php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-12 10:33:11 +02:00
Code Issues Packages Projects Releases Wiki Activity
110,727 Commits 547 Branches 1,483 Tags
5f4e034e570176cf63aaa29d2d476ddff2d0580b
Commit Graph

422 Commits

Author SHA1 Message Date
XXiang
3d5de7d746 Fix bug #79787 
Closes GH-5807.
 2020-07-08 11:20:58 +02:00
George Peter Banyard
a0df5f3b54 Revert "Went to fast and forgot to update tests" 
This reverts commit 656eac74fa.
 2020-04-07 22:24:40 +02:00
George Peter Banyard
6031b08240 Revert "Fix Bug #79448 0 is a valid Unicode codepoint, but mb_substitute_character(0) fails" 
This commit brings some substantial changes in behaviour due to the weird implementation.
This will be fixed in master due to BC concerns.

This reverts commit 1333b46d6d.
 2020-04-07 22:23:24 +02:00
George Peter Banyard
656eac74fa Went to fast and forgot to update tests 
However due to the really lax conversion to integer all strings pass as 0
 2020-04-03 22:03:00 +02:00
George Peter Banyard
1333b46d6d Fix Bug #79448 0 is a valid Unicode codepoint, but mb_substitute_character(0) fails 2020-04-03 21:18:45 +02:00
George Peter Banyard
18dc9044f5 Fix bug 79441 2020-04-01 04:29:20 +02:00
Christoph M. Becker
1fdffd1c55 Fix #79371: mb_strtolower (UTF-32LE): stack-buffer-overflow 
We make sure that negative values are properly compared.
 2020-03-16 22:40:00 -07:00
Nikita Popov
6ccd675776 Add SKIPIF to test requiring mbregex 2020-01-30 11:20:42 +01:00
Nikita Popov
a62c06c4cf Fix mb_ord() crash if internal encoding not supported 
enc_name can be NULL here. Take the name from the mbfl_encoding
instead.
 2020-01-29 16:18:46 +01:00
Nikita Popov
392ad206a4 Fix use of mb_ereg_search_getregs() after invalid pattern 
This segfaulted because we assumed that if there are matches,
there must be a regular expression as well.
 2020-01-29 12:50:18 +01:00
Christoph M. Becker
9be31a582a Fix #79154: mb_convert_encoding() can modify $from_encoding 
We must not modify arrays passed by value.
 2020-01-22 10:28:07 +01:00
Stanislav Malyshev
25ec7eb346 Merge branch 'PHP-7.2' into PHP-7.3 
* PHP-7.2:
  Update NEWS
  Fix bug #79037 (global buffer-overflow in `mbfl_filt_conv_big5_wchar`)
  Fix #79099: OOB read in php_strip_tags_ex
  Fix #79091: heap use-after-free in session_create_id()
 2020-01-20 22:46:29 -08:00
Stanislav Malyshev
2bcbc95f03 Fix bug #79037 (global buffer-overflow in mbfl_filt_conv_big5_wchar) 2020-01-20 21:43:42 -08:00
Christoph M. Becker
1979c5d16f Upgrade to Oniguruma 6.9.4 
Oniguruma 6.9.4 fixes several CVEs.
 2019-11-30 14:00:41 +01:00
Christoph M. Becker
8c4b0ddde5 Add missing skip checks 2019-11-29 23:50:05 +01:00
Christoph M. Becker
ff2140c49d Partially revert "Adapt test cases for Oniguruma 6.9.4" 
This partially reverts commit c55d09c2f5,
because `MB_ONIGURUMA_VERSION` is only available as of PHP 7.4.0, so
that change made no sense for PHP-7.3; we keep it for PHP-7.4, though.
We also stick with the modification to bug78633.phpt.
 2019-11-29 23:40:30 +01:00
Christoph M. Becker
c55d09c2f5 Adapt test cases for Oniguruma 6.9.4 
Apparently, bug 78633 has now really been fixed; the former fix only
catered to the buffer overflow, but yielded a wrong result.  Also,
the order of the named captures has been fixed.
 2019-11-29 16:59:19 +01:00
Christoph M. Becker
4f50d58cab Fix #78633: Heap buffer overflow (read) in mb_eregi 
We backport kkos/oniguruma@15c4228aa2.
 2019-10-20 22:47:38 -07:00
Christoph M. Becker
2046b3ce4f Merge branch 'PHP-7.2' into PHP-7.3 
* PHP-7.2:
  Fix #78609: mb_check_encoding() no longer supports stringable objects
 2019-09-30 13:04:54 +02:00
Christoph M. Becker
45db6fa567 Fix #78609: mb_check_encoding() no longer supports stringable objects 
We apply type juggling for other types than array.
