php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-26 09:28:21 +02:00
Code Issues Packages Projects Releases Wiki Activity
95,107 Commits 549 Branches 1,485 Tags
941b56dd4a1da83c19d0fc8e99fd0c7fc6feed21
Commit Graph

10103 Commits

Author SHA1 Message Date
Anatol Belski c403b30291 pick up the safe alloc pieces from 
19866fb76c
 2016-09-13 11:50:18 +02:00
Stanislav Malyshev 07c6bdb85d Merge branch 'PHP-7.0.11' into PHP-7.0 
* PHP-7.0.11: (22 commits)
  Fix bug #72293 - Heap overflow in mysqlnd related to BIT fields
  I don't think 8cceb012a7 is needed
  Fix test
  Add check in fgetcsv in case sizeof(unit) != sizeof(size_t)
  Fix bug #73065: Out-Of-Bounds Read in php_wddx_push_element of wddx.c
  Fix bug #73035 (Out of bound when verify signature of tar phar in phar_parse_tarfile)
  Fix bug #73052 - Memory Corruption in During Deserialized-object Destruction
  Fix bug #73029 - Missing type check when unserializing SplArray
  Fix bug #72860: wddx_deserialize use-after-free
  Fix bug #73007: add locale length check
  Fix bug #72928 - Out of bound when verify signature of zip phar in phar_parse_zipfile
  sync NEWS
  Revert "Merge branch 'PHP-5.6' into PHP-7.0"
  Merge branch 'PHP-5.6' into PHP-7.0
  Merge branch 'PHP-5.6' into PHP-7.0
  Revert "Revert "Merge branch 'PHP-5.6' into PHP-7.0""
  fix version
  sync NEWS
  Fix bug #72957
  set versions
  ...
 2016-09-12 21:09:30 -07:00
Stanislav Malyshev 32e0b46997 I don't think 8cceb012a7 is needed 2016-09-12 20:15:22 -07:00
Anatol Belski 8cceb012a7 Add check in fgetcsv in case sizeof(unit) != sizeof(size_t) 
(cherry picked from commit 99ac11222cb2a4e9aa6a865f908b28def349c049)

Conflicts:
	ext/standard/file.c
 2016-09-12 18:59:38 +02:00
Stanislav Malyshev 27876d22ef Fix bug #73052 - Memory Corruption in During Deserialized-object Destruction 
(cherry picked from commit b6e1e5e0b3e6221c7b14fa10cba30f5c5e719e1b)

Conflicts:
	Zend/zend_objects_API.c
	ext/standard/var_unserializer.c
	ext/standard/var_unserializer.re
 2016-09-12 17:53:44 +02:00
Andrea Faulds d690014bf3 Remove zpp fallback code (always use Fast ZPP) 
Squashed commit of the following:

commit 3e27fbb3d2
Author: Andrea Faulds <ajf@ajf.me>
Date:   Sun Sep 11 19:14:37 2016 +0100

    Keep dummy FAST_ZPP macro for compatibility

commit 8a7cfd00de
Author: Andrea Faulds <ajf@ajf.me>
Date:   Mon Sep 5 22:36:03 2016 +0100

