Make null byte error a ValueError

nikic · nikic · commit 227988dff8b3 · 2020-09-08T12:19:07.000+02:00
diff --git a/Zend/zend_API.c b/Zend/zend_API.c
@@ -254,6 +254,12 @@ ZEND_API ZEND_COLD void ZEND_FASTCALL zend_wrong_parameter_type_error(uint32_t n
 		return;
 	}
 
+	if ((expected_type == Z_EXPECTED_PATH || expected_type == Z_EXPECTED_PATH_OR_NULL)
+			&& Z_TYPE_P(arg) == IS_STRING) {
+		zend_argument_value_error(num, "must not contain any null bytes");
+		return;
+	}
+
 	zend_argument_type_error(num, "must be %s, %s given", expected_error[expected_type], zend_zval_type_name(arg));
 }
 /* }}} */
@@ -668,10 +674,12 @@ static const char *zend_parse_arg_impl(zval *arg, va_list *va, const char **spec
 				char **p = va_arg(*va, char **);
 				size_t *pl = va_arg(*va, size_t *);
 				if (!zend_parse_arg_path(arg, p, pl, check_null)) {
-					zend_spprintf(error, 0, "a valid path%s, %s given",
-						check_null ? " or null" : "", zend_zval_type_name(arg)
-					);
-					return "";
+					if (p) {
+						zend_spprintf(error, 0, "must not contain any null bytes");
+						return "";
+					} else {
+						return check_null ? "?string" : "string";
+					}
 				}
 			}
 			break;
@@ -680,10 +688,12 @@ static const char *zend_parse_arg_impl(zval *arg, va_list *va, const char **spec
 			{
 				zend_string **str = va_arg(*va, zend_string **);
 				if (!zend_parse_arg_path_str(arg, str, check_null)) {
-					zend_spprintf(error, 0, "a valid path%s, %s given",
-						check_null ? " or null" : "", zend_zval_type_name(arg)
-					);
-					return "";
+					if (str) {
+						zend_spprintf(error, 0, "must not contain any null bytes");
+						return "";
+					} else {
+						return check_null ? "?string" : "string";
+					}
 				}
 			}
 			break;
@@ -762,7 +772,7 @@ static const char *zend_parse_arg_impl(zval *arg, va_list *va, const char **spec
 				if (!zend_parse_arg_object(arg, p, ce, check_null)) {
 					if (ce) {
 						if (check_null) {
-							zend_spprintf(error, 0, "of type ?%s, %s given", ZSTR_VAL(ce->name), zend_zval_type_name(arg));
+							zend_spprintf(error, 0, "must be of type ?%s, %s given", ZSTR_VAL(ce->name), zend_zval_type_name(arg));
 							return "";
 						} else {
 							return ZSTR_VAL(ce->name);
@@ -795,14 +805,14 @@ static const char *zend_parse_arg_impl(zval *arg, va_list *va, const char **spec
 				}
 				if (ce_base) {
 					if ((!*pce || !instanceof_function(*pce, ce_base))) {
-						zend_spprintf(error, 0, "a class name derived from %s%s, %s given",
+						zend_spprintf(error, 0, "must be a class name derived from %s%s, %s given",
 							ZSTR_VAL(ce_base->name), check_null ? " or null" : "", Z_STRVAL_P(arg));
 						*pce = NULL;
 						return "";
 					}
 				}
 				if (!*pce) {
-					zend_spprintf(error, 0, "a valid class name%s, %s given",
+					zend_spprintf(error, 0, "must be a valid class name%s, %s given",
 						check_null ? " or null" : "", Z_STRVAL_P(arg));
 					return "";
 				}
@@ -833,7 +843,7 @@ static const char *zend_parse_arg_impl(zval *arg, va_list *va, const char **spec
 				}
 
