php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-26 01:18:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
97,580 Commits 549 Branches 1,485 Tags
32c94deac3884370bdaee210257244437440780a
Commit Graph

981 Commits

Author SHA1 Message Date
Leigh b21de28bb7 Fix some insecure usages of php_rand 2016-07-05 16:02:34 +01:00
Dmitry Stogov adc95c5114 Fixed compilation warnings 2016-06-23 12:47:06 +03:00
Dmitry Stogov 323b2733f6 Fixed compilation warnings 2016-06-22 00:40:50 +03:00
Dmitry Stogov 1616038698 Added ZEND_ATTRIBUTE_FORMAT to some middind functions. 
"%p" replaced by ZEND_LONG_FMT to avoid compilation warnings.
Fixed most incorrect use cases of format specifiers.
 2016-06-21 16:00:37 +03:00
Dmitry Stogov ff363e2e7c Implemented RFC: Replace "Missing argument" warning with "Too few arguments" exception 
Squashed commit of the following:

commit 8b45fa2acb
Author: Dmitry Stogov <dmitry@zend.com>
Date:   Thu Jun 16 01:52:50 2016 +0300

    Separate slow path of ZEND_RECV into a cold function.

commit 9e18895ee5
Author: Dmitry Stogov <dmitry@zend.com>
Date:   Wed Jun 15 23:26:28 2016 +0300

    Required argument can't be IS_UNDEF anymore.

commit 662db66e39
Author: Dmitry Stogov <dmitry@zend.com>
Date:   Tue May 31 17:14:50 2016 +0300

    Replace "Missing argument" warning by "Too few arguments" exception.
 2016-06-16 02:32:02 +03:00
Dmitry Stogov cca2c8ecc4 Reimplemented Bob's commit bac6fdb0c5 without insignificant renaming and white-space changes 2016-05-06 10:47:58 +03:00
Dmitry Stogov c19cb70dac Revert "Refactor zval cleanup into single function" 
This reverts commit bac6fdb0c5.
 2016-05-06 10:47:58 +03:00
Bob Weinand bac6fdb0c5 Refactor zval cleanup into single function 
Also use zval_ptr_dtor_nogc() everywhere in Zend in favor of zval_dtor()
 2016-05-05 23:31:57 +02:00
Dmitry Stogov 6499162ff0 - get rid of EG(scope). zend_get_executed_scope() should be used instead. 
- ichanged zval_update_constant_ex(). Use IS_TYPE_IMMUTABLE flag on shared constants and AST, instead of "inline_change" parameter.
 2016-04-28 04:13:34 +03:00
Dmitry Stogov f0a2e8eb13 Removed "zend_fcall_info.function_table". It was assigned in many places, but is never used. 2016-04-27 13:46:38 +03:00
Xinchen Hui f63ba809a1 Merge branch 'PHP-7.0' 
* PHP-7.0:
  Fixed bug #71986 (Nested foreach assign-by-reference creates broken variables)
 2016-04-08 17:58:31 +08:00
Xinchen Hui c45f7b97a3 Fixed bug #71986 (Nested foreach assign-by-reference creates broken variables) 2016-04-08 17:57:51 +08:00
Nikita Popov 7ed893712f Merge branch 'PHP-7.0' 
Conflicts:
	ext/mysqlnd/mysqlnd_priv.h
	main/php_streams.h
 2016-03-03 23:20:50 +01:00
Nikita Popov 5602f64213 Eliminate usages of _PP macros 
These are either in debug code (fix them), commented out (drop
them) or in dead compatibility macros (drop them).

One usage was in php_stream_get_from_zval(), which we have not used
since at least PHP 5.2 and, judging from the fact that nobody
complained about it causing compile errors in PHP 7, nobody else
uses it either, so drop it.

