From: Lauri Kenttä <lauri.kentta@gmail.com>
Date: Wed, 25 May 2016 18:02:41 +0000 (+0300)
Subject: base64_decode: fix bug #72152 (fail on NUL bytes in strict mode)
X-Git-Tag: php-7.1.0beta1~154^2~4
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b9c9be13ccbf48c02ad01e19f4fce20c104a003e;p=php

base64_decode: fix bug #72152 (fail on NUL bytes in strict mode)

This added check is actually for NOT failing in NON-strict mode.
The ch == -2 check later causes the desired failure in strict mode.
---

diff --git a/ext/standard/base64.c b/ext/standard/base64.c
index e8d7f04aa4..6c890e34fc 100644
--- a/ext/standard/base64.c
+++ b/ext/standard/base64.c
@@ -143,7 +143,12 @@ PHPAPI zend_string *php_base64_decode_ex(const unsigned char *str, size_t length
 	result = zend_string_alloc(length, 0);
 
 	/* run through the whole string, converting as we go */
-	while (length-- > 0 && (ch = *current++) != '\0') {
+	while (length-- > 0) {
+		ch = *current++;
+		/* stop on null byte in non-strict mode (FIXME: is this really desired?) */
+		if (ch == 0 && !strict) {
+			break;
+		}
 		if (ch == base64_pad) {
 			/* fail if the padding character is second in a group (like V===) */
 			/* FIXME: why do we still allow invalid padding in other places in the middle of the string? */
diff --git a/ext/standard/tests/strings/bug72152.phpt b/ext/standard/tests/strings/bug72152.phpt
new file mode 100644
index 0000000000..440a90e057
--- /dev/null
+++ b/ext/standard/tests/strings/bug72152.phpt
@@ -0,0 +1,11 @@
+--TEST--
+Bug #72152 (base64_decode $strict fails to detect null byte)
+--FILE--
+<?php
+var_dump(base64_decode("\x00", true));
+var_dump(base64_decode("\x00VVVV", true));
+var_dump(base64_decode("VVVV\x00", true));
+--EXPECT--
+bool(false)
+bool(false)
+bool(false)