[Secure-testing-commits] r5717 - data/patches/MOPB
Sean Finney
seanius at alioth.debian.org
Mon Apr 23 17:56:04 UTC 2007
Author: seanius
Date: 2007-04-23 17:56:04 +0000 (Mon, 23 Apr 2007)
New Revision: 5717
Modified:
data/patches/MOPB/MOPB-19-php5.diff
Log:
no, really, this time i mean it
Modified: data/patches/MOPB/MOPB-19-php5.diff
===================================================================
--- data/patches/MOPB/MOPB-19-php5.diff 2007-04-23 17:52:25 UTC (rev 5716)
+++ data/patches/MOPB/MOPB-19-php5.diff 2007-04-23 17:56:04 UTC (rev 5717)
@@ -1,16 +1,24 @@
-# http://cvs.php.net/viewvc.cgi/php-src/ext/filter/logical_filters.c?r1=1.1.2.12&r2=1.1.2.18&view=patch
---- logical_filters.c 2006/12/16 21:48:05 1.1.2.12
+# http://cvs.php.net/viewvc.cgi/php-src/ext/filter/logical_filters.c?r1=1.1.2.11&r2=1.1.2.18&view=patch
+--- logical_filters.c 2006/10/17 15:26:14 1.1.2.11
+++ logical_filters.c 2006/12/26 09:16:24 1.1.2.18
-@@ -17,18 +17,26 @@
+@@ -17,21 +17,33 @@
+ +----------------------------------------------------------------------+
+ */
+
+-/* $Id: logical_filters.c,v 1.1.2.11 2006/10/17 15:26:14 iliaa Exp $ */
++/* $Id: logical_filters.c,v 1.1.2.18 2006/12/26 09:16:24 dmitry Exp $ */
+
+ #include "php_filter.h"
+ #include "filter_private.h"
#include "ext/standard/url.h"
#include "ext/pcre/php_pcre.h"
+#include "zend_multiply.h"
+
- #if HAVE_ARPA_INET_H
- # include <arpa/inet.h>
- #endif
-
++#if HAVE_ARPA_INET_H
++# include <arpa/inet.h>
++#endif
++
+#define LONG_SIGN_MASK (1L << (8*sizeof(long)-1))
+
+#ifndef INADDR_NONE
@@ -30,7 +38,7 @@
var_name##_set = 1; \
} \
}
-@@ -48,10 +56,11 @@
+@@ -44,10 +56,11 @@
var_name##_len = 0; \
if (option_array) { \
if (zend_hash_find(HASH_OF(option_array), option_name, sizeof(option_name), (void **) &option_val) == SUCCESS) { \
@@ -46,7 +54,7 @@
} \
}
/* }}} */
-@@ -59,24 +68,14 @@
+@@ -55,24 +68,14 @@
#define FORMAT_IPV4 4
#define FORMAT_IPV6 6
@@ -76,7 +84,7 @@
case '-':
sign = -1;
case '+':
-@@ -86,88 +85,79 @@
+@@ -82,88 +85,79 @@
}
/* must start with 1..9*/
@@ -212,7 +220,7 @@
}
/* }}} */
-@@ -179,7 +169,7 @@
+@@ -175,7 +169,7 @@
int allow_octal = 0, allow_hex = 0;
int len, error = 0;
long ctx_value;
@@ -221,7 +229,7 @@
/* Parse options */
FETCH_LONG_OPTION(min_range, "min_range");
-@@ -204,12 +194,12 @@
+@@ -200,12 +194,12 @@
p = Z_STRVAL_P(value);
ctx_value = 0;
@@ -237,7 +245,7 @@
if (php_filter_parse_hex(p, len, &ctx_value TSRMLS_CC) < 0) {
error = 1;
}
-@@ -217,7 +207,7 @@
+@@ -213,7 +207,7 @@
if (php_filter_parse_octal(p, len, &ctx_value TSRMLS_CC) < 0) {
error = 1;
}
@@ -246,7 +254,7 @@
error = 1;
}
} else {
-@@ -240,34 +230,65 @@
+@@ -236,34 +230,65 @@
void php_filter_boolean(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
{
char *str = Z_STRVAL_P(value);
@@ -333,7 +341,7 @@
}
}
/* }}} */
-@@ -275,168 +296,102 @@
+@@ -271,168 +296,102 @@
void php_filter_float(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
{
int len;
@@ -355,12 +363,12 @@
- int options_flag_set;
-
