From: Antony Dovgal <tony2001@php.net>
Date: Wed, 11 Oct 2006 12:53:38 +0000 (+0000)
Subject: fix crash when parsing invalid hostnames/IPs
X-Git-Tag: RELEASE_1_0_0RC1~1315
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=729ed6eafca0aea45efe8d4d9a7885ab5deacb9b;p=php

fix crash when parsing invalid hostnames/IPs
---

diff --git a/ext/standard/tests/file/stream_002.phpt b/ext/standard/tests/file/stream_002.phpt
new file mode 100644
index 0000000000..23bed66d94
--- /dev/null
+++ b/ext/standard/tests/file/stream_002.phpt
@@ -0,0 +1,84 @@
+--TEST--
+stream_socket_client() and invalid arguments
+--FILE--
+<?php
+
+$a = NULL;
+$b = NULL;
+var_dump(stream_socket_client("", $a, $b));
+var_dump($a, $b);
+var_dump(stream_socket_client("[", $a, $b));
+var_dump($a, $b);
+var_dump(stream_socket_client("[ ", $a, $b));
+var_dump($a, $b);
+var_dump(stream_socket_client(".", $a, $b));
+var_dump($a, $b);
+var_dump(stream_socket_client(1, $a, $b));
+var_dump($a, $b);
+var_dump(stream_socket_client(array(), $a, $b));
+var_dump($a, $b);
+
+echo "Done\n";
+?>
+--EXPECTF--	
+Warning: stream_socket_client(): unable to connect to  (Failed to parse address "") in %s on line %d
+bool(false)
+int(0)
+string(26) "Failed to parse address """
+
+Warning: stream_socket_client(): unable to connect to [ (Failed to parse address "[") in %s on line %d
+bool(false)
+int(0)
+string(27) "Failed to parse address "[""
+
+Warning: stream_socket_client(): unable to connect to [  (Failed to parse IPv6 address "[ ") in %s on line %d
+bool(false)
+int(0)
+string(33) "Failed to parse IPv6 address "[ ""
+
+Warning: stream_socket_client(): unable to connect to . (Failed to parse address ".") in %s on line %d
+bool(false)
+int(0)
+string(27) "Failed to parse address ".""
+
+Warning: stream_socket_client(): unable to connect to 1 (Failed to parse address "1") in %s on line %d
+bool(false)
+int(0)
+string(27) "Failed to parse address "1""
+
+Warning: stream_socket_client() expects parameter 1 to be string, array given in %s on line %d
+bool(false)
+int(0)
+string(27) "Failed to parse address "1""
+Done
+--UEXPECTF--
+Warning: stream_socket_client(): unable to connect to  (Failed to parse address "") in %s on line %d
+bool(false)
+int(0)
+unicode(26) "Failed to parse address """
+
+Warning: stream_socket_client(): unable to connect to [ (Failed to parse address "[") in %s on line %d
+bool(false)
+int(0)
+unicode(27) "Failed to parse address "[""
+
+Warning: stream_socket_client(): unable to connect to [  (Failed to parse IPv6 address "[ ") in %s on line %d
+bool(false)
+int(0)
+unicode(33) "Failed to parse IPv6 address "[ ""
+
+Warning: stream_socket_client(): unable to connect to . (Failed to parse address ".") in %s on line %d
+bool(false)
+int(0)
+unicode(27) "Failed to parse address ".""
+
+Warning: stream_socket_client(): unable to connect to 1 (Failed to parse address "1") in %s on line %d
+bool(false)
+int(0)
+unicode(27) "Failed to parse address "1""
+
+Warning: stream_socket_client() expects parameter 1 to be binary string, array given in %s on line %d
+bool(false)
+int(0)
+unicode(27) "Failed to parse address "1""
+Done
diff --git a/main/streams/xp_socket.c b/main/streams/xp_socket.c
index 307399dbe3..86c9e5283a 100644
--- a/main/streams/xp_socket.c
+++ b/main/streams/xp_socket.c
@@ -495,7 +495,7 @@ static inline char *parse_ip_address_ex(const char *str, int str_len, int *portn
 #ifdef HAVE_IPV6
 	char *p;
 
-	if (*(str) == '[') {
+	if (*(str) == '[' && str_len > 1) {
 		/* IPV6 notation to specify raw address with port (i.e. [fe80::1]:80) */
 		p = memchr(str + 1, ']', str_len - 2);
 		if (!p || *(p + 1) != ':') {
@@ -508,8 +508,11 @@ static inline char *parse_ip_address_ex(const char *str, int str_len, int *portn
 		return estrndup(str + 1, p - str - 1);
 	}
 #endif
-
-	colon = memchr(str, ':', str_len - 1);
+	if (str_len) {
+		colon = memchr(str, ':', str_len - 1);
+	} else {
+		colon = NULL;
+	}
 	if (colon) {
 		*portno = atoi(colon + 1);
 		host = estrndup(str, colon - str);