diff --git a/NEWS b/NEWS index d902359f1eb..3f7cb5eab95 100644 --- a/NEWS +++ b/NEWS @@ -21,6 +21,8 @@ - Fixed possible crash in mssql_fetch_batch(). (Kalle) - Fixed inconsistent backlog default value (-1) in FPM on many systems. (fat) +- Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with + large amount of data). (Adam) - Fixed bug #52926 (zlib fopen wrapper does not use context). (Gustavo) - Fixed bug #52891 (Wrong data inserted with mysqli/mysqlnd when using mysqli_stmt_bind_param and value> PHP_INT_MAX). (Andrey) diff --git a/ext/filter/logical_filters.c b/ext/filter/logical_filters.c index bfa919262d9..a1e6aee8fab 100644 --- a/ext/filter/logical_filters.c +++ b/ext/filter/logical_filters.c @@ -531,6 +531,11 @@ void php_filter_validate_email(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */ int matches; + /* The maximum length of an e-mail address is 320 octets, per RFC 2821. */ + if (Z_STRLEN_P(value) > 320) { + RETURN_VALIDATION_FAILED + } + re = pcre_get_compiled_regex((char *)regexp, &pcre_extra, &preg_options TSRMLS_CC); if (!re) { RETURN_VALIDATION_FAILED diff --git a/ext/filter/tests/bug52929.phpt b/ext/filter/tests/bug52929.phpt new file mode 100644 index 00000000000..29332959f7d --- /dev/null +++ b/ext/filter/tests/bug52929.phpt @@ -0,0 +1,18 @@ +--TEST-- +Bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data) +--SKIPIF-- + +--FILE-- +