Merge branch 'PHP-8.0' into PHP-8.1

Author: derickr

NEWS

@@ -5,6 +5,10 @@ PHP                                                                        NEWS
 - Core:
   . Fixed bug GH-8338 (Intel CET is disabled unintentionally). (Chen, Hu)
 
+- Date:
+  . Fixed bug #72963 (Null-byte injection in CreateFromFormat and related
+    functions). (Derick)
+
 - MBString:
   . mb_detect_encoding recognizes all letters in Czech alphabet (alexdowad)
   . mb_detect_encoding recognizes all letters in Hungarian alphabet (alexdowad)

ext/date/php_date.c

@@ -2379,7 +2379,7 @@ PHP_FUNCTION(date_create_from_format)
 
 	ZEND_PARSE_PARAMETERS_START(2, 3)
 		Z_PARAM_STRING(format_str, format_str_len)
-		Z_PARAM_STRING(time_str, time_str_len)
+		Z_PARAM_PATH(time_str, time_str_len)
 		Z_PARAM_OPTIONAL
 		Z_PARAM_OBJECT_OF_CLASS_OR_NULL(timezone_object, date_ce_timezone)
 	ZEND_PARSE_PARAMETERS_END();
@@ -2401,7 +2401,7 @@ PHP_FUNCTION(date_create_immutable_from_format)
 
 	ZEND_PARSE_PARAMETERS_START(2, 3)
 		Z_PARAM_STRING(format_str, format_str_len)
-		Z_PARAM_STRING(time_str, time_str_len)
+		Z_PARAM_PATH(time_str, time_str_len)
 		Z_PARAM_OPTIONAL
 		Z_PARAM_OBJECT_OF_CLASS_OR_NULL(timezone_object, date_ce_timezone)
 	ZEND_PARSE_PARAMETERS_END();
@@ -2803,7 +2803,7 @@ PHP_FUNCTION(date_parse_from_format)
 
 	ZEND_PARSE_PARAMETERS_START(2, 2)
 		Z_PARAM_STR(format)
-		Z_PARAM_STR(date)
+		Z_PARAM_PATH_STR(date)
 	ZEND_PARSE_PARAMETERS_END();
 
 	parsed_time = timelib_parse_from_format(ZSTR_VAL(format), ZSTR_VAL(date), ZSTR_LEN(date), &error, DATE_TIMEZONEDB, php_date_parse_tzfile_wrapper);

ext/date/tests/bug72963.phpt

@@ -0,0 +1,90 @@
+--TEST--
+Bug #72963 (Null-byte injection in CreateFromFormat and related functions)
+--FILE--
+<?php
+$strings = [
+	'8/8/2016',
+	"8/8/2016\0asf",
+];
+
+foreach ($strings as $string) {
+	$d1 = $d2 = $d3 = NULL;
+	echo "\nCovering string: ", addslashes($string), "\n\n";
+
+	try {
+		$d1 = DateTime::createFromFormat('!m/d/Y', $string);
+	} catch (ValueError $v) {
+		echo $v->getMessage(), "\n";
+	}
+
+	try {
+		$d2 = DateTimeImmutable::createFromFormat('!m/d/Y', $string);
+	} catch (ValueError $v) {
+		echo $v->getMessage(), "\n";
+	}
+
+	try {
+		$d3 = date_parse_from_format('m/d/Y', $string);
+	} catch (ValueError $v) {
+		echo $v->getMessage(), "\n";
+	}
+
+	var_dump($d1, $d2, $d3);
+}
+?>
+--EXPECT--
+Covering string: 8/8/2016
+
+object(DateTime)#1 (3) {
+  ["date"]=>
+  string(26) "2016-08-08 00:00:00.000000"
+  ["timezone_type"]=>
+  int(3)
+  ["timezone"]=>
+  string(3) "UTC"
+}
+object(DateTimeImmutable)#2 (3) {
+  ["date"]=>
+  string(26) "2016-08-08 00:00:00.000000"
+  ["timezone_type"]=>
+  int(3)
+  ["timezone"]=>
+  string(3) "UTC"
+}
+array(12) {
+  ["year"]=>
+  int(2016)
+  ["month"]=>
+  int(8)
+  ["day"]=>
+  int(8)
+  ["hour"]=>
+  bool(false)
+  ["minute"]=>
+  bool(false)
+  ["second"]=>
+  bool(false)
+  ["fraction"]=>
+  bool(false)
+  ["warning_count"]=>
+  int(0)
+  ["warnings"]=>
+  array(0) {
+  }
+  ["error_count"]=>
+  int(0)
+  ["errors"]=>
+  array(0) {
+  }
+  ["is_localtime"]=>
+  bool(false)
+}
+
+Covering string: 8/8/2016\0asf
+
+DateTime::createFromFormat(): Argument #2 ($datetime) must not contain any null bytes
+DateTimeImmutable::createFromFormat(): Argument #2 ($datetime) must not contain any null bytes
+date_parse_from_format(): Argument #2 ($datetime) must not contain any null bytes
+NULL
+NULL
+NULL