diff options
author | Christoph M. Becker <cmbecker69@gmx.de> | 2019-05-07 17:37:35 +0200 |
---|---|---|
committer | Christoph M. Becker <cmbecker69@gmx.de> | 2019-06-12 12:04:01 +0200 |
commit | 37d0c7b0e4072889ed05e7d631ee47a6bedf8ef5 (patch) | |
tree | 49dffe2d1f1ad6fe6b1afc8e5e7cd82dd2398f85 | |
parent | 2f1d822d78ca8f34e67a06139ce36e6ff88fc158 (diff) | |
download | php-git-37d0c7b0e4072889ed05e7d631ee47a6bedf8ef5.tar.gz |
Simplify GD null byte injection tests
These tests actually check that no file with a name containing a NUL is
created by the GD image output functions. This is superfluous, since
it is sufficient to check that the function failed, and that an
appropriate warning has been raised.
We also add missing nullbyte injection tests.
-rw-r--r-- | ext/gd/tests/imagebmp_nullbyte_injection.phpt | 17 | ||||
-rw-r--r-- | ext/gd/tests/imagegd2_nullbyte_injection.phpt | 24 | ||||
-rw-r--r-- | ext/gd/tests/imagegd_nullbyte_injection.phpt | 23 | ||||
-rw-r--r-- | ext/gd/tests/imagegif_nullbyte_injection.phpt | 21 | ||||
-rw-r--r-- | ext/gd/tests/imagejpeg_nullbyte_injection.phpt | 17 | ||||
-rw-r--r-- | ext/gd/tests/imagepng_nullbyte_injection.phpt | 17 | ||||
-rw-r--r-- | ext/gd/tests/imagewbmp_nullbyte_injection.phpt | 17 | ||||
-rw-r--r-- | ext/gd/tests/imagewebp_nullbyte_injection.phpt | 17 | ||||
-rw-r--r-- | ext/gd/tests/imagexbm_nullbyte_injection.phpt | 16 |
9 files changed, 43 insertions, 126 deletions
diff --git a/ext/gd/tests/imagebmp_nullbyte_injection.phpt b/ext/gd/tests/imagebmp_nullbyte_injection.phpt new file mode 100644 index 0000000000..0b6d1843d3 --- /dev/null +++ b/ext/gd/tests/imagebmp_nullbyte_injection.phpt @@ -0,0 +1,17 @@ +--TEST-- +Testing null byte injection in imagebmp +--SKIPIF-- +<?php +if(!extension_loaded('gd')) die('skip gd extension not available'); +if (!gd_info()['BMP Support']) die('skip BMP support not available'); +?> +--FILE-- +<?php +$image = imagecreate(1,1);// 1px image +var_dump(imagebmp($image, "./foo\0bar")); +?> +===DONE=== +--EXPECTF-- +Warning: imagebmp(): Invalid 2nd parameter, filename must not contain null bytes in %s on line %d +bool(false) +===DONE=== diff --git a/ext/gd/tests/imagegd2_nullbyte_injection.phpt b/ext/gd/tests/imagegd2_nullbyte_injection.phpt index 4307704ee2..2fc3050421 100644 --- a/ext/gd/tests/imagegd2_nullbyte_injection.phpt +++ b/ext/gd/tests/imagegd2_nullbyte_injection.phpt @@ -4,29 +4,11 @@ Testing null byte injection in imagegd2 <?php if(!extension_loaded('gd')){ die('skip gd extension not available'); } ?> ---CLEAN-- -$tempdir = sprintf("%s/%s", sys_get_temp_dir(), preg_replace("~\.php$~", null, __FILE__)); -foreach (glob($tempdir . "/test*") as $file ) { unlink($file); } -rmdir($tempdir); --FILE-- <?php $image = imagecreate(1,1);// 1px image - -$tempdir = sprintf("%s/%s", sys_get_temp_dir(), preg_replace("~\.php$~", null, __FILE__)); -if (!is_dir($tempdir)) { - mkdir ($tempdir, 0777, true); -} - -$userinput = "1\0"; // from post or get data -$temp = $tempdir. "/test" . $userinput .".tmp"; - -echo "\nimagegd2 TEST\n"; -imagegd2($image, $temp); -var_dump(file_exists($tempdir. "/test1")); -var_dump(file_exists($tempdir. "/test1.tmp")); +var_dump(imagegd2($image, "./foo\0bar")); +?