php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-17 13:01:02 +02:00
Code Issues Packages Projects Releases Wiki Activity
83,711 Commits 547 Branches 1,483 Tags
2881199c804d3cb11dd449ad10fa3965549812ea
Commit Graph

36067 Commits

Author SHA1 Message Date
Christoph M. Becker
8d6e958867 Fixed bug #75571: Potential infinite loop in gdImageCreateFromGifCtx 
Due to a signedness confusion in `GetCode_` a corrupt GIF file can
trigger an infinite loop.  Furthermore we make sure that a GIF without
any palette entries is treated as invalid *after* open palette entries
have been removed.
 2018-01-01 19:51:26 -08:00
Stanislav Malyshev
73ca9b3773 Fix bug #74782: remove file name from output to avoid XSS 2018-01-01 19:51:02 -08:00
Anatol Belski
f6e8ce8121 Backport and apply upstream patch for CVE-2017-14107 2017-10-27 13:16:56 +02:00
Anatol Belski
45ac5edbd9 Parametrize the expected value to avoid platform false positives 2017-10-24 18:33:21 +02:00
Anatol Belski
37acebcc8c Fixed bug #72535 arcfour encryption stream filter crashes php 2017-10-24 13:59:18 +02:00
Anatol Belski
a7815e63bd Fixed bug #75055 Out-Of-Bounds Read in timelib_meridian() 2017-10-24 11:28:17 +02:00
Anatol Belski
d37658be6c Apply upstream patch for CVE-2016-1283 
Fix bug #75207, see also
https://bugzilla.redhat.com/show_bug.cgi?id=1295385
https://vcs.pcre.org/pcre?view=revision&revision=1636

(cherry picked from commit d11fceab15)
 2017-10-24 11:10:11 +02:00
Remi Collet
703be4f77e Patch from the upstream git 
https://github.com/kkos/oniguruma/issues/60 (CVE-2017-9228)

Thanks to Mamoru TASAKA <mtasaka@fedoraproject.org>
 2017-07-05 09:26:06 +02:00
Remi Collet
27a743b82b Patch from the upstream git 
https://github.com/kkos/oniguruma/issues/59 (CVE-2017-9229)
b690371bbf97794b4a1d3f295d4fb9a8b05d402d Modified for onig 5.9.6

Thanks to Mamoru TASAKA <mtasaka@fedoraproject.org>
 2017-07-05 09:25:57 +02:00
Remi Collet
bdf7393ddb Patch from the upstream git 
https://github.com/kkos/oniguruma/issues/58 (CVE-2017-9227)

Thanks to Mamoru TASAKA <mtasaka@fedoraproject.org>
 2017-07-05 09:25:49 +02:00
Remi Collet
2693e52113 Patch from the upstream git 
https://github.com/kkos/oniguruma/issues/57 (CVE-2017-9224)

Thanks to Mamoru TASAKA <mtasaka@fedoraproject.org>
 2017-07-05 09:25:39 +02:00
Remi Collet
4e68b2c52b Patch from the upstream git 
https://github.com/kkos/oniguruma/issues/55 (CVE-2017-9226)
b4bf968ad52afe14e60a2dc8a95d3555c543353a Modified for onig 5.9.6
f015fbdd95f76438cd86366467bb2b39870dd7c6 Modified for onig 5.9.6

Thanks to Mamoru TASAKA <mtasaka@fedoraproject.org>
 2017-07-05 09:25:27 +02:00
Stanislav Malyshev
f269cdcd4f Improve fix for #74145 2017-07-04 21:10:08 -07:00
Stanislav Malyshev
e46d589624 Fix tests 2017-07-04 20:12:57 -07:00
Stanislav Malyshev
f7f4fd4706 Fix bug #74087 
Ported from https://vcs.pcre.org/pcre/code/trunk/pcre_jit_compile.c?r1=1676&r2=1680&view=patch
 2017-07-04 19:21:28 -07:00
Derick Rethans
e8b7698f5e Fixed parsing of strange formats with mixed month/day and time strings 2017-07-04 19:19:30 -07:00
Stanislav Malyshev
2aae60461c Fix bug #74145 - wddx parsing empty boolean tag leads to SIGSEGV 2017-07-04 19:06:42 -07:00
Nikita Popov
f8c514ba6b Fixed bug #74111 2017-07-04 19:06:16 -07:00
Christoph M. Becker
8dc4f4dc9e Fix #74435: Buffer over-read into uninitialized memory 
The stack allocated color map buffers were not zeroed before usage, and
so undefined palette indexes could cause information leakage.
 2017-07-04 19:00:57 -07:00
Stanislav Malyshev
89637c6b41 Fix bug #74651 - check EVP_SealInit as it can return -1 2017-07-04 12:32:06 -07:00
Remi Collet
0e21d8066b fix test for 32bits (int -> float) 
(cherry picked from commit 0f1ae93bfa)
 2017-02-01 11:49:52 +01:00
Christoph M. Becker
d2274b01cb Fix #73869: Signed Integer Overflow gd_io.c 
GD2 stores the number of horizontal and vertical chunks as words (i.e. 2
byte unsigned). These values are multiplied and assigned to an int when
reading the image, what can cause integer overflows. We have to avoid
that, and also make sure that either chunk count is actually greater
than zero. If illegal chunk counts are detected, we bail out from
reading the image.

