php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-23 07:58:20 +02:00
Code Issues Packages Projects Releases Wiki Activity
83,525 Commits 549 Branches 1,485 Tags
33a8af0510c5899cbf9148f53da08cf4f2df0013
Commit Graph

168 Commits

Author SHA1 Message Date
Stanislav Malyshev 7dde353ee7 Merge branch 'PHP-5.5' into PHP-5.6.23 
* PHP-5.5:
  Fixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
  update NEWS
  fix tests
  fix build
  Fix bug #72455:  Heap Overflow due to integer overflows
  Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
  Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize
  Fix bug #72407: NULL Pointer Dereference at _gdScaleVert
  Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free
  Fix bug #72298	pass2_no_dither out-of-bounds access
  Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow
  Fix bug #72262 - do not overflow int
  Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
  Fix bug #72275: don't allow smart_str to overflow int
  Fix bug #72340: Double Free Courruption in wddx_deserialize
  update NEWS
  Fix #66387: Stack overflow with imagefilltoborder
  Skip test which is 64bits only
  5.5.37 now

Conflicts:
	configure.in
	ext/mcrypt/mcrypt.c
	ext/spl/spl_directory.c
	main/php_version.h
 2016-06-21 00:01:48 -07:00
Stanislav Malyshev 6c5211a0ce Fix bug #72455: Heap Overflow due to integer overflows 2016-06-20 21:51:42 -07:00
Lior Kaplan 49493a2dcf Happy new year (Update copyright to 2016) 2016-01-01 19:21:47 +02:00
Nikita Popov fe1933aae2 Fixed bug #70625 2015-10-03 10:12:11 +02:00
Anatol Belski 80bc2133cd fix bug #69833 mcrypt fd caching not working 2015-08-11 16:49:28 +02:00
Anatol Belski 4fe938b0a9 remove duplicated declaration, fix build 2015-05-21 10:56:14 +02:00
Julien Pauli c09fad97d6 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Close fd at the end, otherwise people complain
  Add file descriptor caching to mcrypt_create_iv()
 2015-05-13 14:19:04 +02:00
Leigh f7952b90ca Close fd at the end, otherwise people complain 
Even though it's closed when the process terminates!
 2015-05-13 14:18:32 +02:00
Leigh c02c4aca00 Add file descriptor caching to mcrypt_create_iv() 
This improves performance for applications that make repeated calls to
mcrypt_create_iv()
 2015-05-13 14:18:32 +02:00
Xinchen Hui 0579e8278d bump year 2015-01-15 23:26:37 +08:00
Xinchen Hui 73c1be2653 Bump year 2015-01-15 23:26:03 +08:00
Dmitry Stogov 278c38165c Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Fixed possible read after end of buffer and use after free.
 2014-12-08 12:24:16 +03:00
Dmitry Stogov e6ad29ae96 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fixed possible read after end of buffer and use after free.
 2014-12-08 12:20:01 +03:00
Dmitry Stogov dd791cd717 Fixed possible read after end of buffer and use after free. 2014-12-08 12:18:27 +03:00
Nikita Popov fd5fbba98c Use /dev/urandom as the default mcrypt_create_iv() source 
Also fixes the ARGINFO for mcrypt_create_iv() and adds missing
UPGRADING entries.
 2014-03-11 14:06:13 +01:00
Nikita Popov d8ed84e4c4 Use zpp for accepting encryption mode string 
Leaving the non-zpp usage for the mcrypt_{MODE} functions, as
they're deprecated and I'm too lazy to update all their tests.
 2014-03-05 15:32:32 +01:00
Nikita Popov eb0eac75ef Remove a number of macros that are no longer used 2014-03-05 15:32:32 +01:00
Nikita Popov e5738d3bc9 Provide expected IV length in IV error messages 2014-03-05 15:32:32 +01:00
Nikita Popov b9737aa08e Call mcrypt_module_close on error 2014-03-05 15:32:32 +01:00
Nikita Popov e4876ecbfb Print supported key sizes in error message 2014-03-05 15:32:32 +01:00
Nikita Popov 32333abe3e Clean up do_crypt code 
Avoid unnecessary alloc/copy/free cycles and clean up structure in
general. Add a few extra checks for the key length.
 2014-03-05 15:32:32 +01:00
Nikita Popov a861a3a93d Abort on invalid key size 
Previously an incorrectly sized key was either silently padded
with NUL bytes or truncated. Especially the silent nature of this
behavior makes it extremely easy to use weak encryption. A common
mistake - which has also been extensively made in our tests - is
to use a password instead of a key.

