php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-21 23:18:13 +02:00
Code Issues Packages Projects Releases Wiki Activity
83,644 Commits 549 Branches 1,484 Tags
8856b3a63c6b3eefe83aecaa9e18afb640173708
Commit Graph

8706 Commits

Author SHA1 Message Date
Stanislav Malyshev bc85678df3 Add more mbfl string size checks (bug #73505) 2016-11-26 14:49:48 -08:00
Nikita Popov 2d19c92fc2 Make php_url_parse_ex() respect length argument 
This should fix all out-of-bounds reads that could previously
occur if the string passed to php_url_parse_ex() is not NUL
terminated.
 2016-11-22 19:24:24 +01:00
Nikita Popov f0f68c7274 Cleanup parse_url() query/fragment handling 
The query/fragment handling was pretty convoluted, with many parts
being duplicated. Simplify by checking for fragment, then for query,
then for path.
 2016-11-22 19:24:23 +01:00
Nikita Popov 9befad6fc2 Cleanup parse_url() gotos 
Simplify some unnecessarily complicated code. In particular the
length updates are unnecessary (length is only used at the very
start) and we're goto'ing around a bit too much.
 2016-11-22 19:24:21 +01:00
Mitch Hagstrand 55980684f6 Fix the lchwon error test for Travis CI. 
The E_WARNING message from the PHP function lchown is passed
from the system function lchown. The error message returned
from lchown can be filesystem dependent.
 2016-11-18 17:55:44 +01:00
Julien Pauli 49030f2a25 Improvement for bug73297 2016-11-17 11:33:36 +01:00
Rowan Collins eba5e276c7 Simplify ext/standard/tests/http/bug73297.phpt 2016-11-17 11:04:57 +01:00
Rowan Collins aec1a5eccc http_fopen_wrapper.c - bug#73297 Skip past "100 Continue" responses 2016-11-17 11:04:56 +01:00
Rowan Collins 6122526cea Add failing test for bug#73297 2016-11-17 11:04:56 +01:00
Anatol Belski 33766347cb Merge remote-tracking branch 'phpsec/PHP-5.6.28' into PHP-5.6 2016-11-08 11:06:52 +01:00
Anatol Belski 617f38b0e0 fix dir separator in test 2016-11-04 18:29:54 +01:00
Stanislav Malyshev 1fd18821e0 More string length checks & fixes 2016-11-03 21:35:09 -07:00
Christoph M. Becker 2eacb53fc4 Fix #73436: Setting allow_url_fopen to Off makes several tests fail 
We make sure that these tests run with allow_url_fopen=1.
 2016-11-01 20:13:53 +01:00
Stanislav Malyshev f74d7d92c8 Fix bug #73144 and bug #73341 - remove extra dtor 2016-10-23 22:03:16 -07:00
Sara Golemon 43ccf23d70 Clear FG(user_stream_current_filename) when bailing out 
If a userwrapper opener E_ERRORs then FG(user_stream_current_filename)
would remain set until the next request and would not be pointing
at unallocated memory.

Catch the bailout, clear the variable, then continue bailing.

