thr3ads.net - Secure testing commits - [Secure-testing-commits] r5717

If this information is useful, please help other people find it:
Share via:
Sean Finney
2007-Apr-23 17:56 UTC
[Secure-testing-commits] r5717 - data/patches/MOPB

Author: seanius
Date: 2007-04-23 17:56:04 +0000 (Mon, 23 Apr 2007)
New Revision: 5717

Modified:
   data/patches/MOPB/MOPB-19-php5.diff
Log:
no, really, this time i mean it

Modified: data/patches/MOPB/MOPB-19-php5.diff
==================================================================---
data/patches/MOPB/MOPB-19-php5.diff	2007-04-23 17:52:25 UTC (rev 5716)
+++ data/patches/MOPB/MOPB-19-php5.diff	2007-04-23 17:56:04 UTC (rev 5717)
@@ -1,16 +1,24 @@
-#
http://cvs.php.net/viewvc.cgi/php-src/ext/filter/logical_filters.c?r1=1.1.2.12&r2=1.1.2.18&view=patch
---- logical_filters.c	2006/12/16 21:48:05	1.1.2.12
+#
http://cvs.php.net/viewvc.cgi/php-src/ext/filter/logical_filters.c?r1=1.1.2.11&r2=1.1.2.18&view=patch
+--- logical_filters.c	2006/10/17 15:26:14	1.1.2.11
 +++ logical_filters.c	2006/12/26 09:16:24	1.1.2.18
-@@ -17,18 +17,26 @@
+@@ -17,21 +17,33 @@
+   +----------------------------------------------------------------------+
+ */
+ 
+-/* $Id: logical_filters.c,v 1.1.2.11 2006/10/17 15:26:14 iliaa Exp $ */
++/* $Id: logical_filters.c,v 1.1.2.18 2006/12/26 09:16:24 dmitry Exp $ */
+ 
+ #include "php_filter.h"
+ #include "filter_private.h"
  #include "ext/standard/url.h"
  #include "ext/pcre/php_pcre.h"
  
 +#include "zend_multiply.h"
 +
- #if HAVE_ARPA_INET_H
- # include <arpa/inet.h>
- #endif
- 
++#if HAVE_ARPA_INET_H
++# include <arpa/inet.h>
++#endif
++
 +#define LONG_SIGN_MASK (1L << (8*sizeof(long)-1))
 +
 +#ifndef INADDR_NONE
@@ -30,7 +38,7 @@
  			var_name##_set = 1;                                                        
\
  		}                                                                           
\
  	}
-@@ -48,10 +56,11 @@
+@@ -44,10 +56,11 @@
  	var_name##_len = 0;                                                          
\
  	if (option_array) {                                                          
\
  		if (zend_hash_find(HASH_OF(option_array), option_name, sizeof(option_name),
(void **) &option_val) == SUCCESS) { \
@@ -46,7 +54,7 @@
  		}                                                                           
\
  	}
  /* }}} */
-@@ -59,24 +68,14 @@
+@@ -55,24 +68,14 @@
  #define FORMAT_IPV4    4
  #define FORMAT_IPV6    6
  
@@ -76,7 +84,7 @@
  		case ''-'':
  			sign = -1;
  		case ''+'':
-@@ -86,88 +85,79 @@
+@@ -82,88 +85,79 @@
  	}
  
  	/* must start with 1..9*/
@@ -212,7 +220,7 @@
  }
  /* }}} */
  
-@@ -179,7 +169,7 @@
+@@ -175,7 +169,7 @@
  	int    allow_octal = 0, allow_hex = 0;
  	int	   len, error = 0;
  	long   ctx_value;
@@ -221,7 +229,7 @@
  
  	/* Parse options */
  	FETCH_LONG_OPTION(min_range,    "min_range");
-@@ -204,12 +194,12 @@
+@@ -200,12 +194,12 @@
  	p = Z_STRVAL_P(value);
  	ctx_value = 0;
  
@@ -237,7 +245,7 @@
  			if (php_filter_parse_hex(p, len, &ctx_value TSRMLS_CC) < 0) {
  				error = 1;
  			}
-@@ -217,7 +207,7 @@
+@@ -213,7 +207,7 @@
  			if (php_filter_parse_octal(p, len, &ctx_value TSRMLS_CC) < 0) {
  				error = 1;
  			}
@@ -246,7 +254,7 @@
  			error = 1;
  		}
  	} else {
-@@ -240,34 +230,65 @@
+@@ -236,34 +230,65 @@
  void php_filter_boolean(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
  {
  	char *str = Z_STRVAL_P(value);
@@ -333,7 +341,7 @@
  	}
  }
  /* }}} */
-@@ -275,168 +296,102 @@
+@@ -271,168 +296,102 @@
  void php_filter_float(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
  {
  	int len;
@@ -355,12 +363,12 @@
 -	int options_flag_set;
 -
 -	int sign = 1;
--
--	double ret_val = 0;
--	double factor;
 +	long lval;
 +	double dval;
  
