From a63f5d1c3f9980499a523a2565c855bbdf98f6a9 Mon Sep 17 00:00:00 2001
From: Ilia Alshanetsky <iliaa@php.net>
Date: Fri, 6 May 2005 02:13:46 +0000
Subject: [PATCH] Fixed bug #32936 (http redirects URLs are not checked for
 control chars).

---
 ext/standard/http_fopen_wrapper.c | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/ext/standard/http_fopen_wrapper.c b/ext/standard/http_fopen_wrapper.c
index db7e5ee54c..066af3cb24 100644
--- a/ext/standard/http_fopen_wrapper.c
+++ b/ext/standard/http_fopen_wrapper.c
@@ -551,6 +551,34 @@ php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper, char *path,
 			} else {
 				strlcpy(new_path, location, sizeof(new_path));
 			}
+
+			php_url_free(resource);
+			/* check for invalid redirection URLs */
+			if ((resource = php_url_parse(new_path)) == NULL) {
+				php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "Invalid redirect url! %s", new_path);
+				goto out;
+			}
+
+#define CHECK_FOR_CNTRL_CHARS(val) {	\
+	if (val) {	\
+		unsigned char *s, *e;	\
+		int l;	\
+		l = php_url_decode(val, strlen(val));	\
+		s = val; e = s + l;	\
+		while (s < e) {	\
+			if (iscntrl(*s)) {	\
+				php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "Invalid redirect url! %s", new_path);	\
+				goto out;	\
+			}	\
+			s++;	\
+		}	\
+	}	\
+}	\
+			/* check for control characters in login, password & path */
+			CHECK_FOR_CNTRL_CHARS(resource->user)
+			CHECK_FOR_CNTRL_CHARS(resource->pass)
+			CHECK_FOR_CNTRL_CHARS(resource->path)
+
 			stream = php_stream_url_wrap_http_ex(wrapper, new_path, mode, options, opened_path, context, --redirect_max, 0 STREAMS_CC TSRMLS_CC);
 			if (stream && stream->wrapperdata)	{
 				entryp = &entry;
-- 
2.50.1