Closes https://bugs.php.net/bug.php?id=73188
 2016-10-11 21:55:01 -07:00
Stanislav Malyshev 689a9b8def Merge branch 'PHP-5.6.27' into PHP-5.6 
* PHP-5.6.27:
  Fix tests
  fix tsrm
  Fix bug #73284 - heap overflow in php_ereg_replace function
  Fix bug #73276 - crash in openssl_random_pseudo_bytes function
  Fix bug #73293 - NULL pointer dereference in SimpleXMLElement::asXML()
  fix bug #73275 - crash in openssl_encrypt function
  Fix for #73240 - Write out of bounds at number_format
  Bug #73218: add mitigation for ICU int overflow
  Add more locale length checks, due to ICU bugs.
  Fix bug #73208 - another missing length check
  Fix bug #73190: memcpy negative parameter _bc_new_num_ex
  Fix bug #73189 - Memcpy negative size parameter php_resolve_path
  Fixed bug #73174 - heap overflow in php_pcre_replace_impl
  Fix bug #73150: missing NULL check in dom_document_save_html
  Fix bug #73147: Use After Free in PHP7 unserialize()
  Fix bug #73082
  Fix bug #73073 - CachingIterator null dereference when convert to string
 2016-10-11 16:26:35 -07:00
Stanislav Malyshev 082d1f2375 Fix tests 2016-10-11 16:18:08 -07:00
Stanislav Malyshev c1112ff323 fix tsrm 2016-10-11 14:39:16 -07:00
Stanislav Malyshev 8259130b6b Fix for #73240 - Write out of bounds at number_format 2016-10-10 23:42:50 -07:00
Nikita Popov b061fa909d Fix bug #73192 2016-10-08 01:04:22 +02:00
Nikita Popov bc3a0b82b8 Revert "Fixed test" 
This reverts commit a10d03ac16.
 2016-10-08 00:43:36 +02:00
Nikita Popov 1c468ee044 Revert "Added validation to parse_url() to prohibit restricted characters inside login/pass components based on RFC3986" 
This reverts commit 085dfca02b.
 2016-10-08 00:43:17 +02:00
Anatol Belski 07546496b1 Fix bug #73037, second round 2016-10-05 14:54:06 +02:00
Ilia Alshanetsky a10d03ac16 Fixed test 2016-10-04 21:20:38 -07:00
Ilia Alshanetsky 085dfca02b Added validation to parse_url() to prohibit restricted characters inside login/pass components based on RFC3986 2016-10-04 21:20:31 -07:00
Stanislav Malyshev 8ea01d5f19 Apparently negative wordwrap is a thing and should work as length = 0. 
I'll leave it as is for now.
 2016-10-03 19:17:42 -07:00
Stanislav Malyshev 631173aa5c Really fix bug #73017 2016-10-03 18:07:21 -07:00
Christoph M. Becker e72165bb86 Fix #73203: passing additional_parameters causes mail to fail 
We make sure that there's no unsigned underflow, which happened for `y==0`.
 2016-09-30 11:38:09 +02:00
Remi Collet 3c117d4136 fix test (32bits) 2016-09-15 15:32:39 +02:00
Stanislav Malyshev 6a7cc8ff85 Fix bug #73052 - Memory Corruption in During Deserialized-object Destruction 2016-09-12 21:04:23 -07:00
Stanislav Malyshev 7381d4c00e Add check in fgetcsv in case sizeof(unit) != sizeof(size_t) 2016-09-12 21:04:23 -07:00
Stanislav Malyshev 65c8caafa8 Also fix overflow in wordwrap 2016-09-12 21:04:23 -07:00
Stanislav Malyshev ba5ac0d360 Add more checks for int overflow 2016-09-12 21:04:23 -07:00
Stanislav Malyshev 19866fb76c Fix various int size overflows. 
Add function for detection of string zvals with length that does not fit
INT_MAX.
 2016-09-12 21:04:23 -07:00
Anatol Belski 669fda00b7 Bug #73058 crypt broken when salt is 'too' long 2016-09-10 02:39:28 +02:00
Christoph M. Becker b2d267d9ee Fix #71882 amendment 2: Negative ftruncate() on php://memory exhausts memory 2016-08-31 16:33:14 +02:00
Christoph M. Becker 314a9f8553 Fix #71882 amendment: Negative ftruncate() on php://memory exhausts memory 
To avoid BC breaks, we do not raise a warning for now.
 2016-08-31 14:51:37 +02:00
Ville Hukkamäki af7828a20f Test case for bug #72771 2016-08-30 13:44:34 +02:00
Christoph M. Becker 207dab585a Fix #71882: Negative ftruncate() on php://memory exhausts memory 
We must not pass negative sizes to a size_t parameter.
 2016-08-30 02:05:45 +02:00
Anatol Belski 295303b590 Fixed bug #72703 Out of bounds global memory read in BF_crypt triggered by password_verify 2016-08-29 20:25:34 +02:00
Christoph M. Becker 2139918ea6 Fix #65550: get_browser() incorrectly parsers entries with "+" sign 
+ signs in the browscap patterns are meant to be literal characters, so we
have to escape them for the regex matching.
 2016-08-27 01:12:01 +02:00
Xinchen Hui abe00908af Fixed bug #72853 (stream_set_blocking doesn't work) 
Implemented  PHP_STREAM_OPTION_META_DATA_API for plain_wrappers
 2016-08-17 16:54:21 +08:00
Stanislav Malyshev 4bf5c3187f BLock test with memory leak 2016-08-16 22:55:44 -07:00
Stanislav Malyshev 40bd921cea Fix TSRM build 2016-08-16 22:55:43 -07:00
Stanislav Malyshev 35a8ed2f62 Fix bug #72850 - integer overflow in uuencode 2016-08-16 22:55:43 -07:00
Stanislav Malyshev b9e81e5844 Fixed bug #72849 - integer overflow in urlencode 2016-08-16 22:55:42 -07:00
Stanislav Malyshev 24d741d376 Fix bug #72848 - integer overflow in quoted_printable_encode caused heap corruption 2016-08-16 22:55:42 -07:00
Stanislav Malyshev d6a43a8562 Fix bug #72836 - integer overflow in base64_decode caused heap corruption 2016-08-16 22:55:41 -07:00
Stanislav Malyshev e018ff094f Fix bug #72771: ftps:// opendir wrapper is vulnerable to protocol downgrade attack 2016-08-16 22:55:39 -07:00
Stanislav Malyshev 639f7fde6a Improve fix for #72663 2016-08-16 22:55:20 -07:00