Skip to content

Commit b6754f6

Browse files
jmikolajmikola
committed
PHPC-721: Do not allow null bytes in Javascript code
Even though "code" is not a cstring in the BSON spec, libbson does not support null bytes. Throw early to avoid unexpected truncation during BSON encoding.
1 parent 40f2603 commit b6754f6

File tree

4 files changed

+62
-0
lines changed

4 files changed

+62
-0
lines changed

src/BSON/Javascript.c

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -55,6 +55,11 @@ static bool php_phongo_javascript_init(php_phongo_javascript_t *intern, const ch
5555
return false;
5656
}
5757

58+
if (strlen(code) != code_len) {
59+
phongo_throw_exception(PHONGO_ERROR_INVALID_ARGUMENT TSRMLS_CC, "Code cannot contain null bytes");
60+
return false;
61+
}
62+
5863
intern->code = estrndup(code, code_len);
5964
intern->code_len = code_len;
6065

tests/bson/bson-javascript-serialization_error-003.phpt

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
--TEST--
2+
MongoDB\BSON\Javascript unserialization does not allow code to contain null bytes
3+
--SKIPIF--
4+
<?php require __DIR__ . "/../utils/basic-skipif.inc"?>
5+
--FILE--
6+
<?php
7+
require_once __DIR__ . "/../utils/basic.inc";
8+
9+
echo throws(function() {
10+
unserialize('O:23:"MongoDB\BSON\Javascript":1:{s:4:"code";s:30:"function foo() { return ' . "'\0'" . '; }";}');
11+
}, 'MongoDB\Driver\Exception\InvalidArgumentException'), "\n";
12+
13+
?>
14+
===DONE===
15+
<?php exit(0); ?>
16+
--EXPECT--
17+
OK: Got MongoDB\Driver\Exception\InvalidArgumentException
18+
Code cannot contain null bytes
19+
===DONE===

tests/bson/bson-javascript-set_state_error-003.phpt

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
--TEST--
2+
MongoDB\BSON\Javascript::__set_state() does not allow code to contain null bytes
3+
--SKIPIF--
4+
<?php require __DIR__ . "/../utils/basic-skipif.inc"?>
5+
--FILE--
6+
<?php
7+
require_once __DIR__ . "/../utils/basic.inc";
8+
9+
echo throws(function() {
10+
MongoDB\BSON\Javascript::__set_state(['code' => "function foo() { return '\0'; }"]);
11+
}, 'MongoDB\Driver\Exception\InvalidArgumentException'), "\n";
12+
13+
?>
14+
===DONE===
15+
<?php exit(0); ?>
16+
--EXPECT--
17+
OK: Got MongoDB\Driver\Exception\InvalidArgumentException
18+
Code cannot contain null bytes
19+
===DONE===

tests/bson/bson-javascript_error-003.phpt

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
--TEST--
2+
MongoDB\BSON\Javascript::__construct() does not allow code to contain null bytes
3+
--SKIPIF--
4+
<?php require __DIR__ . "/../utils/basic-skipif.inc"?>
5+
--FILE--
6+
<?php
7+
require_once __DIR__ . "/../utils/basic.inc";
8+
9+
echo throws(function() {
10+
new MongoDB\BSON\Javascript("function foo() { return '\0'; }");
11+
}, 'MongoDB\Driver\Exception\InvalidArgumentException'), "\n";
12+
13+
?>
14+
===DONE===
15+
<?php exit(0); ?>
16+
--EXPECT--
17+
OK: Got MongoDB\Driver\Exception\InvalidArgumentException
18+
Code cannot contain null bytes
19+
===DONE===

0 commit comments

Comments
 (0)