> --EXPECTF-- -imagegd2 TEST - Warning: imagegd2() expects parameter 2 to be a valid path, string given in %s on line %d -bool(false) -bool(false) +NULL diff --git a/ext/gd/tests/imagegd_nullbyte_injection.phpt b/ext/gd/tests/imagegd_nullbyte_injection.phpt index f904bbf174..f5479a0050 100644 --- a/ext/gd/tests/imagegd_nullbyte_injection.phpt +++ b/ext/gd/tests/imagegd_nullbyte_injection.phpt @@ -4,30 +4,11 @@ Testing null byte injection in imagegd <?php if(!extension_loaded('gd')){ die('skip gd extension not available'); } ?> ---CLEAN-- -$tempdir = sprintf("%s/%s", sys_get_temp_dir(), preg_replace("~\.php$~", null, __FILE__)); -foreach (glob($tempdir . "/test*") as $file ) { unlink($file); } -rmdir($tempdir); --FILE-- <?php $image = imagecreate(1,1);// 1px image - -$tempdir = sprintf("%s/%s", sys_get_temp_dir(), preg_replace("~\.php$~", null, __FILE__)); -if (!is_dir($tempdir)) { - mkdir ($tempdir, 0777, true); -} - -$userinput = "1\0"; // from post or get data -$temp = $tempdir. "/test" . $userinput .".tmp"; - -echo "\nimagegd TEST\n"; -imagegd($image, $temp); -var_dump(file_exists($tempdir. "/test1")); -var_dump(file_exists($tempdir. "/test1.tmp")); +var_dump(imagegd($image, "./foo\0bar")); ?> --EXPECTF-- -imagegd TEST - Warning: imagegd() expects parameter 2 to be a valid path, string given in %s on line %d -bool(false) -bool(false) +NULL diff --git a/ext/gd/tests/imagegif_nullbyte_injection.phpt b/ext/gd/tests/imagegif_nullbyte_injection.phpt index 0f3e5b8bad..c5acdd489e 100644 --- a/ext/gd/tests/imagegif_nullbyte_injection.phpt +++ b/ext/gd/tests/imagegif_nullbyte_injection.phpt @@ -3,10 +3,6 @@ Testing null byte injection in imagegif --SKIPIF-- <?php if(!extension_loaded('gd')){ die('skip gd extension not available'); } -$support = gd_info(); -if (!isset($support['GIF Create Support']) || $support['GIF Create Support'] === false) { - print 'skip gif support not available'; -} ?> --CLEAN-- $tempdir = sprintf("%s/%s", sys_get_temp_dir(), preg_replace("~\.php$~", null, __FILE__)); @@ -15,23 +11,8 @@ rmdir($tempdir); --FILE-- <?php $image = imagecreate(1,1);// 1px image - -$tempdir = sprintf("%s/%s", sys_get_temp_dir(), preg_replace("~\.php$~", null, __FILE__)); -if (!is_dir($tempdir)) { - mkdir ($tempdir, 0777, true); -} - -$userinput = "1\0"; // from post or get data -$temp = $tempdir. "/test" . $userinput .".tmp"; - -echo "\nimagegif TEST\n"; -imagegif($image, $temp); -var_dump(file_exists($tempdir. "/test1")); -var_dump(file_exists($tempdir. "/test1.tmp")); +var_dump(imagegif($image, "./foo\0bar")); ?> --EXPECTF-- -imagegif TEST - Warning: imagegif(): Invalid 2nd parameter, filename must not contain null bytes in %s on line %d bool(false) -bool(false) diff --git a/ext/gd/tests/imagejpeg_nullbyte_injection.phpt b/ext/gd/tests/imagejpeg_nullbyte_injection.phpt index 38eadab4ae..29cb537c3a 100644 --- a/ext/gd/tests/imagejpeg_nullbyte_injection.phpt +++ b/ext/gd/tests/imagejpeg_nullbyte_injection.phpt @@ -15,23 +15,8 @@ rmdir($tempdir); --FILE-- <?php $image = imagecreate(1,1);// 1px image - -$tempdir = sprintf("%s/%s", sys_get_temp_dir(), preg_replace("~\.php$~", null, __FILE__)); -if (!is_dir($tempdir)) { - mkdir ($tempdir, 0777, true); -} - -$userinput = "1\0"; // from post or get data -$temp = $tempdir. "/test" . $userinput .".tmp"; - -echo "\nimagejpeg TEST\n"; -imagejpeg($image, $temp); -var_dump(file_exists($tempdir. "/test1")); -var_dump(file_exists($tempdir. "/test1.tmp")); +var_dump(imagejpeg($image, "./foo\0bar")); ?> --EXPECTF-- -imagejpeg TEST - Warning: imagejpeg(): Invalid 2nd parameter, filename must not contain null bytes in %s on line %d bool(false) -bool(false) diff --git a/ext/gd/tests/imagepng_nullbyte_injection.phpt b/ext/gd/tests/imagepng_nullbyte_injection.phpt index bc9c340397..271d4d5bd3 100644 --- a/ext/gd/tests/imagepng_nullbyte_injection.phpt +++ b/ext/gd/tests/imagepng_nullbyte_injection.phpt @@ -15,23 +15,8 @@ rmdir($tempdir); --FILE-- <?php $image = imagecreate(1,1);// 1px image - -$tempdir = sprintf("%s/%s", sys_get_temp_dir(), preg_replace("~\.php$~", null, __FILE__)); -if (!is_dir($tempdir)) { - mkdir ($tempdir, 0777, true); -} - -$userinput = "1\0"; // from post or get data -$temp = $tempdir. "/test" . $userinput .".tmp"; - -echo "\nimagepng TEST\n"; -imagepng($image, $temp); -var_dump(file_exists($tempdir. "/test1")); -var_dump(file_exists($tempdir. "/test1.tmp")); +var_dump(imagepng($image, "./foo\0bar")); ?> --EXPECTF-- -imagepng TEST - Warning: imagepng(): Invalid 2nd parameter, filename must not contain null bytes in %s on line %d bool(false) -bool(false) diff --git a/ext/gd/tests/imagewbmp_nullbyte_injection.phpt b/ext/gd/tests/imagewbmp_nullbyte_injection.phpt index 466584f968..fc5d238f41 100644 --- a/ext/gd/tests/imagewbmp_nullbyte_injection.phpt +++ b/ext/gd/tests/imagewbmp_nullbyte_injection.phpt @@ -15,23 +15,8 @@ rmdir($tempdir); --FILE-- <?php $image = imagecreate(1,1);// 1px image - -$tempdir = sprintf("%s/%s", sys_get_temp_dir(), preg_replace("~\.php$~", null, __FILE__)); -if (!is_dir($tempdir)) { - mkdir ($tempdir, 0777, true); -} - -$userinput = "1\0"; // from post or get data -$temp = $tempdir. "/test" . $userinput .".tmp"; - -echo "\nimagewbmp TEST\n"; -imagewbmp($image, $temp); -var_dump(file_exists($tempdir. "/test1")); -var_dump(file_exists($tempdir. "/test1.tmp")); +var_dump(imagewbmp($image, "./foo\0bar")); ?> --EXPECTF-- -imagewbmp TEST - Warning: imagewbmp(): Invalid 2nd parameter, filename must not contain null bytes in %s on line %d bool(false) -bool(false) diff --git a/ext/gd/tests/imagewebp_nullbyte_injection.phpt b/ext/gd/tests/imagewebp_nullbyte_injection.phpt index 9d46a21140..d778d0a379 100644 --- a/ext/gd/tests/imagewebp_nullbyte_injection.phpt +++ b/ext/gd/tests/imagewebp_nullbyte_injection.phpt @@ -15,23 +15,8 @@ rmdir($tempdir); --FILE-- <?php $image = imagecreate(1,1);// 1px image - -$tempdir = sprintf("%s/%s", sys_get_temp_dir(), preg_replace("~\.php$~", null, __FILE__)); -if (!is_dir($tempdir)) { - mkdir ($tempdir, 0777, true); -} - -$userinput = "1\0"; // from post or get data -$temp = $tempdir. "/test" . $userinput .".tmp"; - -echo "\nimagewebp TEST\n"; -imagewebp($image, $temp); -var_dump(file_exists($tempdir. "/test1")); -var_dump(file_exists($tempdir. "/test1.tmp")); +var_dump(imagewebp($image, "./foo\0bar")); ?> --EXPECTF-- -imagewebp TEST - Warning: imagewebp(): Invalid 2nd parameter, filename must not contain null bytes in %s on line %d bool(false) -bool(false) diff --git a/ext/gd/tests/imagexbm_nullbyte_injection.phpt b/ext/gd/tests/imagexbm_nullbyte_injection.phpt new file mode 100644 index 0000000000..b485315064 --- /dev/null +++ b/ext/gd/tests/imagexbm_nullbyte_injection.phpt @@ -0,0 +1,16 @@ +--TEST-- +Testing null byte injection in imagexbm +--SKIPIF-- +<?php +if(!extension_loaded('gd')) die('skip gd extension not available'); +?> +--FILE-- +<?php +$image = imagecreate(1,1);// 1px image +var_dump(imagexbm($image, "./foo\0bar")); +?> +===DONE=== +--EXPECTF-- +Warning: imagexbm() expects parameter 2 to be a valid path, string given in %s on line %d +NULL +===DONE=== |