php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-14 03:22:58 +02:00
Code Issues Packages Projects Releases Wiki Activity
114,233 Commits 547 Branches 1,483 Tags
2b3b7f5cd97f3fdcd4fcaada212101975a289d06
Commit Graph

475 Commits

Author SHA1 Message Date
Christoph M. Becker
db848e1482 Fix #79371: mb_strtolower (UTF-32LE): stack-buffer-overflow 
We make sure that negative values are properly compared.
 2020-03-16 22:40:48 -07:00
Nikita Popov
a73f98eda9 Merge branch 'PHP-7.3' into PHP-7.4 
* PHP-7.3:
  Add SKIPIF to test requiring mbregex
 2020-01-30 11:21:26 +01:00
Nikita Popov
6ccd675776 Add SKIPIF to test requiring mbregex 2020-01-30 11:20:42 +01:00
Nikita Popov
9aadcb18e1 Restore digit check in mb_decode_numericentity() 
I replaced it with a multiplication overflow check in
18599f9c52. However, we need both,
because the code for restoring the number can't handle numbers
with many leading zeros right now and I don't feel like teaching it.
 2020-01-30 10:07:01 +01:00
Nikita Popov
acc616c455 Merge branch 'PHP-7.3' into PHP-7.4 
* PHP-7.3:
  Fix mb_ord() crash if internal encoding not supported
 2020-01-29 16:19:14 +01:00
Nikita Popov
a62c06c4cf Fix mb_ord() crash if internal encoding not supported 
enc_name can be NULL here. Take the name from the mbfl_encoding
instead.
 2020-01-29 16:18:46 +01:00
Nikita Popov
18599f9c52 Better overflow check for entity decoding 
Check for multiplication overflow rather than number of digits.
 2020-01-29 16:08:46 +01:00
Nikita Popov
b3f07afabc Merge branch 'PHP-7.3' into PHP-7.4 
* PHP-7.3:
  Fix use of mb_ereg_search_getregs() after invalid pattern
 2020-01-29 12:50:40 +01:00
Nikita Popov
392ad206a4 Fix use of mb_ereg_search_getregs() after invalid pattern 
This segfaulted because we assumed that if there are matches,
there must be a regular expression as well.
 2020-01-29 12:50:18 +01:00
Nikita Popov
5589bf4d4a Fix length inconsistency in mb_convert_encoding 
Don't mix strlen() and ZSTR_LEN(). If the encoding contains a
NULL byte, this will overflow the buffer.