 				if (is_callable_error) {
-					zend_spprintf(error, 0, "a valid callback%s, %s", check_null ? " or null" : "", is_callable_error);
+					zend_spprintf(error, 0, "must be a valid callback%s, %s", check_null ? " or null" : "", is_callable_error);
 					efree(is_callable_error);
 					return "";
 				} else {
@@ -874,7 +884,11 @@ static zend_result zend_parse_arg(uint32_t arg_num, zval *arg, va_list *va, cons
 		}
 		if (!(flags & ZEND_PARSE_PARAMS_QUIET) && (*expected_type || error)) {
 			if (error) {
-				zend_argument_type_error(arg_num, "must be %s", error);
+				if (strcmp(error, "must not contain any null bytes") == 0) {
+					zend_argument_value_error(arg_num, "%s", error);
+				} else {
+					zend_argument_type_error(arg_num, "%s", error);
+				}
 				efree(error);
 			} else {
 				zend_argument_type_error(arg_num, "must be of type %s, %s given", expected_type, zend_zval_type_name(arg));
diff --git a/Zend/zend_API.h b/Zend/zend_API.h
@@ -1215,8 +1215,8 @@ static zend_always_inline zval *zend_try_array_init(zval *zv)
 	_(Z_EXPECTED_FUNC_OR_NULL,		"a valid callback or null") \
 	_(Z_EXPECTED_RESOURCE,			"of type resource") \
 	_(Z_EXPECTED_RESOURCE_OR_NULL,	"of type resource or null") \
-	_(Z_EXPECTED_PATH,				"a valid path") \
-	_(Z_EXPECTED_PATH_OR_NULL,		"a valid path or null") \
+	_(Z_EXPECTED_PATH,				"of type string") \
+	_(Z_EXPECTED_PATH_OR_NULL,		"of type ?string") \
 	_(Z_EXPECTED_OBJECT,			"of type object") \
 	_(Z_EXPECTED_OBJECT_OR_NULL,	"of type ?object") \
 	_(Z_EXPECTED_DOUBLE,			"of type float") \
diff --git a/ext/gd/tests/imagegd2_nullbyte_injection.phpt b/ext/gd/tests/imagegd2_nullbyte_injection.phpt
@@ -9,9 +9,9 @@ Testing null byte injection in imagegd2
 $image = imagecreate(1,1);// 1px image
 try {
     imagegd($image, "./foo\0bar");
-} catch (TypeError $e) {
+} catch (ValueError $e) {
     echo $e->getMessage(), "\n";
 }
 ?>
 --EXPECT--
-imagegd(): Argument #2 ($to) must be a valid path, string given
+imagegd(): Argument #2 ($to) must not contain any null bytes
diff --git a/ext/gd/tests/imagegd_nullbyte_injection.phpt b/ext/gd/tests/imagegd_nullbyte_injection.phpt
@@ -9,9 +9,9 @@ Testing null byte injection in imagegd
 $image = imagecreate(1,1);// 1px image
 try {
     imagegd($image, "./foo\0bar");
-} catch (TypeError $e) {
+} catch (ValueError $e) {
     echo $e->getMessage(), "\n";
 }
 ?>
 --EXPECT--
-imagegd(): Argument #2 ($to) must be a valid path, string given
+imagegd(): Argument #2 ($to) must not contain any null bytes
diff --git a/ext/gd/tests/imagexbm_nullbyte_injection.phpt b/ext/gd/tests/imagexbm_nullbyte_injection.phpt
@@ -9,9 +9,9 @@ if(!extension_loaded('gd')) die('skip gd extension not available');
 $image = imagecreate(1,1);// 1px image
 try {
     imagexbm($image, "./foo\0bar");
-} catch (TypeError $e) {
+} catch (ValueError $e) {
     echo $e->getMessage(), "\n";
 }
 ?>
 --EXPECT--
-imagexbm(): Argument #2 ($filename) must be a valid path or null, string given
+imagexbm(): Argument #2 ($filename) must not contain any null bytes
diff --git a/ext/standard/tests/file/bug39863.phpt b/ext/standard/tests/file/bug39863.phpt
@@ -9,9 +9,9 @@ $filename = __FILE__ . chr(0). ".ridiculous";
 
 try {
     var_dump(file_exists($filename));
-} catch (TypeError $e) {
+} catch (ValueError $e) {
     echo $e->getMessage(), "\n";
 }
 ?>
 --EXPECT--
-file_exists(): Argument #1 ($filename) must be a valid path, string given
+file_exists(): Argument #1 ($filename) cannot contain any null bytes
diff --git a/ext/standard/tests/file/file_get_contents_variation8.phpt b/ext/standard/tests/file/file_get_contents_variation8.phpt
@@ -63,9 +63,9 @@ ValueError: Path cannot be empty
 Warning: file_get_contents( ): Failed to open stream: No such file or directory in %s on line %d
 bool(false)
 -- Iteration 6 --
-TypeError: file_get_contents(): Argument #1 ($filename) must be a valid path, string given
+ValueError: file_get_contents(): Argument #1 ($filename) must not contain any null bytes
 -- Iteration 7 --
-TypeError: file_get_contents(): Argument #1 ($filename) must be a valid path, array given
+TypeError: file_get_contents(): Argument #1 ($filename) must be of type string, array given
 -- Iteration 8 --
 
