Created
January 2, 2019 01:17
-
-
Save smalyshev/498c26052eb24b763888cf0fce5decd5 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
commit d4f58f35c369e5831fad27401cd9fe0d5aef62d5 | |
Author: Stanislav Malyshev <stas@php.net> | |
Date: Tue Jan 1 17:15:20 2019 -0800 | |
Fix bug #77380 (Global out of bounds read in xmlrpc base64 code) | |
diff --git a/ext/xmlrpc/libxmlrpc/base64.c b/ext/xmlrpc/libxmlrpc/base64.c | |
index 5ebdf31f7a..a4fa19327b 100644 | |
--- a/ext/xmlrpc/libxmlrpc/base64.c | |
+++ b/ext/xmlrpc/libxmlrpc/base64.c | |
@@ -77,7 +77,7 @@ void base64_encode_xmlrpc(struct buffer_st *b, const char *source, int length) | |
while (!hiteof) { | |
unsigned char igroup[3], ogroup[4]; | |
- int c, n; | |
+ int c, n; | |
igroup[0] = igroup[1] = igroup[2] = 0; | |
for (n = 0; n < 3; n++) { | |
@@ -169,7 +169,7 @@ void base64_decode_xmlrpc(struct buffer_st *bfr, const char *source, int length) | |
return; | |
} | |
- if (dtable[c] & 0x80) { | |
+ if (dtable[(unsigned char)c] & 0x80) { | |
/* | |
fprintf(stderr, "Offset %i length %i\n", offset, length); | |
fprintf(stderr, "character '%c:%x:%c' in input file.\n", c, c, dtable[c]); | |
diff --git a/ext/xmlrpc/tests/bug77380.phpt b/ext/xmlrpc/tests/bug77380.phpt | |
new file mode 100644 | |
index 0000000000..8559c07a5a | |
--- /dev/null | |
+++ b/ext/xmlrpc/tests/bug77380.phpt | |
@@ -0,0 +1,17 @@ | |
+--TEST-- | |
+Bug #77380 (Global out of bounds read in xmlrpc base64 code) | |
+--SKIPIF-- | |
+<?php | |
+if (!extension_loaded("xmlrpc")) print "skip"; | |
+?> | |
+--FILE-- | |
+<?php | |
+var_dump(xmlrpc_decode(base64_decode("PGJhc2U2ND7CkzwvYmFzZTY0Pgo="))); | |
+?> | |
+--EXPECT-- | |
+object(stdClass)#1 (2) { | |
+ ["scalar"]=> | |
+ string(0) "" | |
+ ["xmlrpc_type"]=> | |
+ string(6) "base64" | |
+} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment