Simplify GD null byte injection tests

These tests actually check that no file with a name containing a NUL is created by the GD image output functions. This is superfluous, since it is sufficient to check that the function failed, and that an appropriate warning has been raised. We also add missing nullbyte injection tests.
author: Christoph M. Becker <cmbecker69@gmx.de> 2019-05-07 17:37:35 +0200
committer: Christoph M. Becker <cmbecker69@gmx.de> 2019-06-12 12:04:01 +0200
commit: 37d0c7b0e4072889ed05e7d631ee47a6bedf8ef5 (patch)
tree: 49dffe2d1f1ad6fe6b1afc8e5e7cd82dd2398f85
parent: 2f1d822d78ca8f34e67a06139ce36e6ff88fc158 (diff)
download: php-git-37d0c7b0e4072889ed05e7d631ee47a6bedf8ef5.tar.gz
9 files changed, 43 insertions, 126 deletions
diff --git a/ext/gd/tests/imagebmp_nullbyte_injection.phpt b/ext/gd/tests/imagebmp_nullbyte_injection.phpt
new file mode 100644
index 0000000000..0b6d1843d3
--- /dev/null
+++ b/ext/gd/tests/imagebmp_nullbyte_injection.phpt
@@ -0,0 +1,17 @@
+--TEST--
+Testing null byte injection in imagebmp
+--SKIPIF--
+<?php
+if(!extension_loaded('gd')) die('skip gd extension not available');
+if (!gd_info()['BMP Support']) die('skip BMP support not available');
+?>
+--FILE--
+<?php
+$image = imagecreate(1,1);// 1px image
+var_dump(imagebmp($image, "./foo\0bar"));
+?>
+===DONE===
+--EXPECTF--
+Warning: imagebmp(): Invalid 2nd parameter, filename must not contain null bytes in %s on line %d
+bool(false)
+===DONE===
diff --git a/ext/gd/tests/imagegd2_nullbyte_injection.phpt b/ext/gd/tests/imagegd2_nullbyte_injection.phpt
index 4307704ee2..2fc3050421 100644
--- a/ext/gd/tests/imagegd2_nullbyte_injection.phpt
+++ b/ext/gd/tests/imagegd2_nullbyte_injection.phpt
@@ -4,29 +4,11 @@ Testing null byte injection in imagegd2
 <?php
         if(!extension_loaded('gd')){ die('skip gd extension not available'); }
 ?>
---CLEAN--
-$tempdir = sprintf("%s/%s", sys_get_temp_dir(), preg_replace("~\.php$~", null, __FILE__));
-foreach (glob($tempdir . "/test*") as $file ) { unlink($file); }
-rmdir($tempdir);
 --FILE--
 <?php
 $image = imagecreate(1,1);// 1px image
-
-$tempdir = sprintf("%s/%s", sys_get_temp_dir(), preg_replace("~\.php$~", null, __FILE__));
-if (!is_dir($tempdir)) {
-	mkdir ($tempdir, 0777, true);
-}
-
-$userinput = "1\0"; // from post or get data
-$temp = $tempdir. "/test" . $userinput .".tmp";
-
-echo "\nimagegd2 TEST\n";
-imagegd2($image, $temp);
-var_dump(file_exists($tempdir. "/test1"));
-var_dump(file_exists($tempdir. "/test1.tmp"));
+var_dump(imagegd2($image, "./foo\0bar"));
+?>
 --EXPECTF--
-imagegd2 TEST
-
 Warning: imagegd2() expects parameter 2 to be a valid path, string given in %s on line %d
-bool(false)
-bool(false)
+NULL
diff --git a/ext/gd/tests/imagegd_nullbyte_injection.phpt b/ext/gd/tests/imagegd_nullbyte_injection.phpt
index f904bbf174..f5479a0050 100644
--- a/ext/gd/tests/imagegd_nullbyte_injection.phpt
+++ b/ext/gd/tests/imagegd_nullbyte_injection.phpt
@@ -4,30 +4,11 @@ Testing null byte injection in imagegd
 <?php
         if(!extension_loaded('gd')){ die('skip gd extension not available'); }
 ?>
---CLEAN--
-$tempdir = sprintf("%s/%s", sys_get_temp_dir(), preg_replace("~\.php$~", null, __FILE__));
-foreach (glob($tempdir . "/test*") as $file ) { unlink($file); }
-rmdir($tempdir);
 --FILE--
 <?php
 $image = imagecreate(1,1);// 1px image
-
