diff --git a/NEWS b/NEWS index 5ab2c4a8449..135b4a69523 100644 --- a/NEWS +++ b/NEWS @@ -40,6 +40,8 @@ PHP NEWS . Fixed bug #54866 (incorrect accounting for realpath_cache_size) (Dustin Ward) . Fixed bug #54721 (Different Hashes on Windows, BSD and Linux on wrong Salt size) (Pierre, os at irj dot ru) + . Fixed bug #50363 (Invalid parsing in convert.quoted-printable-decode filter). + (slusarz at curecanti dot org) - Apache2 Handler SAPI: . Fixed bug #54529 (SAPI crashes on apache_config.c:197). diff --git a/ext/standard/filters.c b/ext/standard/filters.c index 2685405347b..2f1e3dc7068 100644 --- a/ext/standard/filters.c +++ b/ext/standard/filters.c @@ -1050,20 +1050,16 @@ static php_conv_err_t php_conv_qprint_decode_convert(php_conv_qprint_decode *ins } } /* break is missing intentionally */ - case 2: { - unsigned int nbl; - + case 2: { if (icnt <= 0) { goto out; } - nbl = (*ps >= 'A' ? *ps - 0x37 : *ps - 0x30); - if (nbl > 15) { + if (!isxdigit((int) *ps)) { err = PHP_CONV_ERR_INVALID_SEQ; goto out; } - next_char = (next_char << 4) | nbl; - + next_char = (next_char << 4) | (*ps >= 'A' ? *ps - 0x37 : *ps - 0x30); scan_stat++; ps++, icnt--; if (scan_stat != 3) { diff --git a/ext/standard/tests/filters/bug50363.phpt b/ext/standard/tests/filters/bug50363.phpt new file mode 100644 index 00000000000..3395edebc46 --- /dev/null +++ b/ext/standard/tests/filters/bug50363.phpt @@ -0,0 +1,17 @@ +--TEST-- +Bug #50363 (Invalid parsing in convert.quoted-printable-decode filter) +--FILE-- + +--EXPECTF-- +Sauvegarderéussi(e) não NÃO +Sauvegarderéussi(e) não NÃO