From 729ed6eafca0aea45efe8d4d9a7885ab5deacb9b Mon Sep 17 00:00:00 2001 From: Antony Dovgal Date: Wed, 11 Oct 2006 12:53:38 +0000 Subject: [PATCH] fix crash when parsing invalid hostnames/IPs --- ext/standard/tests/file/stream_002.phpt | 84 +++++++++++++++++++++++++ main/streams/xp_socket.c | 9 ++- 2 files changed, 90 insertions(+), 3 deletions(-) create mode 100644 ext/standard/tests/file/stream_002.phpt diff --git a/ext/standard/tests/file/stream_002.phpt b/ext/standard/tests/file/stream_002.phpt new file mode 100644 index 0000000000..23bed66d94 --- /dev/null +++ b/ext/standard/tests/file/stream_002.phpt @@ -0,0 +1,84 @@ +--TEST-- +stream_socket_client() and invalid arguments +--FILE-- + +--EXPECTF-- +Warning: stream_socket_client(): unable to connect to (Failed to parse address "") in %s on line %d +bool(false) +int(0) +string(26) "Failed to parse address """ + +Warning: stream_socket_client(): unable to connect to [ (Failed to parse address "[") in %s on line %d +bool(false) +int(0) +string(27) "Failed to parse address "["" + +Warning: stream_socket_client(): unable to connect to [ (Failed to parse IPv6 address "[ ") in %s on line %d +bool(false) +int(0) +string(33) "Failed to parse IPv6 address "[ "" + +Warning: stream_socket_client(): unable to connect to . (Failed to parse address ".") in %s on line %d +bool(false) +int(0) +string(27) "Failed to parse address "."" + +Warning: stream_socket_client(): unable to connect to 1 (Failed to parse address "1") in %s on line %d +bool(false) +int(0) +string(27) "Failed to parse address "1"" + +Warning: stream_socket_client() expects parameter 1 to be string, array given in %s on line %d +bool(false) +int(0) +string(27) "Failed to parse address "1"" +Done +--UEXPECTF-- +Warning: stream_socket_client(): unable to connect to (Failed to parse address "") in %s on line %d +bool(false) +int(0) +unicode(26) "Failed to parse address """ + +Warning: stream_socket_client(): unable to connect to [ (Failed to parse address "[") in %s on line %d +bool(false) +int(0) +unicode(27) "Failed to parse address "["" + +Warning: stream_socket_client(): unable to connect to [ (Failed to parse IPv6 address "[ ") in %s on line %d +bool(false) +int(0) +unicode(33) "Failed to parse IPv6 address "[ "" + +Warning: stream_socket_client(): unable to connect to . (Failed to parse address ".") in %s on line %d +bool(false) +int(0) +unicode(27) "Failed to parse address "."" + +Warning: stream_socket_client(): unable to connect to 1 (Failed to parse address "1") in %s on line %d +bool(false) +int(0) +unicode(27) "Failed to parse address "1"" + +Warning: stream_socket_client() expects parameter 1 to be binary string, array given in %s on line %d +bool(false) +int(0) +unicode(27) "Failed to parse address "1"" +Done diff --git a/main/streams/xp_socket.c b/main/streams/xp_socket.c index 307399dbe3..86c9e5283a 100644 --- a/main/streams/xp_socket.c +++ b/main/streams/xp_socket.c @@ -495,7 +495,7 @@ static inline char *parse_ip_address_ex(const char *str, int str_len, int *portn #ifdef HAVE_IPV6 char *p; - if (*(str) == '[') { + if (*(str) == '[' && str_len > 1) { /* IPV6 notation to specify raw address with port (i.e. [fe80::1]:80) */ p = memchr(str + 1, ']', str_len - 2); if (!p || *(p + 1) != ':') { @@ -508,8 +508,11 @@ static inline char *parse_ip_address_ex(const char *str, int str_len, int *portn return estrndup(str + 1, p - str - 1); } #endif - - colon = memchr(str, ':', str_len - 1); + if (str_len) { + colon = memchr(str, ':', str_len - 1); + } else { + colon = NULL; + } if (colon) { *portno = atoi(colon + 1); host = estrndup(str, colon - str); -- 2.40.0