Incorrectly sized keys will now be rejected.
 2014-03-05 15:32:32 +01:00
Nikita Popov 25d801f97e Abort on missing IV if the enc_mode requires it 
Previously the code fell back on using a NUL IV if no IV was
passed and the encryption mode required it. This is dangerous and
makes no sense from a practical point of view (as you could just
as well use ECB then).
 2014-03-05 15:32:31 +01:00
Nikita Popov c4b7cdb41e Abort on invalid IV size 
Previously, if the size of the IV did not match the block size
mcrypt would throw a warning and fall back to a NUL IV. This
behavior is both dangerous and makes no practical sense.

mcrypt_encrypt etc. will now return false if the IV has an incorrect
size.
 2014-03-05 15:32:31 +01:00
Xinchen Hui c081ce628f Bump year 2014-01-03 11:08:10 +08:00
Xinchen Hui 47c9027772 Bump year 2014-01-03 11:06:16 +08:00
Xinchen Hui c0d060f5c0 Bump year 2014-01-03 11:04:26 +08:00
Xinchen Hui a666285bc2 Happy New Year 2013-01-01 16:37:09 +08:00
Xinchen Hui 0a7395e009 Happy New Year 2013-01-01 16:28:54 +08:00
Sherif Ramadan 7014a0eb6d Fixed Mcrypt deprecated functions and related tests 2012-08-16 10:21:22 -04:00
Sherif Ramadan 29a0efccef Fixes mcrypt_ecb not issuing an E_DEPRECATED level notice, despite having been deprecated for some time. Please reference bug #62374 as well. 2012-07-21 19:38:03 -04:00
Felipe Pena 8775a37559 - Year++ 2012-01-01 13:15:04 +00:00
Felipe Pena 4e19825281 - Year++ 2012-01-01 13:15:04 +00:00
Felipe Pena 4b30846b50 - Make usage of new PHP_FE_END macro 2011-07-25 11:35:02 +00:00
Felipe Pena da376383e8 - Make usage of new PHP_FE_END macro 2011-07-25 11:35:02 +00:00
Pierre Joye 9805e1674a - remove magic quotes support, functions are kept (see the NEWS entry for the details) for BC reasons but do not allow to set enable MQ 2011-07-22 11:25:30 +00:00
Pierre Joye b8dd53b713 - use warning here to match unix behavior 2011-07-10 14:19:51 +00:00
Pierre Joye 8a18b29d23 - use warning here to match unix behavior 2011-07-10 14:19:51 +00:00
Felipe Pena 0203cc3d44 - Year++ 2011-01-01 02:17:06 +00:00
Pierre Joye cdaa87f57e - use new function to get random bytes 2010-06-08 18:27:23 +00:00
Pierre Joye b03678348c - fix leak on error in mcrypt_create_iv on windows 2010-06-02 15:27:38 +00:00
Pierre Joye 8296e705bf - WS 2010-06-02 10:07:26 +00:00
Stanislav Malyshev 932e276c0b add filters to mcrypt 
# trunk will follow soon
 2010-01-15 21:02:20 +00:00
Sebastian Bergmann 9ba1e81665 sed -i "s#1997-2009#1997-2010#g" **/*.c **/*.h **/*.php 2010-01-03 09:23:27 +00:00
Sriram Natarajan 0f57b15e23 - Fixed bug #49738 (calling mcrypt after mcrypt_generic_deinit crashes). 2009-10-02 00:13:53 +00:00
Matt Wilmas 1fa3b21c15 MFH: Fixed error message grammar: 
- "cannot" instead of "can not" (meaning "also can")
 - "than" instead of "then" (Hint: "then" should hardly be needed;
     you're not telling the order in which to do something)

... plus removed a couple ending. dots
 2009-06-06 02:40:49 +00:00
Kalle Sommer Nielsen 6068ce7469 MFH: Fixed compiler warning 2009-05-19 17:47:06 +00:00
Sebastian Bergmann 08659c2dcd MFH: Bump copyright year, 3 of 3. 2008-12-31 11:15:49 +00:00
Felipe Pena fc2fb50d09 - MFH: Added 'static' into ZEND_BEGIN_ARG_INFO_EX macro 2008-11-17 11:28:01 +00:00
Felipe Pena 7a37fa2d6b - Revert ZEND_BEGIN_ARG_INFO change 2008-11-02 21:19:39 +00:00