NULL bytes will still make this behave oddly because the consuming
code will cut off the string there, but let's address that in master...
 2020-01-29 12:19:28 +01:00
Nikita Popov
91f878779c Fix recovery of large entities in mb_decode_numericentity() 
Make sure we don't overflow the integer.
 2020-01-29 11:48:34 +01:00
Nikita Popov
9fcaf25c93 Fix memory leak in mb_str_split 2020-01-28 17:39:49 +01:00
Christoph M. Becker
ab846173e2 Merge branch 'PHP-7.3' into PHP-7.4 
* PHP-7.3:
  Fix #79154: mb_convert_encoding() can modify $from_encoding
 2020-01-22 10:30:25 +01:00
Christoph M. Becker
9be31a582a Fix #79154: mb_convert_encoding() can modify $from_encoding 
We must not modify arrays passed by value.
 2020-01-22 10:28:07 +01:00
Christoph M. Becker
94c9dc498f Fix #79149: SEGV in mb_convert_encoding with non-string encodings 
We must not assume that `hash_entry` `IS_STRING`, but rather use
`encoding_str` which is guaranteed to be.
 2020-01-22 09:43:51 +01:00
Stanislav Malyshev
a29c793381 Merge branch 'PHP-7.3' into PHP-7.4 
* PHP-7.3:
  Update NEWS
  Fix bug #79037 (global buffer-overflow in `mbfl_filt_conv_big5_wchar`)
  Fix #79099: OOB read in php_strip_tags_ex
  Fix #79091: heap use-after-free in session_create_id()
 2020-01-20 22:47:01 -08:00
Stanislav Malyshev
25ec7eb346 Merge branch 'PHP-7.2' into PHP-7.3 
* PHP-7.2:
  Update NEWS
  Fix bug #79037 (global buffer-overflow in `mbfl_filt_conv_big5_wchar`)
  Fix #79099: OOB read in php_strip_tags_ex
  Fix #79091: heap use-after-free in session_create_id()
 2020-01-20 22:46:29 -08:00
Stanislav Malyshev
2bcbc95f03 Fix bug #79037 (global buffer-overflow in mbfl_filt_conv_big5_wchar) 2020-01-20 21:43:42 -08:00
Christoph M. Becker
1979c5d16f Upgrade to Oniguruma 6.9.4 
Oniguruma 6.9.4 fixes several CVEs.
 2019-11-30 14:00:41 +01:00
Christoph M. Becker
8c4b0ddde5 Add missing skip checks 2019-11-29 23:50:05 +01:00
Christoph M. Becker
ff2140c49d Partially revert "Adapt test cases for Oniguruma 6.9.4" 
This partially reverts commit c55d09c2f5,
because `MB_ONIGURUMA_VERSION` is only available as of PHP 7.4.0, so
that change made no sense for PHP-7.3; we keep it for PHP-7.4, though.
We also stick with the modification to bug78633.phpt.
 2019-11-29 23:40:30 +01:00
Christoph M. Becker
2b700841c5 Merge branch 'PHP-7.3' into PHP-7.4 
* PHP-7.3:
  Adapt test cases for Oniguruma 6.9.4
 2019-11-29 17:00:11 +01:00
Christoph M. Becker
c55d09c2f5 Adapt test cases for Oniguruma 6.9.4 
Apparently, bug 78633 has now really been fixed; the former fix only
catered to the buffer overflow, but yielded a wrong result.  Also,
the order of the named captures has been fixed.
 2019-11-29 16:59:19 +01:00
Stanislav Malyshev
d517c559fc Merge branch 'PHP-7.3' into PHP-7.4 
* PHP-7.3:
  Fix #78633: Heap buffer overflow (read) in mb_eregi
 2019-10-20 23:20:16 -07:00
Christoph M. Becker
4f50d58cab Fix #78633: Heap buffer overflow (read) in mb_eregi 
We backport kkos/oniguruma@15c4228aa2.
 2019-10-20 22:47:38 -07:00
Nikita Popov
5b067163be Limit retry_limit test to oniguruma >= 6.9.3 
This test is somewhat fragile in that it depends on how well a
particular regex is optimized. Apparently on 6.9.1 this regex
would hit the default retry_limit of 1000000 already. I'm limiting
this to 6.9.3 because that's the version that works for me.
 2019-10-07 10:49:34 +02:00
Nikita Popov
6623e7ac51 Add support for mbstring.regex_retry_limit 
This is very similar to the existing mbstring.regex_stack_limit,
but for backtracking. The default value matches pcre.backtrack_limit.
Only used on libonig >= 2.8.0.
 2019-10-06 10:06:33 +02:00
Christoph M. Becker
3d89f92784 Skip tests for old versions instead of marking them XFAIL 
According to commit 0eea9a6[1], these tests fail with old Oniguruma
versions; we are not sure which version of Oniguruma is required to let
them pass, but at least 6.9.3 is sufficient.

