php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-03 22:22:18 +02:00
Code Issues Packages Projects Releases Wiki Activity
116,100 Commits 547 Branches 1,481 Tags
6bef57f2e27239ceb88d2dc3a44fbecb7cdfe8e7
Commit Graph

5229 Commits

Author SHA1 Message Date
Stanislav Malyshev
6bef57f2e2 Merge branch 'PHP-7.4' 
* PHP-7.4:
  Fix bug #78599 (env_path_info underflow can lead to RCE) (CVE-2019-11043)
  bump versions after release
  set versions for release
 2019-10-21 13:17:32 -07:00
Stanislav Malyshev
59953efc09 Merge branch 'PHP-7.3' into PHP-7.4 
* PHP-7.3:
  Fix bug #78599 (env_path_info underflow can lead to RCE) (CVE-2019-11043)
  bump versions after release
  set versions for release
 2019-10-21 13:17:27 -07:00
Stanislav Malyshev
57b4dcbe77 Merge branch 'PHP-7.2' into PHP-7.3 
* PHP-7.2:
  Fix bug #78599 (env_path_info underflow can lead to RCE) (CVE-2019-11043)
  bump versions after release
  set versions for release
 2019-10-21 13:17:19 -07:00
Stanislav Malyshev
4b5cdda0c7 Merge branch 'PHP-7.1' into PHP-7.2 
* PHP-7.1:
  Fix bug #78599 (env_path_info underflow can lead to RCE) (CVE-2019-11043)
  bump versions after release
  set versions for release
 2019-10-21 13:17:09 -07:00
Jakub Zelenka
ab061f95ca Fix bug #78599 (env_path_info underflow can lead to RCE) (CVE-2019-11043) 2019-10-20 22:50:04 -07:00
Jakub Zelenka
878f8b0b23 Merge branch 'PHP-7.4' 2019-10-20 16:59:30 +01:00
Maksim Nikulin
d537ae73e0 Skip fpm bug #74083 test on Windows 
Have not expected side effects of `include`.
 2019-10-20 16:08:55 +01:00
Maksim Nikulin
2f9f409156 Add (slow) test for fpm concurrent reloads #74083 2019-10-20 16:08:55 +01:00
Maksim Nikulin
ae5154c6c6 Block signals during fpm master initialization 
Fix PHP-FPM failure in the case of concurrent reload attempts.

Postpone signal delivery to the fpm master process till proper signal
handlers are set. Prevent the following case:

- Running master process receives `SIGUSR2` and performs `execvp()`.
- Another `SIGUSR2` is arrived before signal handlers are set.
- Master process dies.
- Requests to the HTTP server handled by PHP-fpm can not be served
  any more.

Block some signals using `sigprocmask()` before `execvp()` and early
in the `main()` function. Unblock signals as soon as proper
handlers are set.

Fixes bug #74083
 2019-10-20 16:08:55 +01:00
Christoph M. Becker
0436bc875e Merge branch 'PHP-7.4' 
* PHP-7.4:
  Fix miscellaneous typos in docs
 2019-10-19 19:20:25 +02:00
Tyson Andre
38f388fba4 Fix miscellaneous typos in docs 2019-10-19 19:19:28 +02:00
Christoph M. Becker
273731fb76 Add Zend class/interface arginfo stubs 
We also change `Generator::throw()` to expect a `Throwable` in the
first place, and we now throw a TypeError instead of returning `false`
from `Exception::getTraceAsString()`.
 2019-10-15 16:21:00 +02:00
Nikita Popov
db233501ff Use clean shutdown on uncaught exception 2019-10-11 12:41:15 +02:00
Dmitry Stogov
b64a182233 Revert "Link executable files using non PIC object files. This reduces PIC overhead and improves performance." 
This reverts commit eef85229d0.
 2019-10-10 16:28:59 +03:00
Nikita Popov
f1aff654be Use php stream in exif fuzzer 
This has the main benefit that we don't go through the
realpath cache, which will cause leak checking to be
disabled.
 2019-10-10 12:33:15 +02:00
Nikita Popov
bd21e202b9 Reduce oniguruma limits in fuzzing sapi 
The defaults are fairly conservative and may still take quite a
bit to match a single expression. Reduce them by a factor of 10x
to speed up fuzzing.
 2019-10-08 17:38:49 +02:00
Fabien Villepinte
76c8f2ed34 Fix regex in generate_parser_corpus.php 
The next section after --FILE-- is not necessarily --EXPECT--.
Accept any section.

Closes GH-4770.
 2019-10-02 16:56:41 +02:00
Nikita Popov
872a759f88 Limit input size in exif fuzzer 
Probably still too much...
 2019-10-01 18:29:23 +02:00
Nikita Popov
4d49ec208e Add --enable-fuzzer-msan flag 
To build fuzzers with memory sanitizer.
 2019-10-01 13:04:47 +02:00
Nikita Popov
15761ef359 Pass mode to open() in exif fuzzer 
Funny how despite all those sanitizers running, nothing ever
caught this...
 2019-09-30 18:23:47 +02:00
Nikita Popov
235983dfde Merge branch 'PHP-7.4' 2019-09-30 17:52:39 +02:00
Fabien Villepinte
0aa3acc6c4 Fix borked SKIPIFs 2019-09-30 17:51:41 +02:00
Nikita Popov
b442a9b69b Merge branch 'PHP-7.4' 2019-09-30 12:54:45 +02:00
Nikita Popov
27f5785363 Merge branch 'PHP-7.3' into PHP-7.4 2019-09-30 12:54:18 +02:00
Sergei Turchanov
e546d721e8 Fix #78413: php-fpm request_terminate_timeout does not take effect after fastcgi_finish_request 
To retain legacy behavior I decided to add an option to control request
termination logic. If request_terminate_timeout_track_finished is set,
then request will be tracked for time limits even after
fastcgi_finish_request was called.

