Fix signedness confusion in php_filter_validate_domain()

As is, there is the possibility that integer underflow occurs, making `_php_filter_validate_domain()` succeed for very long domain names. Cf. <https://pwning.systems/posts/php_filter_var_shenanigans/>.
php · Mar 28, 2022 · 771dbdb · 771dbdb
1 parent aa352c2
commit 771dbdb
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/NEWS b/NEWS
@@ -8,6 +8,9 @@ PHP                                                                        NEWS
     (Tim Düsterhus)
   . Fixed bug GH-8160 (ZTS support on Alpine is broken). (Michael Voříšek)
 
+- Filter:
+  . Fixed signedness confusion in php_filter_validate_domain(). (cmb)
+
 - Intl:
   . Fixed bug GH-8142 (Compilation error on cygwin). (David Carlier)
 

diff --git a/ext/filter/logical_filters.c b/ext/filter/logical_filters.c
@@ -496,7 +496,7 @@ void php_filter_validate_regexp(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
 	}
 }
 
-static int _php_filter_validate_domain(char * domain, int len, zend_long flags) /* {{{ */
+static int _php_filter_validate_domain(char * domain, size_t len, zend_long flags) /* {{{ */
 {
 	char *e, *s, *t;
 	size_t l;