There are still remaining uses in mysqli embedded and odbc birdstep.
These probably need to be dropped outright.
 2016-03-03 23:20:12 +01:00
Nikita Popov f57c0b3249 Merge branch 'PHP-7.0' 2016-03-03 16:50:47 +01:00
Nikita Popov 1ac152938c Move semicolon into TSRMLS_CACHE_EXTERN/DEFINE 
Also re bug #71575.
 2016-03-03 16:50:01 +01:00
Dmitry Stogov c67c166f93 Removed zend_fcall_info.symbol_table 2016-03-02 17:50:55 +03:00
Stanislav Malyshev eaf4e77190 Fix bug #71610: Type Confusion Vulnerability - SOAP / make_http_soap_request() 2016-02-21 23:45:57 -08:00
Antony Dovgal c140bbb5db check for NULL and avoid crashes 2016-01-25 14:30:33 +03:00
Anatol Belski 33cc42d8a5 port 4308c868f9 to 7.0 2016-01-14 18:38:30 +01:00
Lior Kaplan ed35de784f Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Happy new year (Update copyright to 2016)
 2016-01-01 19:48:25 +02:00
Lior Kaplan 49493a2dcf Happy new year (Update copyright to 2016) 2016-01-01 19:21:47 +02:00
Xinchen Hui 4531d2c591 Fixed typo 2015-12-21 18:12:57 +08:00
Xinchen Hui 5df6f9f20e Fixed bug #70993 (Array key references break argument processing) 2015-11-30 10:50:23 +08:00
Remi Collet 6680c2b22e Fixed bug #70940 Segfault in soep / type_to_string 2015-11-19 08:18:13 +01:00
Dmitry Stogov 04526093e4 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Fixed bug #70900 (SoapClient systematic out of memory error)
 2015-11-12 20:36:39 +03:00
Dmitry Stogov f8bf9bd86b Fixed bug #70900 (SoapClient systematic out of memory error) 2015-11-12 20:31:52 +03:00
Matteo Beccati c263dcee2f Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Fix bug #70875 Segmentation fault if wsdl has no targetNamespace attribute
 2015-11-07 11:05:36 +01:00
Matteo Beccati fd61666d96 Fix bug #70875 Segmentation fault if wsdl has no targetNamespace attribute 2015-11-07 11:00:33 +01:00
Dmitry Stogov c67fc6bb09 Fixed memory leak in php_stream_context_set_option() 2015-10-29 20:06:55 +03:00
Xinchen Hui 88a69ffa58 Fixed bug #70715 (Segmentation fault inside soap client) 2015-10-15 18:46:57 +08:00
Xinchen Hui a2cfcdfbe9 Fixed bug #70709 (SOAP Client generates Segfault) 2015-10-15 10:19:43 +08:00
Dmitry Stogov ad4fa8f758 Fixed incorrect usage of HASH_OF() macro. Replaced HASH_OF() with more appropriate Z_ARRVAL_P() or Z_OBJPROP_P(). 2015-09-24 22:39:59 +03:00
Dmitry Stogov 57575c0898 Cleanup: avoid reallocations 2015-09-24 01:35:16 +03:00
Dmitry Stogov 5cccd6c5b6 Fixed memory leak and avoid reallocations 2015-09-24 01:19:15 +03:00
Stanislav Malyshev 9b1a224d4e Merge branch 'PHP-5.6' 
* PHP-5.6: (21 commits)
  fix unit tests
  update NEWS
  add NEWS for fixes
  Improve fix for #70172
  Fix bug #70312 - HAVAL gives wrong hashes in specific cases
  fix test
  add test
  Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
  Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
  Fix bug #70172 - Use After Free Vulnerability in unserialize()
  Fix bug #70388 - SOAP serialize_function_call() type confusion
  Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
  Improve fix for #70385
  Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
  Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
  Fix bug #70219 (Use after free vulnerability in session deserializer)
  Fix bug ##70284 (Use after free vulnerability in unserialize() with GMP)
  Fix for bug #69782
  Add CVE IDs asigned (post release) to PHP 5.4.43
  Add CVE IDs asigned to #69085 (PHP 5.4.39)
  ...

Conflicts:
	ext/exif/exif.c
	ext/gmp/gmp.c
	ext/pcre/php_pcre.c
	ext/session/session.c
	ext/session/tests/session_decode_variation3.phpt
	ext/soap/soap.c
	ext/spl/spl_observer.c
	ext/standard/var.c
	ext/standard/var_unserializer.c
	ext/standard/var_unserializer.re
	ext/xsl/xsltprocessor.c
 2015-09-02 00:37:20 -07:00
Stanislav Malyshev c19d59c550 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  update NEWS
  add NEWS for fixes
  Improve fix for #70172
  Fix bug #70312 - HAVAL gives wrong hashes in specific cases
  fix test
  add test
  Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
  Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
  Fix bug #70172 - Use After Free Vulnerability in unserialize()
  Fix bug #70388 - SOAP serialize_function_call() type confusion
  Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
  Improve fix for #70385
  Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
  Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
  Fix bug #70219 (Use after free vulnerability in session deserializer)
  Fix for bug #69782
  Add CVE IDs asigned (post release) to PHP 5.4.43
  Add CVE IDs asigned to #69085 (PHP 5.4.39)
  5.4.45 next