This patch depends on the fix provided in BUG 78469 (otherwise php-fpm
workers listening on named pipes on Windows will be erroneously terminated)
(PR #4636)
 2019-09-30 12:54:09 +02:00
Nikita Popov
61f8f68a79 Make fuzzing sapi i386 compatible 
* Avoid an unnecessary -lstdc++ dependency. It's not going to be
   used in the end anyway, and is an unnecessary hassle to set up.
 * Use $LIB_FUZZING_ENGINE instead of hardcoding -lFuzzingEngine.
 2019-09-27 23:58:48 +02:00
Nikita Popov
31ff9f3e29 Merge branch 'PHP-7.4' 2019-09-27 11:20:48 +02:00
Nikita Popov
f2826954ac XFAIL sapi/fpm/tests/log-bwd-multiple-msgs-stdout-stderr.phpt 
This is supposed to be addressed by GH-4007, but that seems stalled
for now.
 2019-09-27 11:18:50 +02:00
Nikita Popov
7e295da81c Limit max length for parser fuzzer 
We're getting some very large inputs (~500KB) on OSS-Fuzz, which
slot down performance a lot. Let's try limiting this, starting
with a still fairly large value of 64KB.

Also remove the max_execution_time limit, so that slow test cases
cause a genuine libfuzzer timeout and we may investigate them.
 2019-09-26 10:45:47 +02:00
Gabriel Caruso
5d6e923d46 Remove mention of PHP major version in Copyright headers 
Closes GH-4732.
 2019-09-25 14:51:43 +02:00
Nikita Popov
1fe47ad233 Add new entries for exif and unserialize fuzzing corpus 2019-09-24 12:34:30 +02:00
Nikita Popov
8d7911ef56 Standardize type printing in reflection 
Use ?T instead of "T or NULL".
 2019-09-23 15:40:03 +02:00
Nikita Popov
418d243e37 Change instructions to use oniguruma from git 
Some bugs are already fixed there.

[ci skip]
 2019-09-18 14:56:25 +02:00
Nikita Popov
d7b4cdff3f Add instructions for building an instrumented libonig 
[ci skip]
 2019-09-18 12:49:42 +02:00
Nikita Popov
f613e32058 Merge branch 'PHP-7.4' 2019-09-17 12:19:57 +02:00
Nikita Popov
1a5f04688e Merge branch 'PHP-7.3' into PHP-7.4 2019-09-17 12:19:45 +02:00
Nikita Popov
3a2fa489dd Merge branch 'PHP-7.2' into PHP-7.3 2019-09-17 12:19:39 +02:00
Drakano
252ebce0d7 Add tilde to allowed status/ping path 
Because of user specific webdirs it should be possible to set a
status/ping path like "/~username/status".

Closes GH-4698.
 2019-09-17 12:19:21 +02:00
Nikita Popov
c1adb7a74e Move scripts out of corpus/ directory 2019-09-16 20:18:29 +02:00
Nikita Popov
c4e2ca607f Various improvements to fuzzer SAPIs 2019-09-16 16:04:10 +02:00
Stanislav Malyshev
41f45647f9 Add fuzzer SAPIs to the core 2019-09-16 16:04:09 +02:00
Nikita Popov
a86e04876b Merge branch 'PHP-7.4' 2019-09-14 00:25:39 +02:00
Nikita Popov
fa07a9c223 Fix symtable_cache_limit assignment in phpdbg 
The meaning of the limit changed in 7.4, it now points one past the
end. Adjust code accordingly.
 2019-09-14 00:25:07 +02:00
Dmitry Stogov
eef85229d0 Link executable files using non PIC object files. This reduces PIC overhead and improves performance. 2019-09-07 11:59:11 +03:00
Dmitry Stogov
64b2ee606c Merge branch 'non_pic' 
* non_pic:
  Link executable files using non PIC object files. This reduces PIC overhead and improves performance.
 2019-09-06 11:45:43 +03:00
Nikita Popov
edf5896a4e Merge branch 'PHP-7.4' 2019-09-05 18:29:30 +02:00
Nikita Popov
9ec61e43d4 Fix pipe detection and stream position handling 
There are two related changes here:
1. Also check for S_ISCHR/FILE_TYPE_CHAR when checking for pipes, so
   that we detect ttys as well, which are also not seekable.
2. Always set position=-1 (i.e. ftell will return false) when a pipe
   is detected. Previously position=0 was sometimes used, depending on
   whether we're on Windows/Linux and whether the FD or FILE codepath
   was used.
 2019-09-05 18:29:15 +02:00
Dmitry Stogov
56e880af9f Link executable files using non PIC object files. This reduces PIC overhead and improves performance. 2019-09-03 23:42:22 +03:00
Nikita Popov
be8247101d Merge branch 'PHP-7.4' 2019-08-30 11:02:40 +02:00
Nikita Popov
b4088ba509 Avoid accessing undefined index in CLI server test 2019-08-30 11:02:30 +02:00