php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-20 06:21:12 +02:00
Code Issues Packages Projects Releases Wiki Activity
83,644 Commits 547 Branches 1,483 Tags
8856b3a63c6b3eefe83aecaa9e18afb640173708
Commit Graph

696 Commits

Author SHA1 Message Date
Stanislav Malyshev
f5a9592ad8 Fix bug #73035 (Out of bound when verify signature of tar phar in phar_parse_tarfile) 2016-09-12 21:04:23 -07:00
Stanislav Malyshev
223266e4e4 Fix bug #72928 - Out of bound when verify signature of zip phar in phar_parse_zipfile 2016-09-12 21:04:23 -07:00
Anatol Belski
5efd2a33df fix double free 2016-09-03 00:01:04 +02:00
Anatol Belski
e3bd360ec9 fix test 
There is a difference between TS and NTS warning message, since
virtual_mkdir vs glibc directly is used. This has no effect for
the actual fix functionality.
 2016-06-21 16:20:03 +02:00
Stanislav Malyshev
d144590d38 Fix bug #72321 - use efree() for emalloc allocation 2016-06-12 21:35:13 -07:00
Anatol Belski
23d0065744 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  fix dir separator in test
 2016-03-29 14:19:35 +02:00
Anatol Belski
551423c642 fix dir separator in test 2016-03-29 14:18:25 +02:00
Stanislav Malyshev
62da5cdf3d Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Fixed bug #71906: AddressSanitizer: negative-size-param (-1) in mbfl_strcut
  Fix bug #71798 - Integer Overflow in php_raw_url_encode
  Fix bug #71860: Require valid paths for phar filenames
  Going for 5.5.34

Conflicts:
	configure.in
	ext/phar/tests/create_path_error.phpt
	main/php_version.h
 2016-03-28 23:21:15 -07:00
Stanislav Malyshev
72281f29dd Fix bug #71860: Require valid paths for phar filenames 2016-03-20 21:33:11 -07:00
Anatol Belski
a1d1f54b42 fix directory separator 2016-03-09 14:16:29 +01:00
Stanislav Malyshev
b3bb1aacfe Merge branch 'PHP-5.6.19' into PHP-5.6 
* PHP-5.6.19:
  fix test file
  Fix version
  Update NEWS
 2016-03-01 22:56:08 -08:00
Stanislav Malyshev
6e6a556b8c Merge branch 'PHP-5.5' into PHP-5.6.19 
* PHP-5.5:
  fix test file
  Fix version
  Update NEWS
 2016-03-01 22:55:49 -08:00
Stanislav Malyshev
3c8ccdd9d3 fix test file 2016-03-01 22:55:02 -08:00
Stanislav Malyshev
ae3f132be1 Merge branch 'PHP-5.6.19' into PHP-5.6 
* PHP-5.6.19:
  update NEWS
  Fix bug #71498: Out-of-Bound Read in phar_parse_zipfile()
  fix ts buld
  prep for 5.6.19RC1
  Fixed bug #71587 - Use-After-Free / Double-Free in WDDX Deserialize
 2016-03-01 22:42:16 -08:00
Stanislav Malyshev
91990bbde0 Merge branch 'PHP-5.5.33' into PHP-5.6.19 
* PHP-5.5.33:
  Fix bug #71498: Out-of-Bound Read in phar_parse_zipfile()
  Fixed bug #71587 - Use-After-Free / Double-Free in WDDX Deserialize
 2016-03-01 22:40:00 -08:00
Jos Elstgeest
50b4cafd28 Fixed bugs #71317 and #71504 
If there are duplicate filenames in tar, the last one wins.
 2016-02-29 22:34:35 +01:00
Stanislav Malyshev
a6fdc5bb27 Fix bug #71498: Out-of-Bound Read in phar_parse_zipfile() 2016-02-21 16:51:05 -08:00
Anatol Belski
688b914217 add test for bug #71625 2016-02-18 19:38:39 +01:00
Anatol Belski
0445abd547 Fixed bug #71625 Crash in php7.dll with bad phar filename 2016-02-18 19:32:08 +01:00
Anatol Belski
a3927fa7f5 fix dir separator in test 2016-02-15 08:58:20 +01:00
Stanislav Malyshev
309ead112f Merge branch 'PHP-5.5.32' into PHP-5.6.18 
* PHP-5.5.32:
  Fixed bug #71488: Stack overflow when decompressing tar archives
  update NEWS
  add missing headers for SIZE_MAX
  backport the escapeshell* functions hardening branch
  add tests
  Fix bug #71459 - Integer overflow in iptcembed()
  Fixed bug #71323 - Output of stream_get_meta_data can be falsified by its input
  Fix bug #71391: NULL Pointer Dereference in phar_tar_setupmetadata()
  Fix bug #71335: Type Confusion in WDDX Packet Deserialization
  Fix bug #71354 - remove UMR when size is 0
 2016-02-01 18:32:31 -08:00
Stanislav Malyshev
07c7df68bd Fixed bug #71488: Stack overflow when decompressing tar archives 2016-01-31 19:37:56 -08:00
Stanislav Malyshev
1c1b8b6998 Fix bug #71391: NULL Pointer Dereference in phar_tar_setupmetadata() 2016-01-16 20:43:43 -08:00
Stanislav Malyshev
4c2424eb24 Fixed bug #71331 - Uninitialized pointer in phar_make_dirstream() 2016-01-14 22:58:40 -08:00
Stanislav Malyshev
13ad4d3e97 Fix bug #71354 - remove UMR when size is 0 2016-01-13 16:32:29 -08:00
Lior Kaplan
53fb2f1e5c Happy new year (Update copyright to 2016) 2016-01-03 01:44:37 +02:00
Lior Kaplan
49493a2dcf Happy new year (Update copyright to 2016) 2016-01-01 19:21:47 +02:00
Julien Pauli
0fd71d1184 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Fixed test
  5.5.31 now

