From: Ilia Alshanetsky Date: Mon, 20 Sep 2004 05:14:35 +0000 (+0000) Subject: MFH: Fixed bug #29913 (parse_url() is now binary safe). X-Git-Tag: php-5.0.2~9 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=6fcc1515cba0d4719bf1edd831d242db9bc72f0f;p=php MFH: Fixed bug #29913 (parse_url() is now binary safe). --- diff --git a/NEWS b/NEWS index 9812b12733..5b440fd074 100644 --- a/NEWS +++ b/NEWS @@ -43,6 +43,7 @@ PHP NEWS - Fixed bug #29447 (Reflection API issues). (Marcus) - Fixed bug #29296 (Added sslv2 and sslv3 transports). (Wez) - Fixed bug #29283 (Invalid statement handle in mysqli on execute). (Georg) +- Fixed bug #29913 (parse_url() is now binary safe). (Ilia) - Fixed bug #27994 (segfault with Soapserver when WSDL-Cache is enabled). (Dmitry) - Fixed bug #27791 (Apache 2.0 SAPI build against Apache 2 HEAD). (Joe Orton, diff --git a/ext/standard/url.c b/ext/standard/url.c index 9055583ec3..558c105dbd 100644 --- a/ext/standard/url.c +++ b/ext/standard/url.c @@ -60,15 +60,16 @@ PHPAPI void php_url_free(php_url *theurl) /* {{{ php_replace_controlchars */ -PHPAPI char *php_replace_controlchars(char *str) +PHPAPI char *php_replace_controlchars_ex(char *str, int len) { unsigned char *s = (unsigned char *)str; + unsigned char *e = (unsigned char *)str + len; if (!str) { return (NULL); } - while (*s) { + while (s < e) { if (iscntrl(*s)) { *s='_'; @@ -79,13 +80,21 @@ PHPAPI char *php_replace_controlchars(char *str) return (str); } /* }}} */ - + +PHPAPI char *php_replace_controlchars(char *str) +{ + return php_replace_controlchars_ex(str, strlen(str)); +} + +PHPAPI php_url *php_url_parse(char const *str) +{ + return php_url_parse_ex(str, strlen(str)); +} /* {{{ php_url_parse */ -PHPAPI php_url *php_url_parse(char const *str) +PHPAPI php_url *php_url_parse_ex(char const *str, int length) { - int length = strlen(str); char port_buf[6]; php_url *ret = ecalloc(1, sizeof(php_url)); char const *s, *e, *p, *pp, *ue; @@ -94,7 +103,7 @@ PHPAPI php_url *php_url_parse(char const *str) ue = s + length; /* parse scheme */ - if ((e = strchr(s, ':')) && (e-s)) { + if ((e = memchr(s, ':', length)) && (e - s)) { /* * certain schemas like mailto: and zlib: may not have any / after them * this check ensures we support those. @@ -113,14 +122,14 @@ PHPAPI php_url *php_url_parse(char const *str) } ret->scheme = estrndup(s, (e-s)); - php_replace_controlchars(ret->scheme); + php_replace_controlchars_ex(ret->scheme, (e - s)); length -= ++e - s; s = e; goto just_path; } else { ret->scheme = estrndup(s, (e-s)); - php_replace_controlchars(ret->scheme); + php_replace_controlchars_ex(ret->scheme, (e - s)); if (*(e+2) == '/') { s = e + 3; @@ -136,8 +145,8 @@ PHPAPI php_url *php_url_parse(char const *str) } } } else { - s = e + 1; if (!strncasecmp("file", ret->scheme, sizeof("file"))) { + s = e + 1; goto nohost; } else { length -= ++e - s; @@ -170,8 +179,8 @@ PHPAPI php_url *php_url_parse(char const *str) e = ue; - if (!(p = strchr(s, '/'))) { - if ((p = strchr(s, '?'))) { + if (!(p = memchr(s, '/', (ue - s)))) { + if ((p = memchr(s, '?', (ue - s)))) { e = p; } } else { @@ -183,17 +192,17 @@ PHPAPI php_url *php_url_parse(char const *str) if ((pp = memchr(s, ':', (p-s)))) { if ((pp-s) > 0) { ret->user = estrndup(s, (pp-s)); - php_replace_controlchars(ret->user); + php_replace_controlchars_ex(ret->user, (pp - s)); } pp++; if (p-pp > 0) { ret->pass = estrndup(pp, (p-pp)); - php_replace_controlchars(ret->pass); + php_replace_controlchars_ex(ret->pass, (p-pp)); } } else { ret->user = estrndup(s, (p-s)); - php_replace_controlchars(ret->user); + php_replace_controlchars_ex(ret->user, (p-s)); } s = p + 1; @@ -241,7 +250,7 @@ PHPAPI php_url *php_url_parse(char const *str) } ret->host = estrndup(s, (p-s)); - php_replace_controlchars(ret->host); + php_replace_controlchars_ex(ret->host, (p - s)); if (e == ue) { return ret; @@ -251,7 +260,7 @@ PHPAPI php_url *php_url_parse(char const *str) nohost: - if ((p = strchr(s, '?'))) { + if ((p = memchr(s, '?', (ue - s)))) { pp = strchr(s, '#'); if (pp && pp < p) { @@ -261,24 +270,24 @@ PHPAPI php_url *php_url_parse(char const *str) if (p - s) { ret->path = estrndup(s, (p-s)); - php_replace_controlchars(ret->path); + php_replace_controlchars_ex(ret->path, (p - s)); } if (pp) { if (pp - ++p) { ret->query = estrndup(p, (pp-p)); - php_replace_controlchars(ret->query); + php_replace_controlchars_ex(ret->query, (pp - p)); } p = pp; goto label_parse; } else if (++p - ue) { ret->query = estrndup(p, (ue-p)); - php_replace_controlchars(ret->query); + php_replace_controlchars_ex(ret->query, (ue - p)); } - } else if ((p = strchr(s, '#'))) { + } else if ((p = memchr(s, '#', (ue - s)))) { if (p - s) { ret->path = estrndup(s, (p-s)); - php_replace_controlchars(ret->path); + php_replace_controlchars_ex(ret->path, (p - s)); } label_parse: @@ -286,11 +295,11 @@ PHPAPI php_url *php_url_parse(char const *str) if (ue - p) { ret->fragment = estrndup(p, (ue-p)); - php_replace_controlchars(ret->fragment); + php_replace_controlchars_ex(ret->fragment, (ue - p)); } } else { ret->path = estrndup(s, (ue-s)); - php_replace_controlchars(ret->path); + php_replace_controlchars_ex(ret->path, (ue - s)); } return ret; @@ -309,7 +318,7 @@ PHP_FUNCTION(parse_url) return; } - resource = php_url_parse(str); + resource = php_url_parse_ex(str, str_len); if (resource == NULL) { php_error_docref1(NULL TSRMLS_CC, str, E_WARNING, "Unable to parse url"); RETURN_FALSE; diff --git a/ext/standard/url.h b/ext/standard/url.h index 709e830c26..da15cf71ce 100644 --- a/ext/standard/url.h +++ b/ext/standard/url.h @@ -33,6 +33,7 @@ typedef struct php_url { PHPAPI void php_url_free(php_url *theurl); PHPAPI php_url *php_url_parse(char const *str); +PHPAPI php_url *php_url_parse_ex(char const *str, int length); PHPAPI int php_url_decode(char *str, int len); /* return value: length of decoded string */ PHPAPI int php_raw_url_decode(char *str, int len); /* return value: length of decoded string */ PHPAPI char *php_url_encode(char const *s, int len, int *new_length);