 Warning: file_get_contents(/no/such/file/dir): Failed to open stream: No such file or directory in %s on line %d
diff --git a/ext/standard/tests/file/filegroup_variation3.phpt b/ext/standard/tests/file/filegroup_variation3.phpt
@@ -38,7 +38,7 @@ foreach($files_arr as $file) {
   echo "- Iteration $count -\n";
   try {
     var_dump( filegroup( $file_path."/".$file ) );
-  } catch (TypeError $e) {
+  } catch (Error $e) {
     echo $e->getMessage(), "\n";
   }
   clearstatcache();
@@ -75,8 +75,8 @@ bool(false)
 Warning: filegroup(): stat failed for %s/filegroup_variation3/filegroup*.tmp in %s on line %d
 bool(false)
 - Iteration 7 -
-filegroup(): Argument #1 ($filename) must be a valid path, string given
+filegroup(): Argument #1 ($filename) must not contain any null bytes
 - Iteration 8 -
-filegroup(): Argument #1 ($filename) must be a valid path, string given
+filegroup(): Argument #1 ($filename) must not contain any null bytes
 
 *** Done ***
diff --git a/ext/standard/tests/file/fileowner_variation3.phpt b/ext/standard/tests/file/fileowner_variation3.phpt
@@ -38,7 +38,7 @@ foreach($files_arr as $file) {
   echo "- Iteration $count -\n";
   try {
     var_dump( fileowner( $file_path."/".$file ) );
-  } catch (TypeError $e) {
+  } catch (Error $e) {
     echo $e->getMessage(), "\n";
   }
   clearstatcache();
@@ -75,8 +75,8 @@ bool(false)
 Warning: fileowner(): stat failed for %s/fileowner_variation3/fileowner*.tmp in %s on line %d
 bool(false)
 - Iteration 7 -
-fileowner(): Argument #1 ($filename) must be a valid path, string given
+fileowner(): Argument #1 ($filename) must not contain any null bytes
 - Iteration 8 -
-fileowner(): Argument #1 ($filename) must be a valid path, string given
+fileowner(): Argument #1 ($filename) must not contain any null bytes
 
 *** Done ***
diff --git a/ext/standard/tests/file/fileperms_variation3.phpt b/ext/standard/tests/file/fileperms_variation3.phpt
@@ -37,7 +37,7 @@ foreach($files_arr as $file) {
   echo "- Iteration $count -\n";
   try {
     var_dump( fileperms( $file_path."/".$file ) );
-  } catch (TypeError $e) {
+  } catch (Error $e) {
     echo $e->getMessage(), "\n";
   }
   clearstatcache();
@@ -74,8 +74,8 @@ bool(false)
 Warning: fileperms(): stat failed for %s/fileperms_variation3/fileperms*.tmp in %s on line %d
 bool(false)
 - Iteration 7 -
-fileperms(): Argument #1 ($filename) must be a valid path, string given
+fileperms(): Argument #1 ($filename) must not contain any null bytes
 - Iteration 8 -
-fileperms(): Argument #1 ($filename) must be a valid path, string given
+fileperms(): Argument #1 ($filename) must not contain any null bytes
 
 *** Done ***
diff --git a/ext/standard/tests/file/is_dir_variation4.phpt b/ext/standard/tests/file/is_dir_variation4.phpt
@@ -35,7 +35,7 @@ foreach($dirs_arr as $dir) {
   echo "\n-- Iteration $count --\n";
   try {
     var_dump( is_dir($file_path."/".$dir ) );
-  } catch (TypeError $e) {
+  } catch (Error $e) {
     echo $e->getMessage(), "\n";
   }
   $count++;
@@ -76,9 +76,9 @@ bool(true)
 bool(false)
 
 -- Iteration 9 --
-is_dir(): Argument #1 ($filename) must be a valid path, string given
+is_dir(): Argument #1 ($filename) must not contain any null bytes
 
 -- Iteration 10 --
-is_dir(): Argument #1 ($filename) must be a valid path, string given
+is_dir(): Argument #1 ($filename) must not contain any null bytes
 
