From d506ce8d941f9edd74fdde954decd1fe7c56086a Mon Sep 17 00:00:00 2001
From: Ilia Alshanetsky <iliaa@php.net>
Date: Wed, 1 Dec 2010 14:03:36 +0000
Subject: [PATCH] Fixed bug #51250 (iconv_mime_decode() does not ignore
 malformed Q-encoded words)

---
 NEWS                          |  4 ++++
 ext/iconv/iconv.c             |  4 ++--
 ext/iconv/tests/bug51250.phpt | 29 +++++++++++++++++++++++++++++
 3 files changed, 35 insertions(+), 2 deletions(-)
 create mode 100644 ext/iconv/tests/bug51250.phpt

diff --git a/NEWS b/NEWS
index 06447cd5da..eb51f45201 100644
--- a/NEWS
+++ b/NEWS
@@ -25,6 +25,10 @@
 - Hash extension:
   . Fixed bug #51003 (unaligned memory access in ext/hash/hash_tiger.c).
     (Mike, Ilia)
+
+- Iconv extension:
+  . Fixed bug #51250 (iconv_mime_decode() does not ignore malformed Q-encoded 
+    words). (Ilia)
     
 - Intl extension:
   . Fixed crashes on invalid parameters in intl extension. (Stas, Maksymilian
diff --git a/ext/iconv/iconv.c b/ext/iconv/iconv.c
index b1a9c0dd0e..bb977d9761 100644
--- a/ext/iconv/iconv.c
+++ b/ext/iconv/iconv.c
@@ -1698,10 +1698,10 @@ static php_iconv_err_t _php_iconv_mime_decode(smart_str *pretval, const char *st
 							if ((mode & PHP_ICONV_MIME_DECODE_CONTINUE_ON_ERROR)) {
 								/* pass the entire chunk through the converter */
 								err = _php_iconv_appendl(pretval, encoded_word, (size_t)(p1 - encoded_word), cd_pl); 
+								encoded_word = NULL;
 								if (err != PHP_ICONV_ERR_SUCCESS) {
-									goto out;
+									break;
 								}
-								encoded_word = NULL;
 							} else {
 								goto out;
 							}
diff --git a/ext/iconv/tests/bug51250.phpt b/ext/iconv/tests/bug51250.phpt
new file mode 100644
index 0000000000..fd2e53b97a
--- /dev/null
+++ b/ext/iconv/tests/bug51250.phpt
@@ -0,0 +1,29 @@
+--TEST--
+Bug #51250 (iconv_mime_decode() does not ignore malformed Q-encoded words)
+--SKIPIF--
+<?php extension_loaded('iconv') or die('skip iconv extension is not available'); ?>
+--FILE--
+<?php
+$m = ICONV_MIME_DECODE_CONTINUE_ON_ERROR;
+
+var_dump(iconv_mime_decode("Legal encoded-word: =?utf-8?B?Kg==?= .", $m));
+var_dump(iconv_mime_decode("Legal encoded-word: =?utf-8?Q?*?= .", $m));
+var_dump(iconv_mime_decode("Illegal encoded-word: =?utf-8?B?".chr(0xA1)."?= .", $m));
+var_dump(iconv_mime_decode("Illegal encoded-word: =?utf-8?Q?".chr(0xA1)."?= .", $m));
+
+var_dump(iconv_mime_decode("Legal encoded-word: =?utf-8?B?Kg==?= ."));
+var_dump(iconv_mime_decode("Legal encoded-word: =?utf-8?Q?*?= ."));
+var_dump(iconv_mime_decode("Illegal encoded-word: =?utf-8?B?".chr(0xA1)."?= ."));
+var_dump(iconv_mime_decode("Illegal encoded-word: =?utf-8?Q?".chr(0xA1)."?= ."));
+?>
+--EXPECTF--
+string(23) "Legal encoded-word: * ."
+string(23) "Legal encoded-word: * ."
+string(24) "Illegal encoded-word:  ."
+string(23) "Illegal encoded-word: ."
+string(23) "Legal encoded-word: * ."
+string(23) "Legal encoded-word: * ."
+string(24) "Illegal encoded-word:  ."
+
+Notice: iconv_mime_decode(): Detected an illegal character in input string in %s on line %d
+bool(false)
-- 
2.40.0