cmb69/0001-Fix-78862-link-silently-truncates-after-a-null-byte-.patch Secret

## 0001-Fix-78862-link-silently-truncates-after-a-null-byte-.patch
From 42648662b0cc668ea159a257fd8bc8194b2e15af Mon Sep 17 00:00:00 2001
From: "Christoph M. Becker" <cmbecker69@gmx.de>
Date: Sat, 23 Nov 2019 13:01:33 +0100
Subject: [PATCH] Fix #78862: link() silently truncates after a null byte on
 Windows

Since link() is supposed to accepts paths (i.e. strings without NUL
bytes), we must not accept arbitrary strings.
---
 ext/standard/link_win32.c                       |  2 +-
 .../tests/file/windows_links/bug78862.phpt      | 17 +++++++++++++++++
 2 files changed, 18 insertions(+), 1 deletion(-)
 create mode 100644 ext/standard/tests/file/windows_links/bug78862.phpt

diff --git a/ext/standard/link_win32.c b/ext/standard/link_win32.c
index b46dee6a26..0197ec02af 100644
--- a/ext/standard/link_win32.c
+++ b/ext/standard/link_win32.c
@@ -211,7 +211,7 @@ PHP_FUNCTION(link)

 	/*First argument to link function is the target and hence should go to frompath
 	  Second argument to link function is the link itself and hence should go to topath */
-	if (zend_parse_parameters(ZEND_NUM_ARGS(), "ss", &frompath, &frompath_len, &topath, &topath_len) == FAILURE) {
+	if (zend_parse_parameters(ZEND_NUM_ARGS(), "pp", &frompath, &frompath_len, &topath, &topath_len) == FAILURE) {
 		return;
 	}

diff --git a/ext/standard/tests/file/windows_links/bug78862.phpt b/ext/standard/tests/file/windows_links/bug78862.phpt
new file mode 100644
index 0000000000..33b4b49293
--- /dev/null
+++ b/ext/standard/tests/file/windows_links/bug78862.phpt
@@ -0,0 +1,17 @@
+--TEST--
+Bug #78862 (link() silently truncates after a null byte on Windows)
+--FILE--
+<?php
+file_put_contents(__DIR__ . '/bug78862.target', 'foo');
+var_dump(link(__DIR__ . "/bug78862.target\0more", __DIR__ . "/bug78862.link\0more"));
+var_dump(file_exists(__DIR__ . '/bug78862.link'));
+?>
+--EXPECTF--
+Warning: link() expects parameter 1 to be a valid path, string given in %s on line %d
+NULL
+bool(false)
+--CLEAN--
+<?php
+unlink(__DIR__ . '/bug78862.target');
+unlink(__DIR__ . '/bug78862.link');
+?>
--
2.24.0.windows.1
	From 42648662b0cc668ea159a257fd8bc8194b2e15af Mon Sep 17 00:00:00 2001
	From: "Christoph M. Becker" <cmbecker69@gmx.de>
	Date: Sat, 23 Nov 2019 13:01:33 +0100
	Subject: [PATCH] Fix #78862: link() silently truncates after a null byte on
	Windows

	Since link() is supposed to accepts paths (i.e. strings without NUL
	bytes), we must not accept arbitrary strings.
	---
	ext/standard/link_win32.c \| 2 +-
	.../tests/file/windows_links/bug78862.phpt \| 17 +++++++++++++++++
	2 files changed, 18 insertions(+), 1 deletion(-)
	create mode 100644 ext/standard/tests/file/windows_links/bug78862.phpt

	diff --git a/ext/standard/link_win32.c b/ext/standard/link_win32.c
	index b46dee6a26..0197ec02af 100644
	--- a/ext/standard/link_win32.c
	+++ b/ext/standard/link_win32.c
	@@ -211,7 +211,7 @@ PHP_FUNCTION(link)

	/*First argument to link function is the target and hence should go to frompath
	Second argument to link function is the link itself and hence should go to topath */
	- if (zend_parse_parameters(ZEND_NUM_ARGS(), "ss", &frompath, &frompath_len, &topath, &topath_len) == FAILURE) {
	+ if (zend_parse_parameters(ZEND_NUM_ARGS(), "pp", &frompath, &frompath_len, &topath, &topath_len) == FAILURE) {
	return;
	}

	diff --git a/ext/standard/tests/file/windows_links/bug78862.phpt b/ext/standard/tests/file/windows_links/bug78862.phpt
	new file mode 100644
	index 0000000000..33b4b49293
	--- /dev/null
	+++ b/ext/standard/tests/file/windows_links/bug78862.phpt
	@@ -0,0 +1,17 @@
	+--TEST--
	+Bug #78862 (link() silently truncates after a null byte on Windows)
	+--FILE--
	+<?php
	+file_put_contents(__DIR__ . '/bug78862.target', 'foo');
	+var_dump(link(__DIR__ . "/bug78862.target\0more", __DIR__ . "/bug78862.link\0more"));
	+var_dump(file_exists(__DIR__ . '/bug78862.link'));
	+?>
	+--EXPECTF--
	+Warning: link() expects parameter 1 to be a valid path, string given in %s on line %d
	+NULL
	+bool(false)
	+--CLEAN--
	+<?php
	+unlink(__DIR__ . '/bug78862.target');
	+unlink(__DIR__ . '/bug78862.link');
	+?>
	--
	2.24.0.windows.1