From: Michael Wallner Date: Wed, 9 Mar 2016 09:56:20 +0000 (+0100) Subject: Merge branch 'v2.5.x' X-Git-Tag: RELEASE_3_0_1~1 X-Git-Url: https://git.m6w6.name/?a=commitdiff_plain;h=e57370d1f00da9e12de0917a9f907281ab8e84b5;hp=a38d5303f4d542ff6ccf152bf3b01641edbdf200;p=m6w6%2Fext-http Merge branch 'v2.5.x' --- diff --git a/.gitattributes b/.gitattributes index b0aef47..7159932 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,3 +1,4 @@ package.xml merge=touch php_http.h merge=touch .travis.yml merge=touch +/tests/data/bug71719.bin -diff -text diff --git a/TODO b/TODO index 33b759f..468f9c1 100644 --- a/TODO +++ b/TODO @@ -1,3 +1,4 @@ * let the message body be a simple query string unless files are added * php_http_message_serialize reverses the chain twice; remove that -* CURLOPT_PROXY_HEADER and CURLOPT_HEADEROPT \ No newline at end of file +* CURLOPT_PROXY_HEADER and CURLOPT_HEADEROPT +* CURLMOPT_PIPELINING changed to a bitmask \ No newline at end of file diff --git a/src/php_http_client_curl.c b/src/php_http_client_curl.c index e79ef15..e56f8d4 100644 --- a/src/php_http_client_curl.c +++ b/src/php_http_client_curl.c @@ -1484,7 +1484,7 @@ static void php_http_curle_options_init(php_http_options_t *registry) ZVAL_BOOL(&opt->defval, 1); opt->setter = php_http_curle_option_set_ssl_verifyhost; } -#if PHP_HTTP_CURL_VERSION(7,41,0) +#if PHP_HTTP_CURL_VERSION(7,41,0) && (defined(PHP_HTTP_HAVE_OPENSSL) || defined(PHP_HTTP_HAVE_NSS) || defined(PHP_HTTP_HAVE_GNUTLS)) php_http_option_register(registry, ZEND_STRL("verifystatus"), CURLOPT_SSL_VERIFYSTATUS, _IS_BOOL); #endif php_http_option_register(registry, ZEND_STRL("cipher_list"), CURLOPT_SSL_CIPHER_LIST, IS_STRING); @@ -2534,6 +2534,9 @@ PHP_MINIT_FUNCTION(http_client_curl) REGISTER_NS_LONG_CONSTANT("http\\Client\\Curl", "HTTP_VERSION_1_1", CURL_HTTP_VERSION_1_1, CONST_CS|CONST_PERSISTENT); #if PHP_HTTP_CURL_VERSION(7,33,0) REGISTER_NS_LONG_CONSTANT("http\\Client\\Curl", "HTTP_VERSION_2_0", CURL_HTTP_VERSION_2_0, CONST_CS|CONST_PERSISTENT); +#endif +#if PHP_HTTP_CURL_VERSION(7,47,0) + REGISTER_NS_LONG_CONSTANT("http\\Client\\Curl", "HTTP_VERSION_2TLS", CURL_HTTP_VERSION_2TLS, CONST_CS|CONST_PERSISTENT); #endif REGISTER_NS_LONG_CONSTANT("http\\Client\\Curl", "HTTP_VERSION_ANY", CURL_HTTP_VERSION_NONE, CONST_CS|CONST_PERSISTENT); diff --git a/src/php_http_url.c b/src/php_http_url.c index 4009add..3ed2e3c 100644 --- a/src/php_http_url.c +++ b/src/php_http_url.c @@ -1468,7 +1468,7 @@ static const char *parse_scheme(struct parse_state *state) case '7': case '8': case '9': case '+': case '-': case '.': if (state->ptr == tmp) { - return tmp; + goto softfail; } /* no break */ case 'A': case 'B': case 'C': case 'D': case 'E': case 'F': case 'G': @@ -1485,19 +1485,20 @@ static const char *parse_scheme(struct parse_state *state) default: if (!(mb = parse_mb(state, PARSE_SCHEME, state->ptr, state->end, tmp, 1))) { - /* soft fail; parse path next */ - return tmp; + goto softfail; } state->ptr += mb - 1; } } while (++state->ptr != state->end); +softfail: + state->offset = 0; return state->ptr = tmp; } php_http_url_t *php_http_url_parse(const char *str, size_t len, unsigned flags) { - size_t maxlen = 3 * len; + size_t maxlen = 3 * len + 8 /* null bytes for all components */; struct parse_state *state = ecalloc(1, sizeof(*state) + maxlen); state->end = str + len; diff --git a/tests/bug71719.phpt b/tests/bug71719.phpt new file mode 100644 index 0000000..f75bac9 --- /dev/null +++ b/tests/bug71719.phpt @@ -0,0 +1,25 @@ +--TEST-- +Buffer overflow in HTTP url parsing functions +--SKIPIF-- + +--FILE-- + + +===DONE=== +--EXPECTF-- +Test +%r(exception ')?%rhttp\Exception\BadMessageException%r(' with message '|: )%rhttp\Message::__construct(): Could not parse HTTP protocol version 'HTTP/%s.0'%r'?%r in %sbug71719.php:5 +Stack trace: +#0 %sbug71719.php(5): http\Message->__construct('\x80\xACTd 5 HTTP/1.1...', false) +#1 {main} +===DONE=== diff --git a/tests/data/bug71719.bin b/tests/data/bug71719.bin new file mode 100644 index 0000000..245db28 Binary files /dev/null and b/tests/data/bug71719.bin differ