Merge branch 'PHP-7.4' into PHP-8.0

cmb69 · cmb69 · commit 645815c5b724 · 2021-05-03T12:29:24.000+02:00
* PHP-7.4:
  Fix #73246: XMLReader: encoding length not checked
diff --git a/NEWS b/NEWS
@@ -26,6 +26,9 @@ PHP                                                                        NEWS
   . Fixed bug #80933 (SplFileObject::DROP_NEW_LINE is broken for NUL and CR).
     (cmb, Nikita)
 
+- XMLReader:
+  . Fixed bug #73246 (XMLReader: encoding length not checked). (cmb)
+
 29 Apr 2021, PHP 8.0.5
 
 - Core:
diff --git a/ext/xmlreader/php_xmlreader.c b/ext/xmlreader/php_xmlreader.c
@@ -862,6 +862,11 @@ PHP_METHOD(XMLReader, open)
 		RETURN_THROWS();
 	}
 
+	if (encoding && CHECK_NULL_PATH(encoding, encoding_len)) {
+		php_error_docref(NULL, E_WARNING, "Encoding must not contain NUL bytes");
+		RETURN_FALSE;
+	}
+
 	valid_file = _xmlreader_get_valid_file_path(source, resolved_path, MAXPATHLEN );
 
 	if (valid_file) {
@@ -1037,6 +1042,11 @@ PHP_METHOD(XMLReader, XML)
 		RETURN_THROWS();
 	}
 
+	if (encoding && CHECK_NULL_PATH(encoding, encoding_len)) {
+		php_error_docref(NULL, E_WARNING, "Encoding must not contain NUL bytes");
+		RETURN_FALSE;
+	}
+
 	inputbfr = xmlParserInputBufferCreateMem(source, source_len, XML_CHAR_ENCODING_NONE);
 
     if (inputbfr != NULL) {
diff --git a/ext/xmlreader/tests/bug73246.phpt b/ext/xmlreader/tests/bug73246.phpt
@@ -0,0 +1,16 @@
+--TEST--
+Bug #73246 (XMLReader: encoding length not checked)
+--SKIPIF--
+<?php
+if (!extension_loaded("xmlreader")) die("skip xmlreader extension not available");
+?>
+--FILE--
+<?php
+$reader = new XMLReader();
+$reader->open(__FILE__, "UTF\0-8");
+$reader->XML('<?xml version="1.0"?><root/>', "UTF\0-8");
+?>
+--EXPECTF--
+Warning: XMLReader::open(): Encoding must not contain NUL bytes in %s on line %d
+
+Warning: XMLReader::XML(): Encoding must not contain NUL bytes in %s on line %d
