Fix bug #79329 - get_headers should not accept \0

(cherry picked from commit 69fdc14152edefd75a33be7fe87d1194098c67f7)
author: Stanislav Malyshev <stas@php.net> 2020-03-15 17:30:44 -0700
committer: Christoph M. Becker <cmbecker69@gmx.de> 2020-03-17 09:24:16 +0100
commit: f930ff52f45620eec2b2960f9e0a96d258ca1891 (patch)
tree: 512995bed1da1377fb90bcf0d210371d7f4dae1d
parent: f5939563f6caac9827a0412560ab808e3130d195 (diff)
download: php-git-f930ff52f45620eec2b2960f9e0a96d258ca1891.tar.gz
2 files changed, 3 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index d7373083f4..b40193ab83 100644
--- a/NEWS
+++ b/NEWS
@@ -44,6 +44,8 @@ PHP                                                                        NEWS
   . Fixed bug #79294 (::columnType() may fail after SQLite3Stmt::reset()). (cmb)
 
 - Standard:
+  . Fixed bug #79329 (get_headers() silently truncates after a null byte). 
+    (CVE-2020-7066) (cmb)
   . Fixed bug #79254 (getenv() w/o arguments not showing changes). (cmb)
   . Fixed bug #79265 (Improper injection of Host header when using fopen for
     http requests). (Miguel Xavier Penha Neto)
diff --git a/ext/standard/url.c b/ext/standard/url.c
index 1117d6ed63..6880e40a01 100644
--- a/ext/standard/url.c
+++ b/ext/standard/url.c
@@ -672,7 +672,7 @@ PHP_FUNCTION(get_headers)
 	php_stream_context *context;
 
 	ZEND_PARSE_PARAMETERS_START(1, 3)
-		Z_PARAM_STRING(url, url_len)
+		Z_PARAM_PATH(url, url_len)
 		Z_PARAM_OPTIONAL
 		Z_PARAM_LONG(format)
 		Z_PARAM_RESOURCE_EX(zcontext, 1, 0)
author	Stanislav Malyshev <stas@php.net>	2020-03-15 17:30:44 -0700
committer	Christoph M. Becker <cmbecker69@gmx.de>	2020-03-17 09:24:16 +0100
commit	f930ff52f45620eec2b2960f9e0a96d258ca1891 (patch)
tree	512995bed1da1377fb90bcf0d210371d7f4dae1d
parent	f5939563f6caac9827a0412560ab808e3130d195 (diff)
download	php-git-f930ff52f45620eec2b2960f9e0a96d258ca1891.tar.gz