details: https://anonhg.NetBSD.org/pkgsrc/rev/9724b111bba5
branches: trunk
changeset: 400563:9724b111bba5
user: taca <taca%pkgsrc.org@localhost>
date: Thu Oct 22 14:49:06 2009 +0000
description:
Add patch to check byte sequence more strictly in htmlspecialchars().
http://bugs.php.net/bug.php?id=49785
These are patch refrects r289411, r289554, r289565, r289567 and r289605
in PHP svn repositry.
Bump PKGREVISION.
diffstat:
lang/php5/Makefile | 3 +-
lang/php5/distinfo | 3 +-
lang/php5/patches/patch-az | 368 +++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 372 insertions(+), 2 deletions(-)
diffs (truncated from 398 to 300 lines):
diff -r 9e76df7da33d -r 9724b111bba5 lang/php5/Makefile
--- a/lang/php5/Makefile Thu Oct 22 14:41:32 2009 +0000
+++ b/lang/php5/Makefile Thu Oct 22 14:49:06 2009 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.72 2009/06/09 15:15:07 sketch Exp $
+# $NetBSD: Makefile,v 1.73 2009/10/22 14:49:06 taca Exp $
PKGNAME= php-${PHP_BASE_VERS}
+PKGREVISION= 1
CATEGORIES= lang
HOMEPAGE= http://www.php.net/
COMMENT= PHP Hypertext Preprocessor version 5
diff -r 9e76df7da33d -r 9724b111bba5 lang/php5/distinfo
--- a/lang/php5/distinfo Thu Oct 22 14:41:32 2009 +0000
+++ b/lang/php5/distinfo Thu Oct 22 14:49:06 2009 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.68 2009/10/22 14:37:47 taca Exp $
+$NetBSD: distinfo,v 1.69 2009/10/22 14:49:06 taca Exp $
SHA1 (php-5.2.11/php-5.2.11.tar.bz2) = 819c853ce657ef260d4a73b5a21f961115b97eef
RMD160 (php-5.2.11/php-5.2.11.tar.bz2) = 6aad53dee864ab89f794a9d3c2aa32d435ed5654
@@ -17,3 +17,4 @@
SHA1 (patch-ar) = 2d74ec926cc00bfbb67d16210af78c33ad9ac38d
SHA1 (patch-as) = f7ce5caffe2acdd1f8e9fc8ae6c7ba1d8c6a25c1
SHA1 (patch-ay) = c2667dd398c1c58e55f459f2df02613dc028e9cc
+SHA1 (patch-az) = ebdd76b8a5e6cf853b467a67fc6c8948a91d822a
diff -r 9e76df7da33d -r 9724b111bba5 lang/php5/patches/patch-az
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/php5/patches/patch-az Thu Oct 22 14:49:06 2009 +0000
@@ -0,0 +1,368 @@
+$NetBSD$
+
+* Fix for htmlspecialchars(): r289411, r289554, r289565, r289567, r289605.
+
+--- ext/standard/html.c.orig 2008-12-31 20:17:49.000000000 +0900
++++ ext/standard/html.c
+@@ -484,15 +484,31 @@ struct basic_entities_dec {
+ } \
+ mbseq[mbpos++] = (mbchar); }
+
+-#define CHECK_LEN(pos, chars_need) \
+- if((str_len - (pos)) < chars_need) { \
+- *status = FAILURE; \
+- return 0; \
++/* skip one byte and return */
++#define MB_FAILURE(pos) do { \
++ *newpos = pos + 1; \
++ *status = FAILURE; \
++ return 0; \
++ } while (0)
++
++#define CHECK_LEN(pos, chars_need) \
++ if (chars_need < 1) { \
++ if((str_len - (pos)) < chars_need) { \
++ *newpos = pos; \
++ *status = FAILURE; \
++ return 0; \
++ } \
++ } else { \
++ if((str_len - (pos)) < chars_need) { \
++ *newpos = pos + 1; \
++ *status = FAILURE; \
++ return 0; \
++ } \
+ }
+
+ /* {{{ get_next_char
+ */
+-inline static unsigned short get_next_char(enum entity_charset charset,
++inline static unsigned int get_next_char(enum entity_charset charset,
+ unsigned char * str,
+ int str_len,
+ int * newpos,
+@@ -503,205 +519,189 @@ inline static unsigned short get_next_ch
+ int pos = *newpos;
+ int mbpos = 0;
+ int mbspace = *mbseqlen;
+- unsigned short this_char = str[pos++];
++ unsigned int this_char = 0;
+ unsigned char next_char;
+
+ *status = SUCCESS;
+-
++
+ if (mbspace <= 0) {
+ *mbseqlen = 0;
+- return this_char;
++ CHECK_LEN(pos, 1);
++ *newpos = pos + 1;
++ *newpos = pos + 1;
+ }
+-
+- MB_WRITE((unsigned char)this_char);
+-
++
+ switch (charset) {
+ case cs_utf_8:
+ {
+- unsigned long utf = 0;
+- int stat = 0;
+- int more = 1;
+-
+- /* unpack utf-8 encoding into a wide char.