    Remove FAST_ZPP macro and plain zpp fallback code
 2016-09-11 22:44:46 +01:00
Anatol Belski 65bf5e88c7 Revert "Merge branch 'PHP-5.6' into PHP-7.0" 
This reverts commit 946335ba70, reversing
changes made to 3437dbfa00.
 2016-09-11 12:59:43 +02:00
Christoph M. Becker 2970630133 Merge branch 'PHP-5.6' into PHP-7.0 
(cherry picked from commit f93fd8ce32)
 2016-09-11 12:59:43 +02:00
Christoph M. Becker 874697e30a Merge branch 'PHP-5.6' into PHP-7.0 
(cherry picked from commit 8f32d609c5)
 2016-09-11 12:59:43 +02:00
Anatol Belski d947d974d5 Revert "Revert "Merge branch 'PHP-5.6' into PHP-7.0"" 
This reverts commit 62d5bfb527.
 2016-09-11 12:59:43 +02:00
Anatol Belski e539ea439b Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Bug #73058 crypt broken when salt is 'too' long
 2016-09-10 02:44:21 +02:00
Anatol Belski 669fda00b7 Bug #73058 crypt broken when salt is 'too' long 2016-09-10 02:39:28 +02:00
Andrea Faulds 009ee6e503 Unbreak FAST_ZPP dead code 2016-09-05 22:12:26 +01:00
Julien Pauli e14b14d026 Fix warning about sign-mismatch comparisons 2016-09-02 17:01:52 +02:00
Christoph M. Becker f93fd8ce32 Merge branch 'PHP-5.6' into PHP-7.0 2016-08-31 16:38:38 +02:00
Christoph M. Becker b2d267d9ee Fix #71882 amendment 2: Negative ftruncate() on php://memory exhausts memory 2016-08-31 16:33:14 +02:00
Christoph M. Becker 8f32d609c5 Merge branch 'PHP-5.6' into PHP-7.0 2016-08-31 14:53:53 +02:00
Christoph M. Becker 314a9f8553 Fix #71882 amendment: Negative ftruncate() on php://memory exhausts memory 
To avoid BC breaks, we do not raise a warning for now.
 2016-08-31 14:51:37 +02:00
Nikita Popov 2c12a5f0a8 Merge branch 'PHP-5.6' into PHP-7.0 2016-08-30 13:44:59 +02:00
Ville Hukkamäki af7828a20f Test case for bug #72771 2016-08-30 13:44:34 +02:00
Anatol Belski 62d5bfb527 Revert "Merge branch 'PHP-5.6' into PHP-7.0" 
This reverts commit 65f0c163f9, reversing
changes made to 4b45c0a9a7.
 2016-08-30 12:06:46 +02:00
Christoph M. Becker 65f0c163f9 Merge branch 'PHP-5.6' into PHP-7.0 2016-08-30 02:13:48 +02:00
Christoph M. Becker 207dab585a Fix #71882: Negative ftruncate() on php://memory exhausts memory 
We must not pass negative sizes to a size_t parameter.
 2016-08-30 02:05:45 +02:00
Anatol Belski 946335ba70 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Fixed bug #72703 Out of bounds global memory read in BF_crypt triggered by password_verify
 2016-08-29 20:32:55 +02:00
Anatol Belski 295303b590 Fixed bug #72703 Out of bounds global memory read in BF_crypt triggered by password_verify 2016-08-29 20:25:34 +02:00
Anatol Belski d80a317c0b fix leak 2016-08-29 15:43:10 +02:00
Christoph M. Becker 8fcfacf746 Merge branch 'PHP-5.6' into PHP-7.0 2016-08-27 01:18:10 +02:00
Christoph M. Becker 2139918ea6 Fix #65550: get_browser() incorrectly parsers entries with "+" sign 
+ signs in the browscap patterns are meant to be literal characters, so we
have to escape them for the regex matching.
 2016-08-27 01:12:01 +02:00
Kalle Sommer Nielsen 1e4cae28b2 Seems like I did a bad merge earlier, this should make PHP-7.0 sync with 7.1/master properly now 2016-08-17 16:34:22 +02:00
Anatol Belski 05c8a0771d fix tests 
The 70436 test is just a bonus for the hardening in 72633.
 2016-08-17 12:39:35 +02:00
Xinchen Hui 3956deb1b2 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Fixed bug #72853 (stream_set_blocking doesn't work)

Conflicts:
	main/streams/plain_wrapper.c
 2016-08-17 16:56:02 +08:00
Xinchen Hui abe00908af Fixed bug #72853 (stream_set_blocking doesn't work) 
Implemented  PHP_STREAM_OPTION_META_DATA_API for plain_wrappers
 2016-08-17 16:54:21 +08:00
Nikita Popov e0f9fbdfa6 Bug #72663 - part 3 
When using the php_serialize session serialization handler, do
not use the result of the unserialization if it failed.
 2016-08-17 01:01:03 -07:00
Nikita Popov 61f2f5a0f7 Bug #72663 - part 2 
If a (nested) unserialize() call fails, we remove all the values
that were inserted into var_hash during that call. This prevents
their use in other unserializations in the same context.
 2016-08-17 00:47:02 -07:00
Nikita Popov 2135fdef9b Bug #72663 - part 1 
Don't call __destruct() on an unserialized object that has a
__wakeup() method if either
a) unserialization of its properties fails or
b) the __wakeup() call fails (e.g. by throwing).

This basically treats __wakeup() as a form of constructor and
aligns us with the usual behavior that if the constructor call
fails the destructor should not be called.

The security aspect here is that people use __wakeup() to prevent
unserialization of objects with dangerous __destruct() methods,
but this is ineffective if __destruct() can still be called while
__wakeup() was skipped.
 2016-08-17 00:45:57 -07:00
Stanislav Malyshev 0d13325b66 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6: (24 commits)
  Update NEWS
  BLock test with memory leak
  fix tests
  Fix TSRM build
  Fix bug #72850 - integer overflow in uuencode
  Fixed bug #72849 - integer overflow in urlencode
  Fix bug #72848 - integer overflow in quoted_printable_encode caused heap corruption
  Fix bug #72838 - 	Integer overflow lead to heap corruption in sql_regcase
  Fix bug #72837 - integer overflow in bzdecompress caused heap corruption
  Fix bug #72836 - integer overflow in base64_decode caused heap corruption
  Fix for bug #72807 - do not produce strings with negative length
  Fix for bug #72790 and bug #72799
  Fix bug #72730 - imagegammacorrect allows arbitrary write access
  Fix bug#72697 - select_colors write out-of-bounds
  Fixed bug #72627: Memory Leakage In exif_process_IFD_in_TIFF
  Fix bug #72750: wddx_deserialize null dereference
  Fix bug #72771: ftps:// opendir wrapper is vulnerable to protocol downgrade attack
  Improve fix for #72663
  Fix bug #70436: Use After Free Vulnerability in unserialize()
  Fix bug #72749: wddx_deserialize allows illegal memory access
  ...