Conflicts:
	ext/pcre/php_pcre.c
	ext/standard/var_unserializer.c
	ext/standard/var_unserializer.re
	ext/zip/php_zip.c
 2015-09-01 12:06:41 -07:00
Stanislav Malyshev 33d3acaae7 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Improve fix for #70172
  Fix bug #70312 - HAVAL gives wrong hashes in specific cases
  fix test
  add test
  Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
  Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
  Fix bug #70172 - Use After Free Vulnerability in unserialize()
  Fix bug #70388 - SOAP serialize_function_call() type confusion
  Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
  Improve fix for #70385
  Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
  Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
  Fix bug #70219 (Use after free vulnerability in session deserializer)
  Fix for bug #69782
  Add CVE IDs asigned (post release) to PHP 5.4.43
  Add CVE IDs asigned to #69085 (PHP 5.4.39)
  5.4.45 next

Conflicts:
	configure.in
	ext/pcre/php_pcre.c
	ext/standard/var_unserializer.c
	ext/standard/var_unserializer.re
	main/php_version.h
 2015-09-01 11:42:19 -07:00
Stanislav Malyshev e201f01ac1 Fix bug #70388 - SOAP serialize_function_call() type confusion 2015-08-31 21:06:03 -07:00
Anatol Belski 150dead2d9 add range check to ext/soap 2015-08-26 16:39:54 +02:00
Stanislav Malyshev ed709d5aa0 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  update NEWS
  fix test
  update NEWS
  Fix bug #70019 - limit extracted files to given directory
  Do not do convert_to_* on unserialize, it messes up references
  Fix #69793 - limit what we accept when unserializing exception
  Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
  Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
  ignore signatures for packages too
  Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
  Fixed bug #69892
  Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
  Improved fix for Bug #69441
  Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
  Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
  Fix bug #70081: check types for SOAP variables

Conflicts:
	ext/soap/php_http.c
	ext/spl/spl_observer.c
 2015-08-04 15:29:13 -07:00
Stanislav Malyshev 69ed3969dd Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fix bug #70019 - limit extracted files to given directory
  Do not do convert_to_* on unserialize, it messes up references
  Fix #69793 - limit what we accept when unserializing exception
  Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
  Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
  ignore signatures for packages too
  Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
  Fixed bug #69892
  Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
  Improved fix for Bug #69441
  Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
  Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
  Fix bug #70081: check types for SOAP variables

Conflicts:
	.gitignore
	ext/date/php_date.c
	ext/spl/spl_array.c
	ext/spl/spl_observer.c
 2015-08-04 14:10:57 -07:00
Stanislav Malyshev c96d08b272 Fix bug #70081: check types for SOAP variables 2015-07-26 16:44:18 -07:00
Xinchen Hui be54eb7db1 Fixed bug #70211 (php 7 ZEND_HASH_IF_FULL_DO_RESIZE use after free) 2015-08-10 17:02:16 +08:00
Anatol Belski 07f8845205 fix datatype 2015-08-07 10:12:20 +02:00
Stanislav Malyshev 97047e7665 Merge branch 'PHP-5.6' 
* PHP-5.6:
  update NEWS
  fix test
  update NEWS
  Fix bug #70019 - limit extracted files to given directory
  Do not do convert_to_* on unserialize, it messes up references
  Fix #69793 - limit what we accept when unserializing exception
  Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
  Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
  ignore signatures for packages too
  Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
  Fixed bug #69892
  Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
  Improved fix for Bug #69441
  Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
  Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
  Fix bug #70081: check types for SOAP variables

Conflicts:
	Zend/zend_exceptions.c
	ext/date/php_date.c
	ext/openssl/openssl.c
	ext/phar/phar_internal.h
	ext/soap/php_http.c
	ext/spl/spl_array.c
	ext/spl/spl_dllist.c
	ext/spl/spl_observer.c
	ext/standard/tests/serialize/bug69152.phpt
	sapi/cli/tests/005.phpt
 2015-08-04 16:14:24 -07:00
Anatol Belski 4e66cce87c switch to the unified globals accessor where appropriate 2015-07-29 13:26:35 +02:00
Xinchen Hui 94e23b29a1 online test 2015-07-28 16:43:12 +08:00
Xinchen Hui deeb6379cb Fixed bug #70079 (Segmentation fault after more than 100 SoapClient calls) 2015-07-16 18:32:42 +08:00
Xinchen Hui 0de0c4ace1 Fixed Bug #70032 (make_http_soap_request calls zend_hash_get_current_key_ex(,,,NULL)) 2015-07-09 16:36:31 +08:00