-$tempdir = sprintf("%s/%s", sys_get_temp_dir(), preg_replace("~\.php$~", null, __FILE__));
-if (!is_dir($tempdir)) {
-	mkdir ($tempdir, 0777, true);
-}
-
-$userinput = "1\0"; // from post or get data
-$temp = $tempdir. "/test" . $userinput .".tmp";
-
-echo "\nimagegd TEST\n";
-imagegd($image, $temp);
-var_dump(file_exists($tempdir. "/test1"));
-var_dump(file_exists($tempdir. "/test1.tmp"));
+var_dump(imagegd($image, "./foo\0bar"));
 ?>
 --EXPECTF--
-imagegd TEST
-
 Warning: imagegd() expects parameter 2 to be a valid path, string given in %s on line %d
-bool(false)
-bool(false)
+NULL
diff --git a/ext/gd/tests/imagegif_nullbyte_injection.phpt b/ext/gd/tests/imagegif_nullbyte_injection.phpt
index 0f3e5b8bad..c5acdd489e 100644
--- a/ext/gd/tests/imagegif_nullbyte_injection.phpt
+++ b/ext/gd/tests/imagegif_nullbyte_injection.phpt
@@ -3,10 +3,6 @@ Testing null byte injection in imagegif
 --SKIPIF--
 <?php
 if(!extension_loaded('gd')){ die('skip gd extension not available'); }
-$support = gd_info();
-if (!isset($support['GIF Create Support']) || $support['GIF Create Support'] === false) {
-	print 'skip gif support not available';
-}
 ?>
 --CLEAN--
 $tempdir = sprintf("%s/%s", sys_get_temp_dir(), preg_replace("~\.php$~", null, __FILE__));
@@ -15,23 +11,8 @@ rmdir($tempdir);
 --FILE--
 <?php
 $image = imagecreate(1,1);// 1px image
-
-$tempdir = sprintf("%s/%s", sys_get_temp_dir(), preg_replace("~\.php$~", null, __FILE__));
-if (!is_dir($tempdir)) {
-	mkdir ($tempdir, 0777, true);
-}
-
-$userinput = "1\0"; // from post or get data
-$temp = $tempdir. "/test" . $userinput .".tmp";
-
-echo "\nimagegif TEST\n";
-imagegif($image, $temp);
-var_dump(file_exists($tempdir. "/test1"));
-var_dump(file_exists($tempdir. "/test1.tmp"));
+var_dump(imagegif($image, "./foo\0bar"));
 ?>
 --EXPECTF--
-imagegif TEST
-
 Warning: imagegif(): Invalid 2nd parameter, filename must not contain null bytes in %s on line %d
 bool(false)
-bool(false)
diff --git a/ext/gd/tests/imagejpeg_nullbyte_injection.phpt b/ext/gd/tests/imagejpeg_nullbyte_injection.phpt
index 38eadab4ae..29cb537c3a 100644
--- a/ext/gd/tests/imagejpeg_nullbyte_injection.phpt
+++ b/ext/gd/tests/imagejpeg_nullbyte_injection.phpt
@@ -15,23 +15,8 @@ rmdir($tempdir);
 --FILE--
 <?php
 $image = imagecreate(1,1);// 1px image
-
-$tempdir = sprintf("%s/%s", sys_get_temp_dir(), preg_replace("~\.php$~", null, __FILE__));
-if (!is_dir($tempdir)) {
-	mkdir ($tempdir, 0777, true);
-}
-
-$userinput = "1\0"; // from post or get data
-$temp = $tempdir. "/test" . $userinput .".tmp";
-
-echo "\nimagejpeg TEST\n";
-imagejpeg($image, $temp);
-var_dump(file_exists($tempdir. "/test1"));
-var_dump(file_exists($tempdir. "/test1.tmp"));
+var_dump(imagejpeg($image, "./foo\0bar"));
 ?>
 --EXPECTF--
-imagejpeg TEST
-
 Warning: imagejpeg(): Invalid 2nd parameter, filename must not contain null bytes in %s on line %d
 bool(false)
-bool(false)
diff --git a/ext/gd/tests/imagepng_nullbyte_injection.phpt b/ext/gd/tests/imagepng_nullbyte_injection.phpt
index bc9c340397..271d4d5bd3 100644
--- a/ext/gd/tests/imagepng_nullbyte_injection.phpt
+++ b/ext/gd/tests/imagepng_nullbyte_injection.phpt
@@ -15,23 +15,8 @@ rmdir($tempdir);
 --FILE--
 <?php
 $image = imagecreate(1,1);// 1px image
-
-$tempdir = sprintf("%s/%s", sys_get_temp_dir(), preg_replace("~\.php$~", null, __FILE__));
-if (!is_dir($tempdir)) {
-	mkdir ($tempdir, 0777, true);