Conflicts:
	Zend/zend_API.h
	ext/bz2/bz2.c
	ext/curl/interface.c
	ext/ereg/ereg.c
	ext/exif/exif.c
	ext/gd/gd.c
	ext/gd/tests/imagetruecolortopalette_error3.phpt
	ext/gd/tests/imagetruecolortopalette_error4.phpt
	ext/session/session.c
	ext/snmp/snmp.c
	ext/standard/base64.c
	ext/standard/ftp_fopen_wrapper.c
	ext/standard/quot_print.c
	ext/standard/url.c
	ext/standard/uuencode.c
	ext/standard/var.c
	ext/standard/var_unserializer.c
	ext/standard/var_unserializer.re
	ext/wddx/tests/bug72790.phpt
	ext/wddx/tests/bug72799.phpt
	ext/wddx/wddx.c
	sapi/cli/generate_mime_type_map.php
 2016-08-17 00:43:33 -07:00
Stanislav Malyshev 75d7666968 Merge branch 'PHP-7.0.10' into PHP-7.0 
* PHP-7.0.10:
  Fix bug #72749: wddx_deserialize allows illegal memory access
  Fixed bug #72627: Memory Leakage In exif_process_IFD_in_TIFF
  fix tests
  Fix bug#72697 - select_colors write out-of-bounds
  Fix bug #72708 - php_snmp_parse_oid integer overflow in memory allocation
  Fix bug #72730 - imagegammacorrect allows arbitrary write access
  Fix bug #72750: wddx_deserialize null dereference
  Fix bug #72771: ftps:// opendir wrapper is vulnerable to protocol downgrade attack
  fix tests
  add missing skipif section
  Fix for bug #72790 and bug #72799
  Fix bug #72837 - integer overflow in bzdecompress caused heap corruption
  Fix bug #72742 - memory allocator fails to realloc small block to large one
  Use size_t for path length
  Check for string overflow
  Fix for bug #72782: mcrypt accepts only ints, so don't pass anything else
  Fix bug #72674 - check both curl_escape and curl_unescape
 2016-08-16 23:52:22 -07:00
Stanislav Malyshev f8a75d4eee Merge branch 'PHP-7.0' into PHP-7.0.10 
* PHP-7.0: (34 commits)
  Fix URL rewriter partially
  Support "git worktree"
  Add NEWS
  Fix ASSERT logic
  Bugfix 72791: fix memory leak in PDO persistent connections
  Don't copy mime types in CLI server
  Remove obsolete Id tags
  Bump version in OCI8 test
  Fixed bug #72788 (Invalid memory access when using persistent PDO connection)
  Remove typo'd commit
  Fix bug 72788: Invalid memory access when database_object_handle is undefined. Also fix memory leak in dbh_free when using persistent PDO connections.
  Replace dead branch with ZEND_ASSERT()
  Add test for bug #69107: finfo no longer detects PHP files
  Fix bug #55451
  Fix stream_socket_enable_crypto() test
  Remove old $Id$ tags
  Sync with 7.1 branch changes from Nikita & Dimitri to keep OCI8 code identical
  Fix bug #72524 (Binding null values triggers ORA-24816 error)
  Fix the fix (Nikita), thanks!
  Check the return value of dbconvert() in mssql_guid_string(), as it may return -1 in case the conversion failed. In that case false is returned.
  ...

Conflicts:
	ext/standard/ftp_fopen_wrapper.c
 2016-08-16 23:50:42 -07:00
Stanislav Malyshev 4bf5c3187f BLock test with memory leak 2016-08-16 22:55:44 -07:00
Stanislav Malyshev 40bd921cea Fix TSRM build 2016-08-16 22:55:43 -07:00
Stanislav Malyshev 35a8ed2f62 Fix bug #72850 - integer overflow in uuencode 2016-08-16 22:55:43 -07:00
Stanislav Malyshev b9e81e5844 Fixed bug #72849 - integer overflow in urlencode 2016-08-16 22:55:42 -07:00
Stanislav Malyshev 24d741d376 Fix bug #72848 - integer overflow in quoted_printable_encode caused heap corruption 2016-08-16 22:55:42 -07:00
Stanislav Malyshev d6a43a8562 Fix bug #72836 - integer overflow in base64_decode caused heap corruption 2016-08-16 22:55:41 -07:00
Stanislav Malyshev e018ff094f Fix bug #72771: ftps:// opendir wrapper is vulnerable to protocol downgrade attack 2016-08-16 22:55:39 -07:00
Stanislav Malyshev 639f7fde6a Improve fix for #72663 2016-08-16 22:55:20 -07:00
Stanislav Malyshev 95d09e4b5e Fix bug #70436: Use After Free Vulnerability in unserialize() 2016-08-16 22:55:20 -07:00
Stanislav Malyshev f1a0b7d690 Update comment 2016-08-16 22:55:19 -07:00
Stanislav Malyshev 448c9be157 Fix bug #72663 - destroy broken object when unserializing 2016-08-16 22:54:42 -07:00
Anatol Belski 20f76efb78 fix test 2016-08-17 00:56:19 +02:00