Bug #67730: Add tests by Ryan Mauger <ryan@rmauger.co.uk>

kaplanlior · kaplanlior · commit bda1cc69468c · 2014-08-25T00:29:05.000+03:00
diff --git a/ext/gd/tests/imagegd2_nullbyte_injection.phpt b/ext/gd/tests/imagegd2_nullbyte_injection.phpt
@@ -0,0 +1,31 @@
+--TEST--
+Testing null byte injection in imagegd2
+--CLEAN--
+$tempdir = sys_get_temp_dir(). '/php-gdtest';
+foreach (glob($tempdir . "/test*") as $file ) { unlink($file); }
+rmdir($tempdir);
+--FILE--
+<?php
+$image = imagecreate(1,1);// 1px image
+
+
+$tempdir = sys_get_temp_dir(). '/php-gdtest';
+if (!file_exists($tempdir) && !is_dir($tempdir)) {
+	mkdir ($tempdir, 0777, true);
+}
+
+$userinput = "1\0"; // from post or get data
+$temp = $tempdir. "/test" . $userinput .".tmp";
+
+echo "\nimagegd2 TEST\n";
+imagegd2($image, $temp);
+var_dump(file_exists($tempdir. "/test1"));
+var_dump(file_exists($tempdir. "/test1.tmp"));
+foreach (glob($tempdir . "/test*") as $file ) { unlink($file); }
+
+--EXPECTF--
+imagegd2 TEST
+
+Warning: imagegd2() expects parameter 2 to be a valid path, string given in %s on line %d
+bool(false)
+bool(false)
diff --git a/ext/gd/tests/imagegd_nullbyte_injection.phpt b/ext/gd/tests/imagegd_nullbyte_injection.phpt
@@ -0,0 +1,31 @@
+--TEST--
+Testing null byte injection in imagegd
+--CLEAN--
+$tempdir = sys_get_temp_dir(). '/php-gdtest';
+foreach (glob($tempdir . "/test*") as $file ) { unlink($file); }
+rmdir($tempdir);
+--FILE--
+<?php
+$image = imagecreate(1,1);// 1px image
+
+
+$tempdir = sys_get_temp_dir(). '/php-gdtest';
+if (!file_exists($tempdir) && !is_dir($tempdir)) {
+	mkdir ($tempdir, 0777, true);
+}
+
+$userinput = "1\0"; // from post or get data
+$temp = $tempdir. "/test" . $userinput .".tmp";
+
+echo "\nimagegd TEST\n";
+imagegd($image, $temp);
+var_dump(file_exists($tempdir. "/test1"));
+var_dump(file_exists($tempdir. "/test1.tmp"));
+foreach (glob($tempdir . "/test*") as $file ) { unlink($file); }
+
+--EXPECTF--
+imagegd TEST
+
+Warning: imagegd() expects parameter 2 to be a valid path, string given in %s on line %d
+bool(false)
+bool(false)
diff --git a/ext/gd/tests/imagegif_nullbyte_injection.phpt b/ext/gd/tests/imagegif_nullbyte_injection.phpt
@@ -0,0 +1,38 @@
+--TEST--
+Testing null byte injection in imagegif
+--CLEAN--
+$tempdir = sys_get_temp_dir(). '/php-gdtest';
+foreach (glob($tempdir . "/test*") as $file ) { unlink($file); }
+rmdir($tempdir);
+--SKIPIF--
+<?php
+$support = gd_info();
+if (!isset($support['GIF Create Support']) || $support['GIF Create Support'] === false) {
+	print 'skip gif support not available';
+}
+?>
+--FILE--
+<?php
+$image = imagecreate(1,1);// 1px image
+
+
+$tempdir = sys_get_temp_dir(). '/php-gdtest';
+if (!file_exists($tempdir) && !is_dir($tempdir)) {
+	mkdir ($tempdir, 0777, true);
+}
+
+$userinput = "1\0"; // from post or get data
+$temp = $tempdir. "/test" . $userinput .".tmp";
+
+echo "\nimagegif TEST\n";
+imagegif($image, $temp);
+var_dump(file_exists($tempdir. "/test1"));
+var_dump(file_exists($tempdir. "/test1.tmp"));
+foreach (glob($tempdir . "/test*") as $file ) { unlink($file); }
+
+--EXPECTF--
+imagegif TEST
+
+Warning: imagegif(): Invalid 2nd parameter, filename must not contain null bytes in %s on line %d
+bool(false)
+bool(false)
diff --git a/ext/gd/tests/imagejpeg_nullbyte_injection.phpt b/ext/gd/tests/imagejpeg_nullbyte_injection.phpt
@@ -0,0 +1,38 @@
+--TEST--
+Testing null byte injection in imagejpeg
+--CLEAN--
+$tempdir = sys_get_temp_dir(). '/php-gdtest';
+foreach (glob($tempdir . "/test*") as $file ) { unlink($file); }
+rmdir($tempdir);
+--SKIPIF--
+<?php
+$support = gd_info();
+if (!isset($support['JPEG Support']) || $support['JPEG Support'] === false) {
+	print 'skip jpeg support not available';
+}
+?>
+--FILE--
+<?php
+$image = imagecreate(1,1);// 1px image
+
+
+$tempdir = sys_get_temp_dir(). '/php-gdtest';
+if (!file_exists($tempdir) && !is_dir($tempdir)) {
+	mkdir ($tempdir, 0777, true);
+}
+