+- * Code stolen from the mbstring extension */
+-
+- do {
+- if (this_char < 0x80) {
+- more = 0;
+- if(stat) {
+- /* we didn't finish the UTF sequence correctly */
+- *status = FAILURE;
+- }
+- break;
+- } else if (this_char < 0xc0) {
+- switch (stat) {
+- case 0x10: /* 2, 2nd */
+- case 0x21: /* 3, 3rd */
+- case 0x32: /* 4, 4th */
+- case 0x43: /* 5, 5th */
+- case 0x54: /* 6, 6th */
+- /* last byte in sequence */
+- more = 0;
+- utf |= (this_char & 0x3f);
+- this_char = (unsigned short)utf;
+- break;
+- case 0x20: /* 3, 2nd */
+- case 0x31: /* 4, 3rd */
+- case 0x42: /* 5, 4th */
+- case 0x53: /* 6, 5th */
+- /* penultimate char */
+- utf |= ((this_char & 0x3f) << 6);
+- stat++;
+- break;
+- case 0x30: /* 4, 2nd */
+- case 0x41: /* 5, 3rd */
+- case 0x52: /* 6, 4th */
+- utf |= ((this_char & 0x3f) << 12);
+- stat++;
+- break;
+- case 0x40: /* 5, 2nd */
+- case 0x51:
+- utf |= ((this_char & 0x3f) << 18);
+- stat++;
+- break;
+- case 0x50: /* 6, 2nd */
+- utf |= ((this_char & 0x3f) << 24);
+- stat++;
+- break;
+- default:
+- /* invalid */
+- *status = FAILURE;
+- more = 0;
+- }
+- }
+- /* lead byte */
+- else if (this_char < 0xe0) {
+- stat = 0x10; /* 2 byte */
+- utf = (this_char & 0x1f) << 6;
+- CHECK_LEN(pos, 1);
+- } else if (this_char < 0xf0) {
+- stat = 0x20; /* 3 byte */
+- utf = (this_char & 0xf) << 12;
+- CHECK_LEN(pos, 2);
+- } else if (this_char < 0xf8) {
+- stat = 0x30; /* 4 byte */
+- utf = (this_char & 0x7) << 18;
+- CHECK_LEN(pos, 3);
+- } else if (this_char < 0xfc) {
+- stat = 0x40; /* 5 byte */
+- utf = (this_char & 0x3) << 24;
+- CHECK_LEN(pos, 4);
+- } else if (this_char < 0xfe) {
+- stat = 0x50; /* 6 byte */
+- utf = (this_char & 0x1) << 30;
+- CHECK_LEN(pos, 5);
+- } else {
+- /* invalid; bail */
+- more = 0;
+- *status = FAILURE;
+- break;
++ unsigned char c;
++ CHECK_LEN(pos, 1);
++ c = str[pos];
++ if (c < 0x80) {
++ MB_WRITE(c);
++ this_char = c;
++ pos++;
++ } else if (c < 0xc0) {
++ MB_FAILURE(pos);
++ } else if (c < 0xe0) {
++ CHECK_LEN(pos, 2);
++ if (str[pos + 1] < 0x80 || str[pos + 1] > 0xbf) {
++ MB_FAILURE(pos);
+ }
+-
+- if (more) {
+- this_char = str[pos++];
+- MB_WRITE((unsigned char)this_char);
++ this_char = ((c & 0x1f) << 6) | (str[pos + 1] & 0x3f);
++ if (this_char < 0x80) {
++ MB_FAILURE(pos);
+ }
+- } while (more);
++ MB_WRITE((unsigned char)c);
++ MB_WRITE((unsigned char)str[pos + 1]);
++ pos += 2;
++ } else if (c < 0xf0) {
++ CHECK_LEN(pos, 3);