+-	double ret_val = 0;
+-	double factor;
+-
 -	int exp_value = 0, exp_multiply = 1;
 +	int first, n;
  
@@ -412,8 +420,8 @@
 -		sign = 1;
 -		str++;
 -		start = str;
- 	}
- 
+-	}
+-
 -	ret_val = 0.0;
 -
 -	while (*str == ''0'') {
@@ -450,9 +458,9 @@
 -	}
 -	if (!(*str)) {
 -		goto stateT;
--	}
+ 	}
 -	str++;
--
+ 
 -stateDot:
 -	factor = 0.1;
 -	while (*str) {
@@ -570,7 +578,7 @@
  }
  /* }}} */
  
-@@ -480,6 +435,13 @@
+@@ -476,6 +435,13 @@
  void php_filter_validate_url(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
  {
  	php_url *url;
@@ -584,7 +592,7 @@
  
  	/* Use parse_url - if it returns false, we return NULL */
  	url = php_url_parse_ex(Z_STRVAL_P(value), Z_STRLEN_P(value));
-@@ -489,10 +451,10 @@
+@@ -485,10 +451,10 @@
  	}
  
  	if (
@@ -599,7 +607,7 @@
  	) {
  		php_url_free(url);
  		RETURN_VALIDATION_FAILED
-@@ -504,7 +466,7 @@
+@@ -500,7 +466,7 @@
  void php_filter_validate_email(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
  {
  	/* From
http://cvs.php.net/co.php/pear/HTML_QuickForm/QuickForm/Rule/Email.php?r=1.4 */
@@ -608,23 +616,75 @@
  
  	pcre       *re = NULL;
  	pcre_extra *pcre_extra = NULL;
-@@ -529,179 +491,95 @@
+@@ -523,220 +489,97 @@
+ }
+ /* }}} */
  
- static int _php_filter_validate_ipv4(char *str, int str_len, int *ip) /* {{{
*/
+-static int _php_filter_validate_ipv4_count_dots(char *str) /* {{{ */
+-{
+-	char *s1, *s2, *s3, *s4;
+-
+-	s1 = strchr(str, ''.'');
+-	if (!s1)
+-		return 0;
+-	s2 = strchr(s1 + 1, ''.'');
+-	if (!s2)
+-		return 1;
+-	s3 = strchr(s2 + 1, ''.'');
+-	if (!s3)
+-		return 2;
+-	s4 = strchr(s3 + 1, ''.'');
+-	if (!s4)
+-		return 3;
+-	return 4; /* too many */
+-}
+-/* }}} */
+-
+-static int _php_filter_validate_ipv4_get_nr(char **str) /* {{{ */
+-{
+-	char *begin, *end, *ptr, *tmp_str;
+-	int   tmp_nr = -1;
+-
+-	begin = ptr = *str;
+-	while ((*ptr >= ''0'') && (*ptr <=
''9'')) {
+-		++ptr;
+-	}
+-	end = ptr;
+-	*str = end + 1;
+-
+-	if (end == begin) {
+-		return -1;
+-	}
+-
+-	tmp_str = calloc(1, end - begin + 1);
+-	memcpy(tmp_str, begin, end - begin);
+-	tmp_nr = strtol(tmp_str, NULL, 10);
+-	free(tmp_str);
+-
+-	if (tmp_nr < 0 || tmp_nr > 255) {
+-		tmp_nr = -1;
+-	}
+-	return tmp_nr;
+-}
+-/* }}} */
+-
+-static int _php_filter_validate_ipv4(char *str, int *ip TSRMLS_DC) /* {{{ */
++static int _php_filter_validate_ipv4(char *str, int str_len, int *ip) /* {{{
*/
  {
--	unsigned long int i = inet_addr(str);
--	char ip_chk[16];
--	int l;
--
--	if (i == INADDR_NONE) {
--		if (!strcmp(str, "255.255.255.255")) {
--			ip[0] = ip[1] = ip[2] = ip[3] = 255;
--			return 1;
--		} else {
+-	char *p;
+-	int x;
 +	const char *end = str + str_len;
 +	int num, m;
 +	int n = 0;
-+
+ 
+-	if (_php_filter_validate_ipv4_count_dots(str) != 3) {
+-		return 0;
+-	}
+-
+-	p = str;
+-	for (x = 0; x < 4; ++x) {
+-		ip[x] = _php_filter_validate_ipv4_get_nr(&p);
+-		if (ip[x] == -1) {
 +	while (str < end) {
 +		if (*str < ''0'' || *str > ''9'') {
 +			return 0;
@@ -644,17 +704,6 @@
  			return 0;
  		}
  	}
--	ip[0] = i & 0xFF;
--	ip[1] = (i & 0xFF00) / 256;
--	ip[2] = (i & 0xFF0000) / 256 / 256;
--	ip[3] = (i & 0xFF000000) / 256 / 256 / 256;
--
--	/* make sure that the input does not have any trailing values */
--	l = sprintf(ip_chk, "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]);
--	if (l != str_len || strcmp(ip_chk, str)) {
--		return 0;
--	}
--
 -	return 1;
 +	return 0;		
  }
@@ -676,7 +725,7 @@
 -				hexcode_found++; 			\
 -			}
 -
--static int _php_filter_validate_ipv6_(char *str, int str_len TSRMLS_DC) /* {{{
*/
+-static int _php_filter_validate_ipv6_(char *str TSRMLS_DC) /* {{{ */
 +static int _php_filter_validate_ipv6(char *str, int str_len TSRMLS_DC) /* {{{
*/
  {
 -	int hexcode_found = 0;
@@ -692,22 +741,24 @@
 +	char *end;
  	int ip4elm[4];
  