- int sign = 1;
--
-- double ret_val = 0;
-- double factor;
+ long lval;
+ double dval;
+- double ret_val = 0;
+- double factor;
+-
- int exp_value = 0, exp_multiply = 1;
+ int first, n;
@@ -412,8 +420,8 @@
- sign = 1;
- str++;
- start = str;
- }
-
+- }
+-
- ret_val = 0.0;
-
- while (*str == '0') {
@@ -450,9 +458,9 @@
- }
- if (!(*str)) {
- goto stateT;
-- }
+ }
- str++;
--
+
-stateDot:
- factor = 0.1;
- while (*str) {
@@ -570,7 +578,7 @@
}
/* }}} */
-@@ -480,6 +435,13 @@
+@@ -476,6 +435,13 @@
void php_filter_validate_url(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
{
php_url *url;
@@ -584,7 +592,7 @@
/* Use parse_url - if it returns false, we return NULL */
url = php_url_parse_ex(Z_STRVAL_P(value), Z_STRLEN_P(value));
-@@ -489,10 +451,10 @@
+@@ -485,10 +451,10 @@
}
if (
@@ -599,7 +607,7 @@
) {
php_url_free(url);
RETURN_VALIDATION_FAILED
-@@ -504,7 +466,7 @@
+@@ -500,7 +466,7 @@
void php_filter_validate_email(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
{
/* From http://cvs.php.net/co.php/pear/HTML_QuickForm/QuickForm/Rule/Email.php?r=1.4 */
@@ -608,23 +616,75 @@
pcre *re = NULL;
pcre_extra *pcre_extra = NULL;
-@@ -529,179 +491,95 @@
+@@ -523,220 +489,97 @@
+ }
+ /* }}} */
- static int _php_filter_validate_ipv4(char *str, int str_len, int *ip) /* {{{ */
+-static int _php_filter_validate_ipv4_count_dots(char *str) /* {{{ */
+-{
+- char *s1, *s2, *s3, *s4;
+-
+- s1 = strchr(str, '.');
+- if (!s1)
+- return 0;
+- s2 = strchr(s1 + 1, '.');
+- if (!s2)
+- return 1;
+- s3 = strchr(s2 + 1, '.');
+- if (!s3)
+- return 2;
+- s4 = strchr(s3 + 1, '.');
+- if (!s4)
+- return 3;
+- return 4; /* too many */
+-}
+-/* }}} */
+-
+-static int _php_filter_validate_ipv4_get_nr(char **str) /* {{{ */
+-{
+- char *begin, *end, *ptr, *tmp_str;
+- int tmp_nr = -1;
+-
+- begin = ptr = *str;
+- while ((*ptr >= '0') && (*ptr <= '9')) {
+- ++ptr;
+- }
+- end = ptr;
+- *str = end + 1;
+-
+- if (end == begin) {
+- return -1;
+- }
+-
+- tmp_str = calloc(1, end - begin + 1);
+- memcpy(tmp_str, begin, end - begin);
+- tmp_nr = strtol(tmp_str, NULL, 10);
+- free(tmp_str);
+-
+- if (tmp_nr < 0 || tmp_nr > 255) {
+- tmp_nr = -1;
+- }
+- return tmp_nr;
+-}
+-/* }}} */
+-
+-static int _php_filter_validate_ipv4(char *str, int *ip TSRMLS_DC) /* {{{ */
++static int _php_filter_validate_ipv4(char *str, int str_len, int *ip) /* {{{ */
{
-- unsigned long int i = inet_addr(str);
-- char ip_chk[16];
-- int l;
--
-- if (i == INADDR_NONE) {
-- if (!strcmp(str, "255.255.255.255")) {
-- ip[0] = ip[1] = ip[2] = ip[3] = 255;
-- return 1;
-- } else {
+- char *p;
+- int x;
+ const char *end = str + str_len;
+ int num, m;
+ int n = 0;
-+
+
+- if (_php_filter_validate_ipv4_count_dots(str) != 3) {
+- return 0;
+- }
+-
+- p = str;
+- for (x = 0; x < 4; ++x) {
+- ip[x] = _php_filter_validate_ipv4_get_nr(&p);
+- if (ip[x] == -1) {
+ while (str < end) {
+ if (*str < '0' || *str > '9') {
+ return 0;
@@ -644,17 +704,6 @@
return 0;
}
}
-- ip[0] = i & 0xFF;
-- ip[1] = (i & 0xFF00) / 256;
