
-       if (len >= 255 || php_intl_idn_check_status(status, "failed to convert name") == FAILURE) {
+       if (len >= 252*4 || php_intl_idn_check_status(status, "failed to convert name") == FAILURE) {
                uidna_close(uts46);
                zend_string_efree(buffer);
                RETURN_FALSE;

diff --git a/ext/intl/tests/idn_bug76829.phpt b/ext/intl/tests/idn_bug76829.phpt
new file mode 100644 (file)
index 0000000..a751c61
--- /dev/null
+++ b/ext/intl/tests/idn_bug76829.phpt
@@ -0,0 +1,16 @@
+--TEST--
+Bug #76829 Incorrect validation of domain on idn_to_utf8() function
+--SKIPIF--
+<?php if( !extension_loaded( 'intl' ) ) print 'skip'; ?>
+--FILE--
+<?php
+
+$punycode = idn_to_ascii('абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаеж.рф', IDNA_DEFAULT, INTL_IDNA_VARIANT_UTS46);
+
+$unicode = idn_to_utf8($punycode, IDNA_DEFAULT, INTL_IDNA_VARIANT_UTS46);
+
+var_dump($unicode);
+
+?>
+--EXPECT--
+string(294) "абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаеж.рф"