Home Explore Help
Sign In
8516
/
Test
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
Test
/
EVSE
/
GPL
/
php-7.3.28
/
ext
/
gd
/
tests
/
imagepng_nullbyte_injection.phpt

imagepng_nullbyte_injection.phpt 1.0 KB
Permalink History Raw

1234567891011121314151617181920212223242526272829303132333435363738 
  1. --TEST--
    2. 

  2. Testing null byte injection in imagepng
    3. 

  3. --CLEAN--
    4. 

  4. $tempdir = sys_get_temp_dir(). '/php-gdtest';
    5. 

  5. foreach (glob($tempdir . "/test*") as $file ) { unlink($file); }
    6. 

  6. rmdir($tempdir);
    7. 

  7. --SKIPIF--
    8. 

  8. <?php
    9. 

  9. if(!extension_loaded('gd')){ die('skip gd extension not available'); }
    10. 

  10. $support = gd_info();
    11. 

  11. if (!isset($support['PNG Support']) || $support['PNG Support'] === false) {
    12. 

  12. 	print 'skip png support not available';
    13. 

  13. }
    14. 

  14. ?>
    15. 

  15. --FILE--
    16. 

  16. <?php
    17. 

  17. $image = imagecreate(1,1);// 1px image
    18. 

  18. 

  19. 

  20. $tempdir = sys_get_temp_dir(). '/php-gdtest';
    21. 

  21. if (!file_exists($tempdir) && !is_dir($tempdir)) {
    22. 

  22. 	mkdir ($tempdir, 0777, true);
    23. 

  23. }
    24. 

  24. 

  25. $userinput = "1\0"; // from post or get data
    26. 

  26. $temp = $tempdir. "/test" . $userinput .".tmp";
    27. 

  27. 

  28. echo "\nimagepng TEST\n";
    29. 

  29. imagepng($image, $temp);
    30. 

  30. var_dump(file_exists($tempdir. "/test1"));
    31. 

  31. var_dump(file_exists($tempdir. "/test1.tmp"));
    32. 

  32. foreach (glob($tempdir . "/test*") as $file ) { unlink($file); }
    33. 

  33. --EXPECTF--
    34. 

  34. imagepng TEST
    35. 

  35. 

  36. Warning: imagepng(): Invalid 2nd parameter, filename must not contain null bytes in %s on line %d
    37. 

  37. bool(false)
    38. 

  38. bool(false)
    39.