-}
-
-$userinput = "1\0"; // from post or get data
-$temp = $tempdir. "/test" . $userinput .".tmp";
-
-echo "\nimagepng TEST\n";
-imagepng($image, $temp);
-var_dump(file_exists($tempdir. "/test1"));
-var_dump(file_exists($tempdir. "/test1.tmp"));
+var_dump(imagepng($image, "./foo\0bar"));
 ?>
 --EXPECTF--
-imagepng TEST
-
 Warning: imagepng(): Invalid 2nd parameter, filename must not contain null bytes in %s on line %d
 bool(false)
-bool(false)
diff --git a/ext/gd/tests/imagewbmp_nullbyte_injection.phpt b/ext/gd/tests/imagewbmp_nullbyte_injection.phpt
index 466584f968..fc5d238f41 100644
--- a/ext/gd/tests/imagewbmp_nullbyte_injection.phpt
+++ b/ext/gd/tests/imagewbmp_nullbyte_injection.phpt
@@ -15,23 +15,8 @@ rmdir($tempdir);
 --FILE--
 <?php
 $image = imagecreate(1,1);// 1px image
-
-$tempdir = sprintf("%s/%s", sys_get_temp_dir(), preg_replace("~\.php$~", null, __FILE__));
-if (!is_dir($tempdir)) {
-	mkdir ($tempdir, 0777, true);
-}
-
-$userinput = "1\0"; // from post or get data
-$temp = $tempdir. "/test" . $userinput .".tmp";
-
-echo "\nimagewbmp TEST\n";
-imagewbmp($image, $temp);
-var_dump(file_exists($tempdir. "/test1"));
-var_dump(file_exists($tempdir. "/test1.tmp"));
+var_dump(imagewbmp($image, "./foo\0bar"));
 ?>
 --EXPECTF--
-imagewbmp TEST
-
 Warning: imagewbmp(): Invalid 2nd parameter, filename must not contain null bytes in %s on line %d
 bool(false)
-bool(false)
diff --git a/ext/gd/tests/imagewebp_nullbyte_injection.phpt b/ext/gd/tests/imagewebp_nullbyte_injection.phpt
index 9d46a21140..d778d0a379 100644
--- a/ext/gd/tests/imagewebp_nullbyte_injection.phpt
+++ b/ext/gd/tests/imagewebp_nullbyte_injection.phpt
@@ -15,23 +15,8 @@ rmdir($tempdir);
 --FILE--
 <?php
 $image = imagecreate(1,1);// 1px image
-
-$tempdir = sprintf("%s/%s", sys_get_temp_dir(), preg_replace("~\.php$~", null, __FILE__));
-if (!is_dir($tempdir)) {
-	mkdir ($tempdir, 0777, true);
-}
-
-$userinput = "1\0"; // from post or get data
-$temp = $tempdir. "/test" . $userinput .".tmp";
-
-echo "\nimagewebp TEST\n";
-imagewebp($image, $temp);
-var_dump(file_exists($tempdir. "/test1"));
-var_dump(file_exists($tempdir. "/test1.tmp"));
+var_dump(imagewebp($image, "./foo\0bar"));
 ?>
 --EXPECTF--
-imagewebp TEST
-
 Warning: imagewebp(): Invalid 2nd parameter, filename must not contain null bytes in %s on line %d
 bool(false)
-bool(false)
diff --git a/ext/gd/tests/imagexbm_nullbyte_injection.phpt b/ext/gd/tests/imagexbm_nullbyte_injection.phpt
new file mode 100644
index 0000000000..b485315064
--- /dev/null
+++ b/ext/gd/tests/imagexbm_nullbyte_injection.phpt
@@ -0,0 +1,16 @@
+--TEST--
+Testing null byte injection in imagexbm
+--SKIPIF--
+<?php
+if(!extension_loaded('gd')) die('skip gd extension not available');
+?>
+--FILE--
+<?php
+$image = imagecreate(1,1);// 1px image
+var_dump(imagexbm($image, "./foo\0bar"));
+?>
+===DONE===
+--EXPECTF--
+Warning: imagexbm() expects parameter 2 to be a valid path, string given in %s on line %d
+NULL
+===DONE===
author	Christoph M. Becker <cmbecker69@gmx.de>	2019-05-07 17:37:35 +0200
committer	Christoph M. Becker <cmbecker69@gmx.de>	2019-06-12 12:04:01 +0200
commit	37d0c7b0e4072889ed05e7d631ee47a6bedf8ef5 (patch)
tree	49dffe2d1f1ad6fe6b1afc8e5e7cd82dd2398f85
parent	2f1d822d78ca8f34e67a06139ce36e6ff88fc158 (diff)
download	php-git-37d0c7b0e4072889ed05e7d631ee47a6bedf8ef5.tar.gz