From 260c07db850266d2d65cff446ec98d4a4752d41c Mon Sep 17 00:00:00 2001 From: =?utf8?q?Lauri=20Kentt=C3=A4?= Date: Wed, 25 May 2016 21:02:41 +0300 Subject: [PATCH] base64_decode: fix bug #72152 (fail on NUL bytes in strict mode) This added check is actually for NOT failing in NON-strict mode. The ch == -2 check later causes the desired failure in strict mode. --- ext/standard/base64.c | 7 ++++++- ext/standard/tests/strings/bug72152.phpt | 11 +++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) create mode 100644 ext/standard/tests/strings/bug72152.phpt diff --git a/ext/standard/base64.c b/ext/standard/base64.c index e8d7f04aa4..6c890e34fc 100644 --- a/ext/standard/base64.c +++ b/ext/standard/base64.c @@ -143,7 +143,12 @@ PHPAPI zend_string *php_base64_decode_ex(const unsigned char *str, size_t length result = zend_string_alloc(length, 0); /* run through the whole string, converting as we go */ - while (length-- > 0 && (ch = *current++) != '\0') { + while (length-- > 0) { + ch = *current++; + /* stop on null byte in non-strict mode (FIXME: is this really desired?) */ + if (ch == 0 && !strict) { + break; + } if (ch == base64_pad) { /* fail if the padding character is second in a group (like V===) */ /* FIXME: why do we still allow invalid padding in other places in the middle of the string? */ diff --git a/ext/standard/tests/strings/bug72152.phpt b/ext/standard/tests/strings/bug72152.phpt new file mode 100644 index 0000000000..440a90e057 --- /dev/null +++ b/ext/standard/tests/strings/bug72152.phpt @@ -0,0 +1,11 @@ +--TEST-- +Bug #72152 (base64_decode $strict fails to detect null byte) +--FILE-- +