++ if (str[pos + 1] < 0x80 || str[pos + 1] > 0xbf) {
++ MB_FAILURE(pos);
++ }
++ if (str[pos + 2] < 0x80 || str[pos + 2] > 0xbf) {
++ MB_FAILURE(pos);
++ }
++ this_char = ((c & 0x0f) << 12) | ((str[pos + 1] & 0x3f) << 6) | (str[pos + 2] & 0x3f);
++ if (this_char < 0x800) {
++ MB_FAILURE(pos);
++ }
++ MB_WRITE((unsigned char)c);
++ MB_WRITE((unsigned char)str[pos + 1]);
++ MB_WRITE((unsigned char)str[pos + 2]);
++ pos += 3;
++ } else if (c < 0xf8) {
++ CHECK_LEN(pos, 4);
++ if (str[pos + 1] < 0x80 || str[pos + 1] > 0xbf) {
++ MB_FAILURE(pos);
++ }
++ if (str[pos + 2] < 0x80 || str[pos + 2] > 0xbf) {
++ MB_FAILURE(pos);
++ }
++ if (str[pos + 3] < 0x80 || str[pos + 3] > 0xbf) {
++ MB_FAILURE(pos);
++ }
++ this_char = ((c & 0x07) << 18) | ((str[pos + 1] & 0x3f) << 12) | ((str[pos + 2] & 0x3f) << 6) | (str[pos + 3] & 0x3f);
++ if (this_char < 0x10000) {
++ MB_FAILURE(pos);
++ }
++ MB_WRITE((unsigned char)c);
++ MB_WRITE((unsigned char)str[pos + 1]);
++ MB_WRITE((unsigned char)str[pos + 2]);
++ MB_WRITE((unsigned char)str[pos + 3]);
++ pos += 4;
++ } else {
++ MB_FAILURE(pos);
++ }
+ }
+ break;
+ case cs_big5:
+ case cs_gb2312:
+ case cs_big5hkscs:
+ {
++ CHECK_LEN(pos, 1);
++ this_char = str[pos++];
+ /* check if this is the first of a 2-byte sequence */
+- if (this_char >= 0xa1 && this_char <= 0xfe) {
++ if (this_char >= 0x81 && this_char <= 0xfe) {
+ /* peek at the next char */
+ CHECK_LEN(pos, 1);
+- next_char = str[pos];
++ next_char = str[pos++];
+ if ((next_char >= 0x40 && next_char <= 0x7e) ||
+ (next_char >= 0xa1 && next_char <= 0xfe)) {
+ /* yes, this a wide char */
+- this_char <<= 8;
++ MB_WRITE(this_char);
+ MB_WRITE(next_char);
+- this_char |= next_char;
+- pos++;
++ this_char = (this_char << 8) | next_char;
++ } else {
++ MB_FAILURE(pos);
+ }
+-
++ } else {
++ MB_WRITE(this_char);
+ }
+- break;
+ }
++ break;
+ case cs_sjis:
+ {
++ CHECK_LEN(pos, 1);
++ this_char = str[pos++];
+ /* check if this is the first of a 2-byte sequence */
+- if ( (this_char >= 0x81 && this_char <= 0x9f) ||
+- (this_char >= 0xe0 && this_char <= 0xef)
+- ) {
++ if ((this_char >= 0x81 && this_char <= 0x9f) ||
++ (this_char >= 0xe0 && this_char <= 0xfc)) {
+ /* peek at the next char */
+ CHECK_LEN(pos, 1);
+- next_char = str[pos];
++ next_char = str[pos++];
+ if ((next_char >= 0x40 && next_char <= 0x7e) ||
+ (next_char >= 0x80 && next_char <= 0xfc))
+ {
+ /* yes, this a wide char */
+- this_char <<= 8;
++ MB_WRITE(this_char);
+ MB_WRITE(next_char);