+$userinput = "1\0"; // from post or get data
+$temp = $tempdir. "/test" . $userinput .".tmp";
+
+echo "\nimagejpeg TEST\n";
+imagejpeg($image, $temp);
+var_dump(file_exists($tempdir. "/test1"));
+var_dump(file_exists($tempdir. "/test1.tmp"));
+foreach (glob($tempdir . "/test*") as $file ) { unlink($file); }
+
+--EXPECTF--
+imagejpeg TEST
+
+Warning: imagejpeg(): Invalid 2nd parameter, filename must not contain null bytes in %s on line %d
+bool(false)
+bool(false)
diff --git a/ext/gd/tests/imagepng_nullbyte_injection.phpt b/ext/gd/tests/imagepng_nullbyte_injection.phpt
@@ -0,0 +1,38 @@
+--TEST--
+Testing null byte injection in imagepng
+--CLEAN--
+$tempdir = sys_get_temp_dir(). '/php-gdtest';
+foreach (glob($tempdir . "/test*") as $file ) { unlink($file); }
+rmdir($tempdir);
+--SKIPIF--
+<?php
+$support = gd_info();
+if (!isset($support['PNG Support']) || $support['PNG Support'] === false) {
+	print 'skip png support not available';
+}
+?>
+--FILE--
+<?php
+$image = imagecreate(1,1);// 1px image
+
+
+$tempdir = sys_get_temp_dir(). '/php-gdtest';
+if (!file_exists($tempdir) && !is_dir($tempdir)) {
+	mkdir ($tempdir, 0777, true);
+}
+
+$userinput = "1\0"; // from post or get data
+$temp = $tempdir. "/test" . $userinput .".tmp";
+
+echo "\nimagepng TEST\n";
+imagepng($image, $temp);
+var_dump(file_exists($tempdir. "/test1"));
+var_dump(file_exists($tempdir. "/test1.tmp"));
+foreach (glob($tempdir . "/test*") as $file ) { unlink($file); }
+
+--EXPECTF--
+imagepng TEST
+
+Warning: imagepng(): Invalid 2nd parameter, filename must not contain null bytes in %s on line %d
+bool(false)
+bool(false)
diff --git a/ext/gd/tests/imagewbmp_nullbyte_injection.phpt b/ext/gd/tests/imagewbmp_nullbyte_injection.phpt
@@ -0,0 +1,38 @@
+--TEST--
+Testing null byte injection in imagewbmp
+--CLEAN--
+$tempdir = sys_get_temp_dir(). '/php-gdtest';
+foreach (glob($tempdir . "/test*") as $file ) { unlink($file); }
+rmdir($tempdir);
+--SKIPIF--
+<?php
+$support = gd_info();
+if (!isset($support['WBMP Support']) || $support['WBMP Support'] === false) {
+	print 'skip wbmp support not available';
+}
+?>
+--FILE--
+<?php
+$image = imagecreate(1,1);// 1px image
+
+
+$tempdir = sys_get_temp_dir(). '/php-gdtest';
+if (!file_exists($tempdir) && !is_dir($tempdir)) {
+	mkdir ($tempdir, 0777, true);
+}
+
+$userinput = "1\0"; // from post or get data
+$temp = $tempdir. "/test" . $userinput .".tmp";
+
+echo "\nimagewbmp TEST\n";
+imagewbmp($image, $temp);
+var_dump(file_exists($tempdir. "/test1"));
+var_dump(file_exists($tempdir. "/test1.tmp"));
+foreach (glob($tempdir . "/test*") as $file ) { unlink($file); }
+
+--EXPECTF--
+imagewbmp TEST
+
+Warning: imagewbmp(): Invalid 2nd parameter, filename must not contain null bytes in %s on line %d
+bool(false)
+bool(false)
diff --git a/ext/gd/tests/imagewebp_nullbyte_injection.phpt b/ext/gd/tests/imagewebp_nullbyte_injection.phpt
@@ -0,0 +1,38 @@
+--TEST--
+Testing null byte injection in imagewebp
+--CLEAN--
+$tempdir = sys_get_temp_dir(). '/php-gdtest';
+foreach (glob($tempdir . "/test*") as $file ) { unlink($file); }
+rmdir($tempdir);
+--SKIPIF--
+<?php
+$support = gd_info();
+if (!isset($support['WEBP Support']) || $support['WEBP Support'] === false) {
+	print 'skip webp support not available';
+}
+?>
+--FILE--
+<?php
+$image = imagecreate(1,1);// 1px image
+
+
+$tempdir = sys_get_temp_dir(). '/php-gdtest';
+if (!file_exists($tempdir) && !is_dir($tempdir)) {
+	mkdir ($tempdir, 0777, true);
+}
+
+$userinput = "1\0"; // from post or get data
+$temp = $tempdir. "/test" . $userinput .".tmp";
+
+echo "\nimagewebp TEST\n";
+imagewebp($image, $temp);
+var_dump(file_exists($tempdir. "/test1"));
+var_dump(file_exists($tempdir. "/test1.tmp"));
+foreach (glob($tempdir . "/test*") as $file ) { unlink($file); }
+
+--EXPECTF--
+imagewbmp TEST
+
+Warning: imagewebp(): Invalid 2nd parameter, filename must not contain null bytes in %s on line %d
+bool(false)
+bool(false)
