archived-php-src

mirror of https://github.com/php/php-src.git synced 2026-04-27 01:48:26 +02:00

Author	SHA1	Message	Date
Anatol Belski	05c8a0771d	fix tests The 70436 test is just a bonus for the hardening in 72633.	2016-08-17 12:39:35 +02:00
Xinchen Hui	195d7618e7	Avoid duplicating string	2016-08-17 18:19:14 +08:00
Anatol Belski	7d4c5a0dc9	Revert "fix tests" This reverts commit `a47df5be19`. Looks like some environment issue, as some system throws the notice, some don't. Revert for now.	2016-08-17 12:04:03 +02:00
Anatol Belski	a5d00fc908	fix leak	2016-08-17 11:51:56 +02:00
Xinchen Hui	1dab8e07f2	Update NEWs	2016-08-17 16:56:58 +08:00
Xinchen Hui	b172f43caa	Unused label	2016-08-17 16:56:20 +08:00
Xinchen Hui	3956deb1b2	Merge branch 'PHP-5.6' into PHP-7.0 * PHP-5.6: Fixed bug #72853 (stream_set_blocking doesn't work) Conflicts: main/streams/plain_wrapper.c	2016-08-17 16:56:02 +08:00
Xinchen Hui	abe00908af	Fixed bug #72853 (stream_set_blocking doesn't work) Implemented PHP_STREAM_OPTION_META_DATA_API for plain_wrappers	2016-08-17 16:54:21 +08:00
Stanislav Malyshev	ed9d916c28	fix test	2016-08-17 01:12:33 -07:00
Nikita Popov	e0f9fbdfa6	Bug #72663 - part 3 When using the php_serialize session serialization handler, do not use the result of the unserialization if it failed.	2016-08-17 01:01:03 -07:00
Nikita Popov	61f2f5a0f7	Bug #72663 - part 2 If a (nested) unserialize() call fails, we remove all the values that were inserted into var_hash during that call. This prevents their use in other unserializations in the same context.	2016-08-17 00:47:02 -07:00
Nikita Popov	2135fdef9b	Bug #72663 - part 1 Don't call __destruct() on an unserialized object that has a __wakeup() method if either a) unserialization of its properties fails or b) the __wakeup() call fails (e.g. by throwing). This basically treats __wakeup() as a form of constructor and aligns us with the usual behavior that if the constructor call fails the destructor should not be called. The security aspect here is that people use __wakeup() to prevent unserialization of objects with dangerous __destruct() methods, but this is ineffective if __destruct() can still be called while __wakeup() was skipped.	2016-08-17 00:45:57 -07:00
Stanislav Malyshev	0d13325b66	Merge branch 'PHP-5.6' into PHP-7.0 * PHP-5.6: (24 commits) Update NEWS BLock test with memory leak fix tests Fix TSRM build Fix bug #72850 - integer overflow in uuencode Fixed bug #72849 - integer overflow in urlencode Fix bug #72848 - integer overflow in quoted_printable_encode caused heap corruption Fix bug #72838 - Integer overflow lead to heap corruption in sql_regcase Fix bug #72837 - integer overflow in bzdecompress caused heap corruption Fix bug #72836 - integer overflow in base64_decode caused heap corruption Fix for bug #72807 - do not produce strings with negative length Fix for bug #72790 and bug #72799 Fix bug #72730 - imagegammacorrect allows arbitrary write access Fix bug#72697 - select_colors write out-of-bounds Fixed bug #72627: Memory Leakage In exif_process_IFD_in_TIFF Fix bug #72750: wddx_deserialize null dereference Fix bug #72771: ftps:// opendir wrapper is vulnerable to protocol downgrade attack Improve fix for #72663 Fix bug #70436: Use After Free Vulnerability in unserialize() Fix bug #72749: wddx_deserialize allows illegal memory access ... Conflicts: Zend/zend_API.h ext/bz2/bz2.c ext/curl/interface.c ext/ereg/ereg.c ext/exif/exif.c ext/gd/gd.c ext/gd/tests/imagetruecolortopalette_error3.phpt ext/gd/tests/imagetruecolortopalette_error4.phpt ext/session/session.c ext/snmp/snmp.c ext/standard/base64.c ext/standard/ftp_fopen_wrapper.c ext/standard/quot_print.c ext/standard/url.c ext/standard/uuencode.c ext/standard/var.c ext/standard/var_unserializer.c ext/standard/var_unserializer.re ext/wddx/tests/bug72790.phpt ext/wddx/tests/bug72799.phpt ext/wddx/wddx.c sapi/cli/generate_mime_type_map.php	2016-08-17 00:43:33 -07:00
Stanislav Malyshev	75d7666968	Merge branch 'PHP-7.0.10' into PHP-7.0 * PHP-7.0.10: Fix bug #72749: wddx_deserialize allows illegal memory access Fixed bug #72627: Memory Leakage In exif_process_IFD_in_TIFF fix tests Fix bug#72697 - select_colors write out-of-bounds Fix bug #72708 - php_snmp_parse_oid integer overflow in memory allocation Fix bug #72730 - imagegammacorrect allows arbitrary write access Fix bug #72750: wddx_deserialize null dereference Fix bug #72771: ftps:// opendir wrapper is vulnerable to protocol downgrade attack fix tests add missing skipif section Fix for bug #72790 and bug #72799 Fix bug #72837 - integer overflow in bzdecompress caused heap corruption Fix bug #72742 - memory allocator fails to realloc small block to large one Use size_t for path length Check for string overflow Fix for bug #72782: mcrypt accepts only ints, so don't pass anything else Fix bug #72674 - check both curl_escape and curl_unescape	2016-08-16 23:52:22 -07:00
Stanislav Malyshev	f8a75d4eee	Merge branch 'PHP-7.0' into PHP-7.0.10 * PHP-7.0: (34 commits) Fix URL rewriter partially Support "git worktree" Add NEWS Fix ASSERT logic Bugfix 72791: fix memory leak in PDO persistent connections Don't copy mime types in CLI server Remove obsolete Id tags Bump version in OCI8 test Fixed bug #72788 (Invalid memory access when using persistent PDO connection) Remove typo'd commit Fix bug 72788: Invalid memory access when database_object_handle is undefined. Also fix memory leak in dbh_free when using persistent PDO connections. Replace dead branch with ZEND_ASSERT() Add test for bug #69107: finfo no longer detects PHP files Fix bug #55451 Fix stream_socket_enable_crypto() test Remove old $Id$ tags Sync with 7.1 branch changes from Nikita & Dimitri to keep OCI8 code identical Fix bug #72524 (Binding null values triggers ORA-24816 error) Fix the fix (Nikita), thanks! Check the return value of dbconvert() in mssql_guid_string(), as it may return -1 in case the conversion failed. In that case false is returned. ... Conflicts: ext/standard/ftp_fopen_wrapper.c	2016-08-16 23:50:42 -07:00
Stanislav Malyshev	9e00ad2b09	Update NEWS	2016-08-16 23:44:59 -07:00
Stanislav Malyshev	4bf5c3187f	BLock test with memory leak	2016-08-16 22:55:44 -07:00
Stanislav Malyshev	d8b2de164e	fix tests	2016-08-16 22:55:43 -07:00
Stanislav Malyshev	40bd921cea	Fix TSRM build	2016-08-16 22:55:43 -07:00
Stanislav Malyshev	35a8ed2f62	Fix bug #72850 - integer overflow in uuencode	2016-08-16 22:55:43 -07:00
Stanislav Malyshev	b9e81e5844	Fixed bug #72849 - integer overflow in urlencode	2016-08-16 22:55:42 -07:00
Stanislav Malyshev	24d741d376	Fix bug #72848 - integer overflow in quoted_printable_encode caused heap corruption	2016-08-16 22:55:42 -07:00