 2019-09-30 12:42:04 +02:00
Christoph M. Becker
8f949eba80 Fix #78559: Heap buffer overflow in mb_eregi 
We backport kkos/oniguruma@d3e402928b.
 2019-09-23 21:49:55 -07:00
Nikita Popov
354a1c27aa Merge branch 'PHP-7.2' into PHP-7.3 2019-04-12 10:37:08 +02:00
Nikita Popov
3b53d28e60 Fix key leaks in mb_convert_encoding() 2019-04-12 10:36:58 +02:00
Stanislav Malyshev
bc8f292c05 Merge branch 'mb-limit-73' into PHP-7.3 
* mb-limit-73:
  Add fallbacks for older oniguruma versions
  Add mbstring.regex_stack_limit to php.ini-*
  Implement RF bug #72777 - ensure stack limits on mbstring functions.
 2019-04-01 00:00:14 -07:00
Matteo Beccati
263c587854 Fixed SKIPIF when --disable-mbregex is used 2019-03-30 18:29:49 +01:00
Matteo Beccati
f030f34622 Merge branch 'PHP-7.2' into PHP-7.3 
* PHP-7.2:
  Fixed SKIPIF when --disable-mbregex is used
 2019-03-30 18:29:44 +01:00
Matteo Beccati
0dbb581cf4 Fixed SKIPIF when --disable-mbregex is used 2019-03-30 18:28:33 +01:00
Stanislav Malyshev
66c35b083b Merge branch 'PHP-7.2' into PHP-7.3 
* PHP-7.2:
  Validate subject encoding in mb_split and mb_ereg_match
  Validate pattern against mbregex encoding
  SQLite3: add DEFENSIVE config for SQLite >= 3.26.0 as a mitigation strategy against potential security flaws
 2019-03-28 00:42:56 -07:00
Stanislav Malyshev
402adc1df1 Merge branch 'PHP-7.1' into PHP-7.2 
* PHP-7.1:
  Validate subject encoding in mb_split and mb_ereg_match
  Validate pattern against mbregex encoding
  SQLite3: add DEFENSIVE config for SQLite >= 3.26.0 as a mitigation strategy against potential security flaws
 2019-03-28 00:35:22 -07:00
Yasuo Ohgaki
738016bd88 Implement RF bug #72777 - ensure stack limits on mbstring functions. 
The patch creates new config: mbstring.regex_stack_limit, which
defaults to 100000.
 2019-03-28 00:31:57 -07:00
Nikita Popov
0ecac37c40 Validate subject encoding in mb_split and mb_ereg_match 
We were already validating the subject encoding in most functions,
but not these two.
 2019-03-27 23:20:27 -07:00
Nikita Popov
40fe50daf6 Validate pattern against mbregex encoding 
Oniguruma does not consistently perform this validation itself (at least
on older versions), so make sure we check pattern encoding validity on the
PHP side.
 2019-03-27 23:19:46 -07:00
Nikita Popov
3c98c2d0cb Fixed bug #77514 2019-01-24 15:13:49 +01:00
Nikita Popov
d6212835f2 Merge branch 'PHP-7.2' into PHP-7.3 2019-01-14 10:23:44 +01:00
Nikita Popov
3ad0ebdf5c Fixed bug #77454 2019-01-14 10:22:48 +01:00
Nikita Popov
76c687feaf Fixed bug #77428 
mb_ereg_replace historically has not supported escaping backslashes
with backslashes. Go back to that behavior for BC reasons.
