php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-19 05:51:02 +02:00
Code Issues Packages Projects Releases Wiki Activity
70,994 Commits 547 Branches 1,483 Tags
a8722f5330507be74c40d5b8d313226540ea4f48
Commit Graph

70994 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Yasuo Ohgaki
a8722f5330 Add NULL byte protection to exec, system and passthru 2015-02-14 05:25:04 +09:00
George Wang
5e3f0f5671 Fixed #68790 (Missing return) 2015-02-07 12:16:54 -05:00
Stanislav Malyshev
f001c63073 Update header handling to RFC 7230 2015-02-05 20:08:12 -08:00
Stanislav Malyshev
7efbd70b03 fix sizeof size 2015-02-01 12:40:38 -08:00
Stanislav Malyshev
94d6cb4a78 fix TSRM 2015-01-31 23:34:14 -08:00
Stanislav Malyshev
b30a6d6018 Use better constant since MAXHOSTNAMELEN may mean shorter name 2015-01-31 21:46:56 -08:00
Stanislav Malyshev
2cdbd3537f use right sizeof for memset 2015-01-31 21:30:58 -08:00
Stanislav Malyshev
0f9c708229 Add mitigation for CVE-2015-0235 (bug #68925) 2015-01-31 19:08:13 -08:00
Ferenc Kovacs
61ad5e24ea fix some factual errors in the process 2015-01-22 21:27:38 +01:00
Stanislav Malyshev
b3b155ffe2 format 2015-01-20 11:57:17 -08:00
Stanislav Malyshev
547f62ed2a add CVE 2015-01-20 11:54:45 -08:00
Stanislav Malyshev
ef4896d956 add protection against nulls 2015-01-20 11:46:10 -08:00
Stanislav Malyshev
8825311ce1 5.4.38 next 2015-01-20 10:38:33 -08:00
Stanislav Malyshev
e63f7b47e1 Merge branch 'bug68710' into PHP-5.4 
* bug68710:
  Fix for bug #68710 (Use After Free Vulnerability in PHP's unserialize())
 2015-01-20 01:02:26 -08:00
Stanislav Malyshev
fc6aa939f5 Merge branch 'bug68799' into PHP-5.4 
* bug68799:
  Fix bug #68799: Free called on unitialized pointer
 2015-01-20 01:00:11 -08:00
Daniel Lowrey
0a76610459 Update NEWS 2015-01-14 18:03:27 +01:00
Daniel Lowrey
e2fe8e164f Fixed bug #55618 (use case-insensitive cert name matching) 2015-01-14 18:02:50 +01:00
Stanislav Malyshev
2fc178cf44 Fix bug #68799: Free called on unitialized pointer 2015-01-11 00:51:05 -08:00
Anatol Belski
ebb98e7aeb updated libmagic.patch in 5.4 2015-01-04 17:04:13 +01:00
Anatol Belski
ede59c8feb Fixed bug #68735 fileinfo out-of-bounds memory access 2015-01-04 14:20:21 +01:00
Remi Collet
919abf0cb1 removed dead code 2015-01-04 09:40:19 +01:00
Stanislav Malyshev
b585a3aed7 Fix for bug #68710 (Use After Free Vulnerability in PHP's unserialize()) 2015-01-01 16:19:05 -08:00
Stanislav Malyshev
f9ad308669 FIx bug #68618 (out of bounds read crashes php-cgi) 2014-12-30 01:23:05 -08:00
Ferenc Kovacs
cd387b4575 add missing NEWS entry 2014-12-17 02:10:36 +01:00
Stanislav Malyshev
8fe4cc6d28 5.4.37 2014-12-16 11:44:41 -08:00
Stanislav Malyshev
53f129a44d add CVE 2014-12-16 10:16:31 -08:00
Stanislav Malyshev
b75867fff0 add missing test file 2014-12-16 10:15:17 -08:00
Stanislav Malyshev
630f9c33c2 Fix bug #68594 - Use after free vulnerability in unserialize() 2014-12-16 10:15:17 -08:00
Andrea Faulds
034e6decb3 Fix undefined behaviour in strnatcmp 2014-12-13 22:27:10 +00:00
Stanislav Malyshev
97df260b27 update NEWS 2014-12-11 10:41:17 -08:00
Anatol Belski
0323f66fa2 move the test to the right place 2014-12-11 10:39:47 -08:00
Anatol Belski
13f1c276ab Fixed bug #68545 NULL pointer dereference in unserialize.c 2014-12-11 10:39:37 -08:00
Dmitry Stogov
dd791cd717 Fixed possible read after end of buffer and use after free. 2014-12-08 12:18:27 +03:00
Chris Christoff
0e985d3726 Revert unintentional docblock change 
Revert unintentional docblock change