-- ip[2] = (i & 0xFF0000) / 256 / 256;
-- ip[3] = (i & 0xFF000000) / 256 / 256 / 256;
--
-- /* make sure that the input does not have any trailing values */
-- l = sprintf(ip_chk, "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]);
-- if (l != str_len || strcmp(ip_chk, str)) {
-- return 0;
-- }
--
- return 1;
+ return 0;
}
@@ -676,7 +725,7 @@
- hexcode_found++; \
- }
-
--static int _php_filter_validate_ipv6_(char *str, int str_len TSRMLS_DC) /* {{{ */
+-static int _php_filter_validate_ipv6_(char *str TSRMLS_DC) /* {{{ */
+static int _php_filter_validate_ipv6(char *str, int str_len TSRMLS_DC) /* {{{ */
{
- int hexcode_found = 0;
@@ -692,22 +741,24 @@
+ char *end;
int ip4elm[4];
- if (!memchr(str, ':', str_len)) {
+- if (!strchr(str, ':')) {
++ if (!memchr(str, ':', str_len)) {
return 0;
}
- /* Check for compressed expression. only one is allowed */
-- compressed = php_memnstr(str, "::", sizeof("::")-1, str+str_len);
+- compressed = strstr(str, "::");
- if (compressed) {
-- s2 = php_memnstr(compressed+1, "::", sizeof("::")-1, str + str_len);
+- s2 = strstr(compressed+1, "::");
- if (s2) {
- return 0;
- }
- }
-
/* check for bundled IPv4 */
- ipv4 = memchr(str, '.', str_len);
+- ipv4 = strchr(str, '.');
-
++ ipv4 = memchr(str, '.', str_len);
if (ipv4) {
- while (*ipv4 != ':' && ipv4 >= start) {
+ while (ipv4 > str && *(ipv4-1) != ':') {
@@ -720,7 +771,7 @@
- }
- ipv4++;
-
-- if (!_php_filter_validate_ipv4(ipv4, (str + str_len - ipv4), ip4elm TSRMLS_CC)) {
+- if (!_php_filter_validate_ipv4(ipv4, ip4elm TSRMLS_CC)) {
+ if (!_php_filter_validate_ipv4(ipv4, (str_len - (ipv4 - str)), ip4elm)) {
return 0;
}
@@ -739,7 +790,7 @@
- if (ipv4) {
- end = ipv4 - 1;
- } else {
-- end = str + str_len;
+- end = str + strlen(start);
- }
-
- while (*str && str <= end) {
@@ -797,7 +848,11 @@
- }
-
- if (hexcode_found > 4) {
-- return 0;
++ end = str + str_len;
++ while (str < end) {
++ if (*str == ':') {
++ if (--blocks == 0) {
+ return 0;
- }
-
- hexcode_found = 0;
@@ -807,20 +862,16 @@
- t--;
- }
- if (hexcode_found > 4) {
-+ end = str + str_len;
-+ while (str < end) {
-+ if (*str == ':') {
-+ if (--blocks == 0) {
++ }
++ if (++str >= end) {
return 0;
-- }
+ }
-
- if (col_fnd > 6) {
-+ }
-+ if (++str >= end) {
- return 0;
+- return 0;
- } else {
- return 1;
- }
+- }
+ if (*str == ':') {
+ if (compressed || --blocks == 0) {
+ return 0;
@@ -848,11 +899,20 @@
}
/* }}} */
-@@ -766,7 +644,7 @@
+@@ -771,7 +614,7 @@
+
+ switch (mode) {
+ case FORMAT_IPV4:
+- if (!_php_filter_validate_ipv4(str, ip TSRMLS_CC)) {
++ if (!_php_filter_validate_ipv4(str, Z_STRLEN_P(value), ip)) {
+ RETURN_VALIDATION_FAILED
+ }
+
+@@ -801,7 +644,7 @@
case FORMAT_IPV6:
{
int res = 0;
-- res = _php_filter_validate_ipv6_(str, Z_STRLEN_P(value) TSRMLS_CC);
+- res = _php_filter_validate_ipv6_(str TSRMLS_CC);
+ res = _php_filter_validate_ipv6(str, Z_STRLEN_P(value) TSRMLS_CC);
if (res < 1) {
RETURN_VALIDATION_FAILED
More information about the Secure-testing-commits
mailing list