 *** Done ***
diff --git a/ext/standard/tests/file/is_file_variation4.phpt b/ext/standard/tests/file/is_file_variation4.phpt
@@ -35,7 +35,7 @@ foreach($files_arr as $file) {
   echo "- Iteration $count -\n";
   try {
     var_dump( is_file( $file_path."/".$file ) );
-  } catch (TypeError $e) {
+  } catch (Error $e) {
     echo $e->getMessage(), "\n";
   }
   clearstatcache();
@@ -66,8 +66,8 @@ bool(false)
 - Iteration 6 -
 bool(false)
 - Iteration 7 -
-is_file(): Argument #1 ($filename) must be a valid path, string given
+is_file(): Argument #1 ($filename) must not contain any null bytes
 - Iteration 8 -
-is_file(): Argument #1 ($filename) must be a valid path, string given
+is_file(): Argument #1 ($filename) must not contain any null bytes
 
 *** Done ***
diff --git a/ext/standard/tests/file/is_readable_variation1.phpt b/ext/standard/tests/file/is_readable_variation1.phpt
@@ -48,7 +48,7 @@ foreach($files_arr as $file) {
   echo "-- Iteration $counter --\n";
   try {
     var_dump( is_readable($file) );
-  } catch (TypeError $e) {
+  } catch (Error $e) {
     echo $e->getMessage(), "\n";
   }
   $counter++;
@@ -77,11 +77,11 @@ bool(false)
 -- Iteration 6 --
 bool(false)
 -- Iteration 7 --
-is_readable(): Argument #1 ($filename) must be a valid path, string given
+is_readable(): Argument #1 ($filename) must not contain any null bytes
 -- Iteration 8 --
-is_readable(): Argument #1 ($filename) must be a valid path, string given
+is_readable(): Argument #1 ($filename) must not contain any null bytes
 -- Iteration 9 --
-is_readable(): Argument #1 ($filename) must be a valid path, string given
+is_readable(): Argument #1 ($filename) must not contain any null bytes
 -- Iteration 10 --
 bool(true)
 -- Iteration 11 --
diff --git a/ext/standard/tests/file/readfile_variation10.phpt b/ext/standard/tests/file/readfile_variation10.phpt
diff --git a/ext/standard/tests/file/tempnam_variation3.phpt b/ext/standard/tests/file/tempnam_variation3.phpt
@@ -37,7 +37,7 @@ for( $i=0; $i<count($names_arr); $i++ ) {
   echo "-- Iteration $i --\n";
   try {
     $file_name = tempnam("$file_path", $names_arr[$i]);
-  } catch (TypeError $e) {
+  } catch (Error $e) {
     echo $e->getMessage(), "\n";
     continue;
   }
@@ -102,9 +102,9 @@ File name is => %s/%s
 File permissions are => 100600
 File created in => directory specified
 -- Iteration 6 --
-tempnam(): Argument #2 ($prefix) must be a valid path, string given
+tempnam(): Argument #2 ($prefix) must not contain any null bytes
 -- Iteration 7 --
-tempnam(): Argument #2 ($prefix) must be a valid path, array given
+tempnam(): Argument #2 ($prefix) must be of type string, array given
 -- Iteration 8 --
 File name is => %s/dir%s
 File permissions are => 100600
diff --git a/ext/standard/tests/file/tempnam_variation7.phpt b/ext/standard/tests/file/tempnam_variation7.phpt
@@ -35,7 +35,7 @@ for( $i=0; $i<count($names_arr); $i++ ) {
   echo "-- Iteration $i --\n";
   try {
     $file_name = tempnam($names_arr[$i], "tempnam_variation3.tmp");
-  } catch (TypeError $e) {
+  } catch (Error $e) {
     echo $e->getMessage(), "\n";
     continue;
   }
@@ -101,9 +101,9 @@ File name is => %s%etempnam_variation3.tmp%s
 File permissions are => 100600
 File created in => temp dir
 -- Iteration 6 --
-tempnam(): Argument #1 ($dir) must be a valid path, string given
+tempnam(): Argument #1 ($dir) must not contain any null bytes
 -- Iteration 7 --
-tempnam(): Argument #1 ($dir) must be a valid path, array given
+tempnam(): Argument #1 ($dir) must be of type string, array given
 -- Iteration 8 --
 
 Notice: tempnam(): file created in the system's temporary directory in %stempnam_variation7.php on line %d