[1] <http://git.php.net/?p=php-src.git;a=commit;h=0eea9a642941ab5d4c612f8092f186977afbb73e>
 2019-09-30 14:14:23 +02:00
Christoph M. Becker
70f367d48a Merge branch 'PHP-7.3' into PHP-7.4 
* PHP-7.3:
  Fix #78609: mb_check_encoding() no longer supports stringable objects
 2019-09-30 13:06:57 +02:00
Christoph M. Becker
2046b3ce4f Merge branch 'PHP-7.2' into PHP-7.3 
* PHP-7.2:
  Fix #78609: mb_check_encoding() no longer supports stringable objects
 2019-09-30 13:04:54 +02:00
Christoph M. Becker
45db6fa567 Fix #78609: mb_check_encoding() no longer supports stringable objects 
We apply type juggling for other types than array.
 2019-09-30 12:42:04 +02:00
Stanislav Malyshev
e7befd38d4 Merge branch 'PHP-7.3' into PHP-7.4 
* PHP-7.3:
  Fix #78559: Heap buffer overflow in mb_eregi
 2019-09-23 21:51:12 -07:00
Christoph M. Becker
8f949eba80 Fix #78559: Heap buffer overflow in mb_eregi 
We backport kkos/oniguruma@d3e402928b.
 2019-09-23 21:49:55 -07:00
Fabien Villepinte
db4f5e44e1 Add missing SKIPIF (mbstring) 2019-09-04 08:51:03 +02:00
Nikita Popov
39e756e7fe Deprecate encoding as 3rd param to mb_strrpos() 2019-07-22 11:39:52 +02:00
Nikita Popov
487d4d07b4 Remove some uses of deprecated internal_encoding settings in tests 2019-04-17 14:24:11 +02:00
Nikita Popov
f73f190c3f Fix internal_encoding fallback in mbstring 
By introducing a hook that is called whenever one of
internal_encoding / input_encoding / output_encoding changes, so
that mbstring can adjust it's internal state.

This also makes internal_encoding work with zend multibyte.
 2019-04-17 14:05:53 +02:00
Nikita Popov
1ef5b79b6b Merge branch 'PHP-7.3' into PHP-7.4 2019-04-12 10:37:17 +02:00
Nikita Popov
354a1c27aa Merge branch 'PHP-7.2' into PHP-7.3 2019-04-12 10:37:08 +02:00
Nikita Popov
3b53d28e60 Fix key leaks in mb_convert_encoding() 2019-04-12 10:36:58 +02:00
Stanislav Malyshev
0eea9a6429 Unfortunately, travis CI has old oniguruma library 
So we can't test it there.
 2019-04-01 00:30:56 -07:00
Stanislav Malyshev
077ce33aa9 Merge branch 'PHP-7.3' into PHP-7.4 
* PHP-7.3:
  Update NEWS & UPGRADING
  Add fallbacks for older oniguruma versions
  Add mbstring.regex_stack_limit to php.ini-*
  Implement RF bug #72777 - ensure stack limits on mbstring functions.
 2019-04-01 00:05:36 -07:00
Stanislav Malyshev
bc8f292c05 Merge branch 'mb-limit-73' into PHP-7.3 
* mb-limit-73:
  Add fallbacks for older oniguruma versions
  Add mbstring.regex_stack_limit to php.ini-*
  Implement RF bug #72777 - ensure stack limits on mbstring functions.
 2019-04-01 00:00:14 -07:00
Matteo Beccati
263c587854 Fixed SKIPIF when --disable-mbregex is used 2019-03-30 18:29:49 +01:00
Matteo Beccati
f030f34622 Merge branch 'PHP-7.2' into PHP-7.3 
* PHP-7.2:
  Fixed SKIPIF when --disable-mbregex is used
 2019-03-30 18:29:44 +01:00
Matteo Beccati
0dbb581cf4 Fixed SKIPIF when --disable-mbregex is used 2019-03-30 18:28:33 +01:00
Matteo Beccati
16b40a1806 Fixed SKIPIF when --disable-mbregex is used 2019-03-29 14:09:39 +01:00
Stanislav Malyshev
66c35b083b Merge branch 'PHP-7.2' into PHP-7.3 
* PHP-7.2:
  Validate subject encoding in mb_split and mb_ereg_match
  Validate pattern against mbregex encoding
  SQLite3: add DEFENSIVE config for SQLite >= 3.26.0 as a mitigation strategy against potential security flaws
 2019-03-28 00:42:56 -07:00
Stanislav Malyshev
402adc1df1 Merge branch 'PHP-7.1' into PHP-7.2 
* PHP-7.1:
  Validate subject encoding in mb_split and mb_ereg_match
  Validate pattern against mbregex encoding
  SQLite3: add DEFENSIVE config for SQLite >= 3.26.0 as a mitigation strategy against potential security flaws
 2019-03-28 00:35:22 -07:00
Yasuo Ohgaki
738016bd88 Implement RF bug #72777 - ensure stack limits on mbstring functions. 
The patch creates new config: mbstring.regex_stack_limit, which
defaults to 100000.
 2019-03-28 00:31:57 -07:00