It looks like commit dd8e59da8f
introduced an unintended docbloc change. I have reverted this
change in this commit.
 2014-12-05 13:57:03 -08:00
Ferenc Kovacs
b28c3eb47e make sure that we don't truncate the stack trace and cause false test failures when the test is executed in a directory with long path 2014-12-02 19:17:58 +01:00
Stanislav Malyshev
84be568366 update news 2014-11-30 21:37:39 -08:00
Leigh
301b7f990a Apply error-code-salt fix to Windows too 
Conflicts:
	ext/standard/crypt.c
 2014-11-30 21:07:31 -08:00
Leigh
7e870c596d Bug fixes in light of failing bcrypt tests 
Conflicts:
	ext/standard/crypt.c
 2014-11-30 21:06:39 -08:00
Leigh
2d9d10fbbf Add tests from 1.3. Add missing tests. 
3 of the missing tests fail. // TODO
 2014-11-30 21:05:40 -08:00
Leigh
29f51e1ca9 Upgrade crypt_blowfish to version 1.3 2014-11-30 21:05:32 -08:00
Stanislav Malyshev
7dbc5e5c69 update for LiteSpeed 2014-11-23 18:05:26 -08:00
Stanislav Malyshev
96cde1841a Revert "made lsapi_main.c compatible with PHP7/phpng ." 
This reverts commit 9fb816f45a.
Not a security-related fix.
 2014-11-22 00:38:04 -08:00
George Wang
9fb816f45a made lsapi_main.c compatible with PHP7/phpng . 2014-11-20 16:49:01 -05:00
Stanislav Malyshev
98b22864ff 5.4.36-dev 2014-11-11 16:31:38 -08:00
Matteo Beccati
2323e95df9 Fixed bug #66584 Segmentation fault on statement deallocation 2014-11-11 16:25:31 -08:00
Ferenc Kovacs
db5ad4c51f update NEWS 2014-11-12 00:18:13 +01:00
Dmitry Stogov
9dfa843a38 Partial fix for bug #68365 (zend_mm_heap corrupted after memory overflow in zend_hash_copy) 2014-11-07 09:46:49 +03:00
Stanislav Malyshev
0ddcf2a919 update NEWS 2014-11-03 11:43:15 -08:00
Remi Collet
7740edae36 Fix bug #63595 GMP memory management conflicts with other libraries using GMP 
Drop use of php memory allocators as this raise various conflicts
with other extensions and libraries which use libgmp.

No other solution found.
We cannot for ensure correct use of allocator with shared lib.

Some memory can allocated before php init
Some memory can be freed after php shutdown

Known broken run cases
- php + curl + gnutls + gmp
- mod_gnutls + mod_php + gnutls + gmp
- php + freetds + gnutls + gmp
- php + odbc + freetds + gnutls + gmp
- php + php-mapi (zarafa) + gnutls + gmp
 2014-11-03 11:42:15 -08:00
Stanislav Malyshev
c351b47ce8 Initialize the offset table - PCRE may sometimes miss offsets 2014-11-03 11:31:02 -08:00