(cherry picked from commit 5b5d9db3988b829e0b121b74bb3947f01c2796a1)
 2017-01-17 09:30:58 +01:00
Christoph M. Becker
f1b2afc9d9 Fix #73868: DOS vulnerability in gdImageCreateFromGd2Ctx() 
We must not pretend that there are image data if there are none. Instead
we fail reading the image file gracefully.

(cherry picked from commit cdb648dc4115ce0722f3cc75e6a65115fc0e56ab)
 2017-01-17 09:30:43 +01:00
Nikita Popov
6477bb724e Add additional serialize tests for fixed bugs 
These have been fixed as a side-effect of the delayed __wakeup
patch.
 2017-01-16 13:24:13 +01:00
Stanislav Malyshev
50b38322b9 Fix typo 2017-01-16 00:23:06 -08:00
Stanislav Malyshev
814966ad33 Fix test 2017-01-15 18:42:22 -08:00
Stanislav Malyshev
0ab1af7d3e Update more functions with path check 2017-01-15 17:31:08 -08:00
Mitch Hagstrand
ad9c552b12 Fix glob-wrapper.phpt to not fail in Windows 2017-01-10 23:18:52 +01:00
Sara Golemon
7e49e8e797 Fix open_basedir check for glob:// opendir wrapper 
php_check_open_basedir() expects a local filesystem path,
but we're handing it a `glob://...` URI instead.

Move the check to after the path trim so that we're checking
a meaningful pathspec.
 2017-01-09 11:02:50 -08:00
Remi Collet
db890956ec add skip when json not loaded 2017-01-06 06:23:59 +01:00
Nikita Popov
900b17b15f Fix printf modifier 2017-01-05 11:37:06 +01:00
Nikita Popov
f697874e3f Add tests for delayed __wakeup() 2017-01-05 00:21:48 +01:00
Nikita Popov
0426b916df Implement delayed __wakeup 2017-01-05 00:21:48 +01:00
Stanislav Malyshev
fa2125df67 Merge branch 'PHP-5.6.30' into PHP-5.6 
* PHP-5.6.30:
  Fix bug #73737 FPE when parsing a tag format
  Fix bug #73773 - Seg fault when loading hostile phar
  Fix bug #73825 - Heap out of bounds read on unserialize in finish_nested_data()
  Fix bug #73768 - Memory corruption when loading hostile phar
  Fix int overflows in phar (bug #73764)
 2017-01-02 20:56:32 -08:00
Nikita Popov
a65ad951ad FIx bug #70213 2017-01-01 14:10:49 +01:00
Stanislav Malyshev
1cda0d7c2f Fix bug #73737 FPE when parsing a tag format 2016-12-31 19:31:49 -08:00
Stanislav Malyshev
e5246580a8 Fix bug #73773 - Seg fault when loading hostile phar 2016-12-31 18:47:50 -08:00
Stanislav Malyshev
16b3003ffc Fix bug #73825 - Heap out of bounds read on unserialize in finish_nested_data() 2016-12-30 16:59:46 -08:00
Stanislav Malyshev
b28b8b2fee Fix bug #73768 - Memory corruption when loading hostile phar 2016-12-30 15:57:24 -08:00
Stanislav Malyshev
ca46d0acbc Fix int overflows in phar (bug #73764) 2016-12-30 15:39:48 -08:00
Christoph M. Becker
2ba3b27594 Revert "Fix #73530: Unsetting result set may reset other result set" 
This reverts commit eb570294a2.

That commit caused a regression, so it's probably best to revert it, and
to tackle the issue for the next minor release.
 2016-12-29 12:59:04 +01:00
Anatol Belski
79e47aae41 fix C89 compat 2016-12-17 20:43:32 +01:00
Matteo Beccati
0c9324ea9b Skip tests when secure_file_priv dir not writable 2016-12-15 09:31:00 +01:00
Anatol Belski
c89306ac52 fix leak, take 2 2016-12-06 16:12:39 +01:00
Anatol Belski
b04d60626d fix leak, take on 5.6 2016-12-06 14:34:27 +01:00
Stanislav Malyshev
d7ce944cf1 This still leaks memory, I don't have enough knowledge in WDDX code to fix them :( 2016-12-05 22:32:59 -08:00
Stanislav Malyshev
266ecb6d0a Fix bug #73631 - Invalid read when wddx decodes empty boolean element 2016-12-05 21:40:55 -08:00
Stanislav Malyshev
c8778eb293 oops, changed in wrong place 2016-11-27 16:11:41 -08:00
Stanislav Malyshev
8856b3a63c Merge branch 'pull-request/1974' into PHP-5.6 
* pull-request/1974:
  Fix #68447: grapheme_extract take an extra trailing character
 2016-11-27 15:34:58 -08:00
Christoph M. Becker
5049ef2f1c Fix #73549: Use after free when stream is passed to imagepng 
If a stream is passed to imagepng() or other image output functions,
opposed to a filename, we must not close this stream.
 2016-11-27 14:51:02 -08:00