From: Antony Dovgal <tony2001@php.net>
Date: Mon, 13 Nov 2006 20:17:05 +0000 (+0000)
Subject: fix leaks in get_meta_tags() when used with b0rked HTML
X-Git-Tag: RELEASE_1_0_0RC1~1026
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=49a2ae60d09431710f7c08736fca7f5f958d3d6c;p=php

fix leaks in get_meta_tags() when used with b0rked HTML
add test
---

diff --git a/ext/standard/file.c b/ext/standard/file.c
index bc36855b84..be50f0dc61 100644
--- a/ext/standard/file.c
+++ b/ext/standard/file.c
@@ -425,6 +425,7 @@ PHP_FUNCTION(get_meta_tags)
 				}
 			} else if (tok_last == TOK_EQUAL && looking_for_val) {
 				if (saw_name) {
+					STR_FREE(name);
 					/* Get the NAME attr (Single word attr, non-quoted) */
 					temp = name = estrndup(md.token_data, md.token_len);
 
@@ -437,6 +438,7 @@ PHP_FUNCTION(get_meta_tags)
 
 					have_name = 1;
 				} else if (saw_content) {
+					STR_FREE(value);
 					/* Get the CONTENT attr (Single word attr, non-quoted) */
 					value = estrndup(md.token_data, md.token_len);
 
@@ -459,6 +461,7 @@ PHP_FUNCTION(get_meta_tags)
 			}
 		} else if (tok == TOK_STRING && tok_last == TOK_EQUAL && looking_for_val) {
 			if (saw_name) {
+				STR_FREE(name);
 				/* Get the NAME attr (Quoted single/double) */
 				temp = name = estrndup(md.token_data, md.token_len);
 
@@ -471,6 +474,7 @@ PHP_FUNCTION(get_meta_tags)
 
 				have_name = 1;
 			} else if (saw_content) {
+				STR_FREE(value);
 				/* Get the CONTENT attr (Single word attr, non-quoted) */
 				value = estrndup(md.token_data, md.token_len);
 
@@ -490,12 +494,13 @@ PHP_FUNCTION(get_meta_tags)
 				/* For BC */
 				php_strtolower(name, strlen(name));
 				if (have_content) {
-					add_assoc_utf8_string(return_value, name, value, 0); 
+					add_assoc_utf8_string(return_value, name, value, 1); 
 				} else {
 					add_assoc_utf8_string(return_value, name, "", 1);
 				}
 
 				efree(name);
+				efree(value);
 			} else if (have_content) {
 				efree(value);
 			}
@@ -517,6 +522,8 @@ PHP_FUNCTION(get_meta_tags)
 		md.token_data = NULL;
 	}
 
+	STR_FREE(value);
+	STR_FREE(name);
 	php_stream_close(md.stream);
 }
 
diff --git a/ext/standard/tests/strings/get_meta_tags.phpt b/ext/standard/tests/strings/get_meta_tags.phpt
new file mode 100644
index 0000000000..7d6fe27ae1
--- /dev/null
+++ b/ext/standard/tests/strings/get_meta_tags.phpt
@@ -0,0 +1,133 @@
+--TEST--
+get_meta_tags() tests
+--FILE--
+<?php
+
+$filename = dirname(__FILE__)."/get_meta_tags.html";
+
+$data = <<<DATA
+<meta name="author" content="name">
+<meta name="keywords" content="php documentation">
+<meta name="DESCRIPTION" content="a php manual">
+<meta name="geo.position" content="49.33;-86.59">
+</head> <!-- parsing stops here -->
+DATA;
+
+$data1 = <<<DATA
+<html>
+    <head>
+        <meta name="author" content="name">
+        <meta name="keywords" content="php documentation">
+        <meta name="DESCRIPTION" content="a php manual">
+        <meta name="geo.position" content="49.33;-86.59">
+    </head>
+    <body>
+        <meta name="author" content="name1">
+        <meta name="keywords" content="php documentation1">
+        <meta name="DESCRIPTION" content="a php manual1">
+        <meta name="geo.position" content="49.33;-86.591">
+    </body>
+</html>
+DATA;
+
+$data2 = <<<DATA
+<meta name="author" content="name"
+<meta name="keywords" content="php documentation">
+DATA;
+
+$data3 = <<<DATA
+<meta <meta name="keywords" content="php documentation">
+DATA;
+
+$data4 = <<<DATA
+<meta name="author" content="name"
+<meta name="keywords" content="php documentation"
+DATA;
+
+$array = array($data, $data1, $data2, $data3, $data4, "", "<>", "<meta<<<<<");
+
+foreach ($array as $html) {
+	file_put_contents($filename, $html);
+	var_dump(get_meta_tags($filename));
+}
+
+@unlink($filename);
+
+echo "Done\n";
+?>
+--EXPECTF--	
+array(4) {
+  ["author"]=>
+  string(4) "name"
+  ["keywords"]=>
+  string(17) "php documentation"
+  ["description"]=>
+  string(12) "a php manual"
+  ["geo_position"]=>
+  string(12) "49.33;-86.59"
+}
+array(4) {
+  ["author"]=>
+  string(4) "name"
+  ["keywords"]=>
+  string(17) "php documentation"
+  ["description"]=>
+  string(12) "a php manual"
+  ["geo_position"]=>
+  string(12) "49.33;-86.59"
+}
+array(1) {
+  ["keywords"]=>
+  string(17) "php documentation"
+}
+array(1) {
+  ["keywords"]=>
+  string(17) "php documentation"
+}
+array(0) {
+}
+array(0) {
+}
+array(0) {
+}
+array(0) {
+}
+Done
+--UEXPECTF--
+array(4) {
+  ["author"]=>
+  unicode(4) "name"
+  ["keywords"]=>
+  unicode(17) "php documentation"
+  ["description"]=>
+  unicode(12) "a php manual"
+  ["geo_position"]=>
+  unicode(12) "49.33;-86.59"
+}
+array(4) {
+  ["author"]=>
+  unicode(4) "name"
+  ["keywords"]=>
+  unicode(17) "php documentation"
+  ["description"]=>
+  unicode(12) "a php manual"
+  ["geo_position"]=>
+  unicode(12) "49.33;-86.59"
+}
+array(1) {
+  ["keywords"]=>
+  unicode(17) "php documentation"
+}
+array(1) {
+  ["keywords"]=>
+  unicode(17) "php documentation"
+}
+array(0) {
+}
+array(0) {
+}
+array(0) {
+}
+array(0) {
+}
+Done