Created
July 21, 2020 09:09
-
-
Save cmb69/8913228da173d01a07a5c461d3f36b77 to your computer and use it in GitHub Desktop.
PHP bug #79877
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
From dab2525990fc52a30a10db75acf3a548efc1279e Mon Sep 17 00:00:00 2001 | |
From: "Christoph M. Becker" <cmbecker69@gmx.de> | |
Date: Tue, 21 Jul 2020 11:07:43 +0200 | |
Subject: [PATCH] Fix #79877: getimagesize function silently truncates after a | |
null byte | |
We have to check for NUL bytes if `getimagesize()` has been called. | |
--- | |
ext/standard/image.c | 5 +++++ | |
ext/standard/tests/image/bug79877.phpt | 9 +++++++++ | |
2 files changed, 14 insertions(+) | |
create mode 100644 ext/standard/tests/image/bug79877.phpt | |
diff --git a/ext/standard/image.c b/ext/standard/image.c | |
index c634727ea3..4e63411904 100644 | |
--- a/ext/standard/image.c | |
+++ b/ext/standard/image.c | |
@@ -1478,6 +1478,11 @@ static void php_getimagesize_from_any(INTERNAL_FUNCTION_PARAMETERS, int mode) { | |
Z_PARAM_ZVAL_DEREF(info) | |
ZEND_PARSE_PARAMETERS_END(); | |
+ if (mode == FROM_PATH && CHECK_NULL_PATH(input, input_len)) { | |
+ php_error_docref(NULL, E_WARNING, "Invalid path"); | |
+ return; | |
+ } | |
+ | |
if (argc == 2) { | |
zval_ptr_dtor(info); | |
array_init(info); | |
diff --git a/ext/standard/tests/image/bug79877.phpt b/ext/standard/tests/image/bug79877.phpt | |
new file mode 100644 | |
index 0000000000..92e93e59e5 | |
--- /dev/null | |
+++ b/ext/standard/tests/image/bug79877.phpt | |
@@ -0,0 +1,9 @@ | |
+--TEST-- | |
+Bug #79877 (getimagesize function silently truncates after a null byte) | |
+--FILE-- | |
+<?php | |
+var_dump(getimagesize("/tmp/a.png\0xx")); | |
+?> | |
+--EXPECTF-- | |
+Warning: getimagesize(): Invalid path in %s on line %d | |
+NULL | |
-- | |
2.27.0.windows.1 | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment