Skip to content

Bug76963 null byte injection #8593

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
derickr wants to merge 3 commits into from
Closed

Bug76963 null byte injection #8593

derickr wants to merge 3 commits into from

Conversation

@derickr
Copy link
Member

@derickr derickr commented May 20, 2022

No description provided.

@derickr derickr requested review from cmb69 and iluuu1994 May 20, 2022 13:54
@derickr derickr self-assigned this May 20, 2022
cmb69
cmb69 approved these changes May 20, 2022
View reviewed changes
Copy link
Member

@cmb69 cmb69 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good to me. Thank you!

(I wasn't aware, or rather forgot, that the NUL byte error message has changed as of PHP 8.0.0; previously, there have been individual checks to avoid "valid path" where it was not about paths; it might make sense to check for leftovers.)

@Girgias
Copy link
Member

Girgias commented May 20, 2022

This looks good to me. Thank you!

(I wasn't aware, or rather forgot, that the NUL byte error message has changed as of PHP 8.0.0; previously, there have been individual checks to avoid "valid path" where it was not about paths; it might make sense to check for leftovers.)

Might make sense to rename the macro with the PATH variant being just a pass through

cmb69
cmb69 reviewed May 20, 2022
View reviewed changes
ext/date/tests/bug72963.phpt Outdated

object(DateTime)#1 (3) {
["date"]=>
string(26) "2016-08-08 13:52:31.000000"
Copy link
Member

@cmb69 cmb69 May 20, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, need to do something regarding the time (which may be different); ! or | should do.

iluuu1994
iluuu1994 approved these changes May 20, 2022
View reviewed changes
Copy link
Member

@iluuu1994 iluuu1994 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Other than Christoph's comment this LGTM. I also second George's suggestion to add an alias for Z_PARAM_PATH (maybe Z_PARAM_STRING_NO_NUL).

@derickr derickr force-pushed the bug76963-null-byte-injection branch from e7abc04 to 209ea3f Compare May 26, 2022 13:30
@derickr derickr closed this May 26, 2022
@derickr derickr deleted the bug76963-null-byte-injection branch May 26, 2022 14:20
@derickr
Copy link
Member Author

derickr commented May 26, 2022

I've merged this, and created a ticket assigned to myself to have a better macro name: #8637

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cmb69 cmb69 cmb69 approved these changes

@iluuu1994 iluuu1994 iluuu1994 approved these changes

Assignees

@derickr derickr

Labels

Extension: date

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@derickr @Girgias @iluuu1994 @cmb69