Stanislav Malyshev	5f91f692c3	Fix bug #72838 - Integer overflow lead to heap corruption in sql_regcase	2016-08-16 22:55:42 -07:00
Stanislav Malyshev	cfdeedd985	Fix bug #72837 - integer overflow in bzdecompress caused heap corruption	2016-08-16 22:55:41 -07:00
Stanislav Malyshev	d6a43a8562	Fix bug #72836 - integer overflow in base64_decode caused heap corruption	2016-08-16 22:55:41 -07:00
Stanislav Malyshev	1cd6bc6463	Fix for bug #72807 - do not produce strings with negative length	2016-08-16 22:55:41 -07:00
Stanislav Malyshev	5a34bd6d1e	Fix for bug #72790 and bug #72799	2016-08-16 22:55:41 -07:00
Stanislav Malyshev	1bd103df00	Fix bug #72730 - imagegammacorrect allows arbitrary write access	2016-08-16 22:55:40 -07:00
Stanislav Malyshev	a3598dd7c9	Fix bug#72697 - select_colors write out-of-bounds	2016-08-16 22:55:40 -07:00
Stanislav Malyshev	6dbb1ee46b	Fixed bug #72627 : Memory Leakage In exif_process_IFD_in_TIFF	2016-08-16 22:55:40 -07:00
Stanislav Malyshev	698a691724	Fix bug #72750 : wddx_deserialize null dereference	2016-08-16 22:55:39 -07:00
Stanislav Malyshev	e018ff094f	Fix bug #72771 : ftps:// opendir wrapper is vulnerable to protocol downgrade attack	2016-08-16 22:55:39 -07:00
Stanislav Malyshev	639f7fde6a	Improve fix for #72663	2016-08-16 22:55:20 -07:00
Stanislav Malyshev	95d09e4b5e	Fix bug #70436 : Use After Free Vulnerability in unserialize()	2016-08-16 22:55:20 -07:00
Stanislav Malyshev	426aeb2808	Fix bug #72749 : wddx_deserialize allows illegal memory access	2016-08-16 22:55:19 -07:00
Stanislav Malyshev	f1a0b7d690	Update comment	2016-08-16 22:55:19 -07:00
Stanislav Malyshev	da316b50bd	Fix bug #72708 - php_snmp_parse_oid integer overflow in memory allocation	2016-08-16 22:55:19 -07:00
Stanislav Malyshev	8763c6090d	Fix bug #72681 - consume data even if we're not storing them	2016-08-16 22:54:42 -07:00
Stanislav Malyshev	448c9be157	Fix bug #72663 - destroy broken object when unserializing	2016-08-16 22:54:42 -07:00
Xinchen Hui	f3231a7c76	Unused var	2016-08-17 11:16:48 +08:00
Anatol Belski	0f337e11bc	update NEWS	2016-08-17 01:37:40 +02:00
Christoph M. Becker	6202b47e63	Merge branch 'PHP-5.6' into PHP-7.0	2016-08-17 01:22:11 +02:00
Anatol Belski	20f76efb78	fix test	2016-08-17 00:56:19 +02:00
Anatol Belski	6de67244d4	fix blocking pipe stream option value As revealed by #72857, this value conflicts with the xport option. Wrong code can otherwise cause streams misbehave, fe if local and network streams APIs are mixed.	2016-08-17 00:53:15 +02:00
Christoph M. Becker	1bb92d5212	#72085 : SEGV on unknown address zif_xml_parse We better make sure that the ZVALs we're accessing as arrays are indeed arrays.	2016-08-17 00:42:45 +02:00
Stanislav Malyshev	e3829b8869	Fix bug #72749 : wddx_deserialize allows illegal memory access (cherry picked from commit 659a21dc20f0b64dafd8cb16573059d3b45cce6b) Conflicts: ext/wddx/wddx.c	2016-08-16 23:36:14 +02:00
Anatol Belski	f18f394386	fix test cleanup	2016-08-16 22:54:51 +02:00
Anatol Belski	5391bb8be0	Fixed #72857 stream_socket_recvfrom read access violation	2016-08-16 22:47:50 +02:00
Nikita Popov	e2230c17d3	Fix bug #72854	2016-08-16 21:05:30 +02:00
Stanislav Malyshev	24fb60ffe9	Fixed bug #72627 : Memory Leakage In exif_process_IFD_in_TIFF (cherry picked from commit 620b01337cc39f856ca68c34c35e154f5f0682fc) Conflicts: ext/exif/exif.c	2016-08-16 15:04:16 +02:00

1 2 3 4 5 ...

94865 Commits