Conflicts:
	configure.in
	main/php_version.h
 2015-09-30 13:19:18 +02:00
Julien Pauli
d7fb43e30d Fixed test 2015-09-30 13:18:16 +02:00
Stanislav Malyshev
2e267bd3c7 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Better fix for bug #70433

Conflicts:
	ext/phar/dirstream.c
 2015-09-28 21:42:08 -07:00
Stanislav Malyshev
1ddf72180a Better fix for bug #70433 2015-09-28 21:41:02 -07:00
Stanislav Malyshev
51b23cd0f0 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  fix memory leak
  FIx bug #70433 - Uninitialized pointer in phar_make_dirstream when zip entry filename is "/"

Conflicts:
	ext/phar/dirstream.c
 2015-09-28 20:44:28 -07:00
Stanislav Malyshev
f98ab19dc0 fix memory leak 2015-09-28 20:43:18 -07:00
Stanislav Malyshev
e78ac461db FIx bug #70433 - Uninitialized pointer in phar_make_dirstream when zip entry filename is "/" 2015-09-28 17:12:35 -07:00
Stanislav Malyshev
f39a4ee0c9 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Fix bug #69720: Null pointer dereference in phar_get_fp_offset()
 2015-09-28 16:59:46 -07:00
Stanislav Malyshev
d698f0ae51 Fix bug #69720: Null pointer dereference in phar_get_fp_offset() 2015-09-28 15:56:51 -07:00
Julien Pauli
bb98ed600a Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Merge branch 'PHP-5.6'
  bump version

Conflicts:
	configure.in
	main/php_version.h
 2015-09-02 17:55:20 +02:00
Matteo Beccati
a12cef979d Merge branch 'PHP-5.6' 
* PHP-5.6:
  Added missing skipif for phar+zlib test
 2015-09-02 17:53:36 +02:00
Matteo Beccati
9d816f1bcf Added missing skipif for phar+zlib test 2015-08-29 10:47:02 +02:00
Anatol Belski
2b9c7f881a fix tests 2015-08-21 15:13:39 +02:00
Stanislav Malyshev
eb7ba73079 virtual_file_ex uses emalloc in 5.6+ 2015-08-04 16:31:57 -07:00
Stanislav Malyshev
ed709d5aa0 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  update NEWS
  fix test
  update NEWS
  Fix bug #70019 - limit extracted files to given directory
  Do not do convert_to_* on unserialize, it messes up references
  Fix #69793 - limit what we accept when unserializing exception
  Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
  Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
  ignore signatures for packages too
  Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
  Fixed bug #69892
  Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
  Improved fix for Bug #69441
  Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
  Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
  Fix bug #70081: check types for SOAP variables

Conflicts:
	ext/soap/php_http.c
	ext/spl/spl_observer.c
 2015-08-04 15:29:13 -07:00
Stanislav Malyshev
69ed3969dd Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fix bug #70019 - limit extracted files to given directory
  Do not do convert_to_* on unserialize, it messes up references
  Fix #69793 - limit what we accept when unserializing exception
  Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
  Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
  ignore signatures for packages too
  Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
  Fixed bug #69892
  Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
  Improved fix for Bug #69441
  Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
  Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
  Fix bug #70081: check types for SOAP variables

Conflicts:
	.gitignore
	ext/date/php_date.c
	ext/spl/spl_array.c
	ext/spl/spl_observer.c
 2015-08-04 14:10:57 -07:00
Stanislav Malyshev
dda81f0505 Fix bug #70019 - limit extracted files to given directory 2015-08-04 14:02:31 -07:00
Stanislav Malyshev
7a4584d3f6 Improved fix for Bug #69441 2015-07-26 17:31:12 -07:00
Stanislav Malyshev
6c884e8e84 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Better fix for bug #69958
  update news
  Fix bug #69669 (mysqlnd is vulnerable to BACKRONYM)
  Fix bug #69923 - Buffer overflow and stack smashing error in phar_fix_filepath
  Fix bug #69958 - Segfault in Phar::convertToData on invalid file
  Better fix for bug #69958
  Better fix for bug #69958
  update news
  Fix bug #69669 (mysqlnd is vulnerable to BACKRONYM)
  Fix bug #69923 - Buffer overflow and stack smashing error in phar_fix_filepath
  Fix bug #69958 - Segfault in Phar::convertToData on invalid file

Conflicts:
	ext/phar/phar_object.c
 2015-07-07 10:12:51 -07:00
Stanislav Malyshev
885edfef0a Better fix for bug #69958 2015-07-07 09:38:31 -07:00
Stanislav Malyshev
6dedeb40db Fix bug #69923 - Buffer overflow and stack smashing error in phar_fix_filepath 2015-07-07 09:38:31 -07:00
Stanislav Malyshev
bf58162ddf Fix bug #69958 - Segfault in Phar::convertToData on invalid file 2015-07-07 09:38:30 -07:00
Stanislav Malyshev
ed84af4b88 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Better fix for bug #69958
 2015-07-07 00:01:42 -07:00