 2019-01-08 10:21:01 +01:00
Stanislav Malyshev
aeec40cb50 Merge branch 'PHP-7.2' into PHP-7.3 
* PHP-7.2:
  Fix bug #77418 - Heap overflow in utf32be_mbc_to_code
  Add NEWS
  [ci skip] Add NEWS
  Fix more issues with encodilng length
  Fix #77270: imagecolormatch Out Of Bounds Write on Heap
  Fix bug #77380  (Global out of bounds read in xmlrpc base64 code)
  Fix bug #77371 (heap buffer overflow in mb regex functions - compile_string_node)
  Fix bug #77370 - check that we do not read past buffer end when parsing multibytes
  Fix #77269: Potential unsigned underflow in gdImageScale
  Fix bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext)
  Fix bug #77242 (heap out of bounds read in xmlrpc_decode())
  Regenerate certs for openssl tests
 2019-01-06 23:35:09 -08:00
Stanislav Malyshev
cfe77ea543 Merge branch 'PHP-7.1' into PHP-7.2 
* PHP-7.1:
  Fix bug #77418 - Heap overflow in utf32be_mbc_to_code
  Add NEWS
  [ci skip] Add NEWS
  Fix more issues with encodilng length
  Fix #77270: imagecolormatch Out Of Bounds Write on Heap
  Fix bug #77380  (Global out of bounds read in xmlrpc base64 code)
  Fix bug #77371 (heap buffer overflow in mb regex functions - compile_string_node)
  Fix bug #77370 - check that we do not read past buffer end when parsing multibytes
  Fix #77269: Potential unsigned underflow in gdImageScale
  Fix bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext)
  Fix bug #77242 (heap out of bounds read in xmlrpc_decode())
  Regenerate certs for openssl tests
 2019-01-06 23:34:26 -08:00
Stanislav Malyshev
1afebfb3fa Merge branch 'PHP-5.6' into PHP-7.1 
* PHP-5.6:
  Fix bug #77418 - Heap overflow in utf32be_mbc_to_code
  [ci skip] Add NEWS
  Fix more issues with encodilng length
  Fix #77270: imagecolormatch Out Of Bounds Write on Heap
  Fix bug #77380  (Global out of bounds read in xmlrpc base64 code)
  Fix bug #77371 (heap buffer overflow in mb regex functions - compile_string_node)
  Fix bug #77370 - check that we do not read past buffer end when parsing multibytes
  Fix #77269: Potential unsigned underflow in gdImageScale
  Fix bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext)
  Fix bug #77242 (heap out of bounds read in xmlrpc_decode())
  Regenerate certs for openssl tests
 2019-01-06 23:33:34 -08:00
Stanislav Malyshev
9d6c59eeea Fix bug #77418 - Heap overflow in utf32be_mbc_to_code 2019-01-06 23:31:15 -08:00
Stanislav Malyshev
7ed3cfb2e8 Merge branch 'PHP-7.2' into PHP-7.3 
* PHP-7.2:
  Fix tests - newer versions check Unicode
  Add NEWS
  Fix test
 2019-01-06 13:50:28 -08:00
Stanislav Malyshev
d0d0d922de Fix tests - newer versions check Unicode 2019-01-06 13:28:30 -08:00
Christoph M. Becker
e617f03066 Fix #77367: Negative size parameter in mb_split 
When adding the last element to the result value of `mb_split`, the
`chunk_pos` may point beyond the end of the string, in which case the
unsigned `n` would underflow.  Therefore, we check whether this is the
case in the first place, and only calculate `n` otherwise.  Since `n`
is no longer used outside the block, we move its declaration inside.
 2019-01-06 12:24:15 -08:00
Stanislav Malyshev
e40027ef0f Merge branch 'PHP-7.2' into PHP-7.3 
* PHP-7.2:
  Fix #77369 - memcpy with negative length via crafted DNS response
  Fix more issues with encodilng length
  Fix #77270: imagecolormatch Out Of Bounds Write on Heap
  Fix bug #77380  (Global out of bounds read in xmlrpc base64 code)
  Fix bug #77371 (heap buffer overflow in mb regex functions - compile_string_node)
  Fix bug #77370 - check that we do not read past buffer end when parsing multibytes
  Fix #77269: Potential unsigned underflow in gdImageScale
  Fix bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext)
  Fix bug #77242 (heap out of bounds read in xmlrpc_decode())
  Regenerate certs for openssl tests
 2019-01-06 12:23:53 -08:00
Stanislav Malyshev
fe820fcba6 Merge branch 'PHP-7.1' into PHP-7.2 
* PHP-7.1:
  Fix #77369 - memcpy with negative length via crafted DNS response
  Fix more issues with encodilng length
  Fix #77270: imagecolormatch Out Of Bounds Write on Heap
  Fix bug #77380  (Global out of bounds read in xmlrpc base64 code)
  Fix bug #77371 (heap buffer overflow in mb regex functions - compile_string_node)
  Fix bug #77370 - check that we do not read past buffer end when parsing multibytes
  Fix #77269: Potential unsigned underflow in gdImageScale
  Fix bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext)
  Fix bug #77242 (heap out of bounds read in xmlrpc_decode())
  Regenerate certs for openssl tests
 2019-01-06 11:57:16 -08:00
Stanislav Malyshev
31f59e1f30 Fix more issues with encodilng length 
Should fix bug #77381, bug #77382, bug #77385, bug #77394.
 2019-01-06 11:38:46 -08:00
Stanislav Malyshev
c6e34d91b8 Fix bug #77371 (heap buffer overflow in mb regex functions - compile_string_node) 2019-01-06 11:38:46 -08:00
Stanislav Malyshev
deb06bbb9c Fix bug #77370 - check that we do not read past buffer end when parsing multibytes 2019-01-06 11:38:46 -08:00
Stanislav Malyshev
c95daa9c75 Fix more issues with encodilng length 
Should fix bug #77381, bug #77382, bug #77385, bug #77394.
 2019-01-06 11:34:27 -08:00
Stanislav Malyshev
28362ed4fa Fix bug #77371 (heap buffer overflow in mb regex functions - compile_string_node) 2019-01-06 11:33:54 -08:00