- 	if (!memchr(str, '':'', str_len)) {
+-	if (!strchr(str, '':'')) {
++	if (!memchr(str, '':'', str_len)) {
  		return 0;
  	}
  
 -	/* Check for compressed expression. only one is allowed */
--	compressed = php_memnstr(str, "::", sizeof("::")-1,
str+str_len);
+-	compressed = strstr(str, "::");
 -	if (compressed) {
--		s2 = php_memnstr(compressed+1, "::", sizeof("::")-1, str
+ str_len);
+-		s2 = strstr(compressed+1, "::");
 -		if (s2) {
 -			return 0;
 -		}
 -	}
 -
  	/* check for bundled IPv4 */
- 	ipv4 = memchr(str, ''.'', str_len);
+-	ipv4 = strchr(str, ''.'');
 -
++	ipv4 = memchr(str, ''.'', str_len);
  	if (ipv4) {
 -		while (*ipv4 != '':'' && ipv4 >= start) {
 + 		while (ipv4 > str && *(ipv4-1) != '':'') {
@@ -720,7 +771,7 @@
 -		}
 -		ipv4++;
 -
--		if (!_php_filter_validate_ipv4(ipv4, (str + str_len - ipv4), ip4elm
TSRMLS_CC)) {
+-		if (!_php_filter_validate_ipv4(ipv4, ip4elm TSRMLS_CC)) {
 +		if (!_php_filter_validate_ipv4(ipv4, (str_len - (ipv4 - str)), ip4elm)) {
  			return 0;
  		}
@@ -739,7 +790,7 @@
 -		if (ipv4) {
 -			end = ipv4 - 1;
 -		} else {
--			end = str + str_len;
+-			end = str + strlen(start);
 -		}
 -
 -		while (*str && str <= end) {
@@ -797,7 +848,11 @@
 -			}
 -
 -			if (hexcode_found > 4) {
--				return 0;
++	end = str + str_len;
++	while (str < end) {
++		if (*str == '':'') {
++			if (--blocks == 0) {
+ 				return 0;
 -			}
 -
 -			hexcode_found = 0;
@@ -807,20 +862,16 @@
 -				t--;
 -			}
 -			if (hexcode_found > 4) {
-+	end = str + str_len;
-+	while (str < end) {
-+		if (*str == '':'') {
-+			if (--blocks == 0) {
++			}			
++			if (++str >= end) {
  				return 0;
--			}
+ 			}
 -
 -			if (col_fnd > 6) {
-+			}			
-+			if (++str >= end) {
- 				return 0;
+-				return 0;
 -			} else {
 -				return 1;
- 			}
+-			}
 +			if (*str == '':'') {
 +				if (compressed || --blocks == 0) {
 +					return 0;
@@ -848,11 +899,20 @@
  }
  /* }}} */
  
-@@ -766,7 +644,7 @@
+@@ -771,7 +614,7 @@
+ 
+ 	switch (mode) {
+ 		case FORMAT_IPV4:
+-			if (!_php_filter_validate_ipv4(str, ip TSRMLS_CC)) {
++			if (!_php_filter_validate_ipv4(str, Z_STRLEN_P(value), ip)) {
+ 				RETURN_VALIDATION_FAILED
+ 			}
+ 
+@@ -801,7 +644,7 @@
  		case FORMAT_IPV6:
  			{
  				int res = 0;
--				res = _php_filter_validate_ipv6_(str, Z_STRLEN_P(value) TSRMLS_CC);
+-				res = _php_filter_validate_ipv6_(str TSRMLS_CC);
 +				res = _php_filter_validate_ipv6(str, Z_STRLEN_P(value) TSRMLS_CC);
  				if (res < 1) {
  					RETURN_VALIDATION_FAILED
Secure testing commits - Apr 2007 - r5717 - data/patches/MOPB

[Secure-testing-commits] r5717 - data/patches/MOPB
