diff --git a/ext/standard/tests/file/stream_rfc2397_006.phpt b/ext/standard/tests/file/stream_rfc2397_006.phpt new file mode 100755 index 00000000000..06734fba35b --- /dev/null +++ b/ext/standard/tests/file/stream_rfc2397_006.phpt @@ -0,0 +1,28 @@ +--TEST-- +Stream: RFC2397 with corrupt? payload +--FILE-- + +===DONE=== + +--EXPECTF-- +string(0) "" +string(6) "foobar" +string(13) "foobar foobar" + +Warning: file_get_contents(data:;base64,#Zm9vYmFyIGZvb2Jhc=): failed to open stream: rfc2397: unable to decode in %sstream_rfc2397_006.php on line %d +bool(false) +===DONE=== diff --git a/main/streams/memory.c b/main/streams/memory.c index 9f52b037716..aa39128791a 100644 --- a/main/streams/memory.c +++ b/main/streams/memory.c @@ -652,21 +652,25 @@ static php_stream * php_stream_url_wrap_rfc2397(php_stream_wrapper *wrapper, cha } add_assoc_bool(meta, "base64", base64); - if ((stream = php_stream_temp_create_rel(0, ~0u)) != NULL) { - /* skip ',' */ - comma++; - dlen--; - /* store data */ - if (base64) { - comma = (char*)php_base64_decode((const unsigned char *)comma, dlen, &ilen); - php_stream_temp_write(stream, comma, ilen TSRMLS_CC); - efree(comma); - } else { - comma = estrndup(comma, dlen); - dlen = php_url_decode(comma, dlen); - php_stream_temp_write(stream, comma, dlen TSRMLS_CC); - efree(comma); + /* skip ',' */ + comma++; + dlen--; + + if (base64) { + comma = (char*)php_base64_decode((const unsigned char *)comma, dlen, &ilen); + if (!comma) { + php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "rfc2397: unable to decode"); + return NULL; } + } else { + comma = estrndup(comma, dlen); + ilen = dlen = php_url_decode(comma, dlen); + } + + if ((stream = php_stream_temp_create_rel(0, ~0u)) != NULL) { + /* store data */ + php_stream_temp_write(stream, comma, ilen TSRMLS_CC); + efree(comma); php_stream_temp_seek(stream, 0, SEEK_SET, &newoffs TSRMLS_CC); /* set special stream stuff (enforce exact mode) */ vlen = strlen(mode);