From: Rui Hirokawa Date: Tue, 21 Mar 2006 07:47:43 +0000 (+0000) Subject: added mb_check_encoding() to detect possible invalid encoding attack. X-Git-Tag: RELEASE_1_3~338 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=0fb7618d6e74b4304d0512f5fe64770e3944dad6;p=php added mb_check_encoding() to detect possible invalid encoding attack. --- diff --git a/ext/mbstring/libmbfl/mbfl/mbfilter.c b/ext/mbstring/libmbfl/mbfl/mbfilter.c index cc8800cd8f..ed674b2b65 100644 --- a/ext/mbstring/libmbfl/mbfl/mbfilter.c +++ b/ext/mbstring/libmbfl/mbfl/mbfilter.c @@ -335,6 +335,10 @@ int mbfl_buffer_illegalchars(mbfl_buffer_converter *convd) { int num_illegalchars = 0; + if (convd == NULL) { + return 0; + } + if (convd->filter1 != NULL) { num_illegalchars += convd->filter1->num_illegalchar; } diff --git a/ext/mbstring/mbstring.c b/ext/mbstring/mbstring.c index cf8745c07c..054ae7e28d 100644 --- a/ext/mbstring/mbstring.c +++ b/ext/mbstring/mbstring.c @@ -221,6 +221,7 @@ zend_function_entry mbstring_functions[] = { PHP_FE(mb_decode_numericentity, NULL) PHP_FE(mb_send_mail, NULL) PHP_FE(mb_get_info, NULL) + PHP_FE(mb_check_encoding, NULL) #if HAVE_MBREGEX PHP_MBREGEX_FUNCTION_ENTRIES #endif @@ -2084,7 +2085,7 @@ MBSTRING_API char * php_mb_convert_encoding(char *input, size_t length, char *_t output = (char *)ret->val; } - MBSTRG(illegalchars) += mbfl_buffer_illegalchars(MBSTRG(outconv)); + MBSTRG(illegalchars) += mbfl_buffer_illegalchars(convd); mbfl_buffer_converter_delete(convd); return output; } @@ -3454,6 +3455,67 @@ PHP_FUNCTION(mb_get_info) } /* }}} */ +/* {{{ proto bool mb_check_encoding([string var[, string encoding]]) + Check if the string is valid for the specified encoding */ +PHP_FUNCTION(mb_check_encoding) +{ + char *var = NULL; + int var_len; + char *enc = NULL; + int enc_len; + char *name; + mbfl_buffer_converter *convd; + enum mbfl_no_encoding no_encoding = MBSTRG(current_internal_encoding); + zval *row; + mbfl_string string, result, *ret = NULL; + long illegalchars = 0; + + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|ss", &var, &var_len, &enc, &enc_len) == FAILURE) { + RETURN_FALSE; + } + + if (var == NULL) { + RETURN_BOOL(MBSTRG(illegalchars) == 0); + } + + if (enc != NULL) { + no_encoding = mbfl_name2no_encoding(enc); + if (no_encoding == mbfl_no_encoding_invalid || no_encoding == mbfl_no_encoding_pass) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid encoding \"%s\"", enc); + RETURN_FALSE; + } + } + + convd = mbfl_buffer_converter_new(no_encoding, no_encoding, 0); + if (convd == NULL) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to create converter"); + RETURN_FALSE; + } + mbfl_buffer_converter_illegal_mode(convd, MBSTRG(current_filter_illegal_mode)); + mbfl_buffer_converter_illegal_substchar(convd, MBSTRG(current_filter_illegal_substchar)); + + /* initialize string */ + mbfl_string_init(&string); + mbfl_string_init(&result); + string.no_encoding = no_encoding; + string.no_language = MBSTRG(current_language); + + string.val = (unsigned char *)var; + string.len = var_len; + ret = mbfl_buffer_converter_feed_result(convd, &string, &result); + illegalchars = mbfl_buffer_illegalchars(convd); + mbfl_buffer_converter_delete(convd); + + if (ret != NULL) { + MBSTRG(illegalchars) += illegalchars; + efree(ret->val); + RETURN_BOOL(illegalchars == 0); + } else { + RETURN_FALSE; + } +} +/* }}} */ + /* {{{ MBSTRING_API int php_mb_encoding_translation() */ MBSTRING_API int php_mb_encoding_translation(TSRMLS_D) { @@ -3614,6 +3676,7 @@ MBSTRING_API int php_mb_gpc_encoding_converter(char **str, int *len, int num, co str[i] = ret->val; len[i] = ret->len; } + MBSTRG(illegalchars) += mbfl_buffer_illegalchars(convd); mbfl_buffer_converter_delete(convd); } @@ -3831,6 +3894,7 @@ int php_mb_encoding_converter(char **to, int *to_length, const char *from, *to = ret->val; *to_length = ret->len; } + MBSTRG(illegalchars) += mbfl_buffer_illegalchars(convd); mbfl_buffer_converter_delete(convd); diff --git a/ext/mbstring/mbstring.h b/ext/mbstring/mbstring.h index 4eecb32c8a..f433bbf631 100644 --- a/ext/mbstring/mbstring.h +++ b/ext/mbstring/mbstring.h @@ -120,6 +120,7 @@ PHP_FUNCTION(mb_encode_numericentity); PHP_FUNCTION(mb_decode_numericentity); PHP_FUNCTION(mb_send_mail); PHP_FUNCTION(mb_get_info); +PHP_FUNCTION(mb_check_encoding); MBSTRING_API int php_mb_encoding_translation(TSRMLS_D);