From: Felipe Pena Date: Tue, 24 May 2011 23:49:26 +0000 (+0000) Subject: - Fixed bug #50363 (Invalid parsing in convert.quoted-printable-decode filter) X-Git-Tag: php-5.3.7RC1~77 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=4bf9334a82007c45809154264cc4e3e186871cd4;p=php - Fixed bug #50363 (Invalid parsing in convert.quoted-printable-decode filter) Patch by: slusarz at curecanti dot org --- diff --git a/NEWS b/NEWS index 5ab2c4a844..135b4a6952 100644 --- a/NEWS +++ b/NEWS @@ -40,6 +40,8 @@ PHP NEWS . Fixed bug #54866 (incorrect accounting for realpath_cache_size) (Dustin Ward) . Fixed bug #54721 (Different Hashes on Windows, BSD and Linux on wrong Salt size) (Pierre, os at irj dot ru) + . Fixed bug #50363 (Invalid parsing in convert.quoted-printable-decode filter). + (slusarz at curecanti dot org) - Apache2 Handler SAPI: . Fixed bug #54529 (SAPI crashes on apache_config.c:197). diff --git a/ext/standard/filters.c b/ext/standard/filters.c index 2685405347..2f1e3dc706 100644 --- a/ext/standard/filters.c +++ b/ext/standard/filters.c @@ -1050,20 +1050,16 @@ static php_conv_err_t php_conv_qprint_decode_convert(php_conv_qprint_decode *ins } } /* break is missing intentionally */ - case 2: { - unsigned int nbl; - + case 2: { if (icnt <= 0) { goto out; } - nbl = (*ps >= 'A' ? *ps - 0x37 : *ps - 0x30); - if (nbl > 15) { + if (!isxdigit((int) *ps)) { err = PHP_CONV_ERR_INVALID_SEQ; goto out; } - next_char = (next_char << 4) | nbl; - + next_char = (next_char << 4) | (*ps >= 'A' ? *ps - 0x37 : *ps - 0x30); scan_stat++; ps++, icnt--; if (scan_stat != 3) { diff --git a/ext/standard/tests/filters/bug50363.phpt b/ext/standard/tests/filters/bug50363.phpt new file mode 100644 index 0000000000..3395edebc4 --- /dev/null +++ b/ext/standard/tests/filters/bug50363.phpt @@ -0,0 +1,17 @@ +--TEST-- +Bug #50363 (Invalid parsing in convert.quoted-printable-decode filter) +--FILE-- + +--EXPECTF-- +Sauvegarderéussi(e) não NÃO +Sauvegarderéussi(e) não NÃO