036bc5c1fb
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
Fix null pointer deref in qprint-encode filter (bug #77231 )
2018-12-03 10:19:49 -08:00
78bffa72c1
Fix null pointer deref in qprint-encode filter (bug #77231 )
2018-12-03 10:19:08 -08:00
5718d73dbb
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
Fix bug #77143 - add more checks to buffer reads
2018-12-03 00:42:35 -08:00
48f0f73f75
Fix bug #77143 - add more checks to buffer reads
2018-12-03 00:41:46 -08:00
66a0f061f6
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
Fix bug #77143 - add more checks to buffer reads
Fix #77020 : null pointer dereference in imap_mail
2018-12-03 00:39:03 -08:00
54212674b9
Fix bug #77143 - add more checks to buffer reads
2018-12-03 00:03:10 -08:00
7edc639b9f
Fix #77020 : null pointer dereference in imap_mail
...
If an empty $message is passed to imap_mail(), we must not set message
to NULL, since _php_imap_mail() is not supposed to handle NULL pointers
(opposed to pointers to NUL).
2018-12-03 00:00:56 -08:00
6e3f5d57d4
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
Fix TSRM signature - php_stream_stat macro has it's own TSRM
Regenerate certificates for openssl tests
Improve test for bug77022
2018-12-02 13:18:07 -08:00
aabdb71dc3
Fix TSRM signature - php_stream_stat macro has it's own TSRM
2018-12-02 12:54:19 -08:00
0382e761d7
Regenerate certificates for openssl tests
2018-12-02 12:08:19 -08:00
2fba1e2f59
Improve test for bug77022
2018-12-02 12:06:13 -08:00
cea277048d
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
Fix bug #77022 - use file mode or umask for new files
2018-12-01 21:48:27 -08:00
69f5e7992b
Fix bug #77022 - use file mode or umask for new files
2018-12-01 21:06:45 -08:00
87bf84c8c7
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
Add DISPLAY_INI_ENTRIES for imap
2018-11-28 15:46:39 -08:00
d8765852e0
Add DISPLAY_INI_ENTRIES for imap
2018-11-28 15:45:51 -08:00
628df47e79
Disable rsh/ssh functionality in imap by default (bug #77153 )
2018-11-20 11:14:07 -08:00
e5bfea64c8
Disable rsh/ssh functionality in imap by default (bug #77153 )
2018-11-20 00:13:50 -08:00
bddf8140e4
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
Add NEWS
Fixed bug #76459 windows linkinfo lacks openbasedir check
Fix bug #76557 : heap-buffer-overflow (READ of size 48) while reading exif data
Fix bug #76423 - Int Overflow lead to Heap OverFlow in exif_thumbnail_extract of exif.c
2018-07-16 15:13:13 -07:00
f151e048ed
Fixed bug #76459 windows linkinfo lacks openbasedir check
2018-07-16 15:11:56 -07:00
289cb0f77c
Fixed bug #76459 windows linkinfo lacks openbasedir check
2018-07-16 14:21:02 -07:00
3462efa386
Fix bug #76557 : heap-buffer-overflow (READ of size 48) while reading exif data
...
Use MAKERNOTE length as data size.
2018-07-16 14:17:51 -07:00
1baeae4270
Fix bug #76423 - Int Overflow lead to Heap OverFlow in exif_thumbnail_extract of exif.c
2018-07-16 14:16:58 -07:00
3070883bcf
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
Fix test portability
2018-04-24 10:48:22 +02:00
4371af3e19
Fix test portability
2018-04-24 10:47:32 +02:00
5a18d7a0df
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
Fix tsrm_ls
Fix #76129 - remove more potential unfiltered outputs for phar
Fix test
Fix bug #76248 - Malicious LDAP-Server Response causes Crash
Fix bug #76249 - fail on invalid sequences
Fix #76130 : Heap Buffer Overflow (READ: 1786) in exif_iif_add_value
Fix bug #75981 : prevent reading beyond buffer start
2018-04-23 21:59:57 -07:00
ee76a5ae5a
Fix tsrm_ls
2018-04-23 16:48:27 -07:00
58b0003975
Merge remote-tracking branch 'security/bug76249' into PHP-5.6
...
* security/bug76249:
Fix test
Fix bug #76249 - fail on invalid sequences
2018-04-23 13:44:19 -07:00
a4c55eefd0
Merge remote-tracking branch 'security/bug76248' into PHP-5.6
...
* security/bug76248:
Fix bug #76248 - Malicious LDAP-Server Response causes Crash
2018-04-23 13:44:12 -07:00
6e64aba47f
Fix #76129 - remove more potential unfiltered outputs for phar
2018-04-23 13:43:43 -07:00
8dca5ae5ec
Fix test
2018-04-22 22:19:51 -07:00
49782c5499
Fix bug #76248 - Malicious LDAP-Server Response causes Crash
2018-04-22 22:01:35 -07:00
06d309fd7a
Fix bug #76249 - fail on invalid sequences
2018-04-22 21:26:39 -07:00
b4e4788c44
Fix #76130 : Heap Buffer Overflow (READ: 1786) in exif_iif_add_value
...
The MakerNote is not necessarily null-terminated, so we must not use
`strlen()` to avoid OOB reads. Instead `php_strnlen()` is the proper
way to handle this.
2018-04-22 20:15:02 -07:00
dde7a05978
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
Fix bug #75981 : prevent reading beyond buffer start
2018-02-26 22:26:26 -08:00
523f230c83
Fix bug #75981 : prevent reading beyond buffer start
2018-02-26 22:25:51 -08:00
36239fee36
Fix bug #75981 : prevent reading beyond buffer start
2018-02-20 15:44:00 -08:00
459ab2eef4
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
Update NEWS
Fixed bug #75571 : Potential infinite loop in gdImageCreateFromGifCtx
Fix bug #74782 : remove file name from output to avoid XSS
2018-01-01 20:28:01 -08:00
8d6e958867
Fixed bug #75571 : Potential infinite loop in gdImageCreateFromGifCtx
...
Due to a signedness confusion in `GetCode_` a corrupt GIF file can
trigger an infinite loop. Furthermore we make sure that a GIF without
any palette entries is treated as invalid *after* open palette entries
have been removed.
2018-01-01 19:51:26 -08:00
73ca9b3773
Fix bug #74782 : remove file name from output to avoid XSS
2018-01-01 19:51:02 -08:00
da61c7a2a4
Fixed bug #75579 (Interned strings buffer overflow may cause crash)
...
(cherry picked from commit 37bf8bdc14
2017-12-22 18:22:08 +01:00
32e3d7b99e
Define floorf if system doesn't have it (follow up for 22c48761)
...
floorf is checked in config.m4
2017-11-29 16:46:47 +01:00
8e5b9532da
Fixed bug #64938 libxml_disable_entity_loader setting is shared between requests (FPM)
2017-11-28 17:58:28 +01:00
269d160159
Fix bug #75409
2017-11-22 04:26:54 +00:00
8fdef981ef
Fixed #75539 and #74183 - preg_last_error not returning error code after error
2017-11-21 20:10:18 +01:00
702ef27364
Better fix bug #75540 Segfault with libzip 1.3.1
...
- only 1.3.1 is affected
- fix use after free
2017-11-20 09:42:20 +01:00
de47d4792f
fix bug #75540 Segfault with libzip 1.3.1
2017-11-20 08:49:46 +01:00
0e097f2c96
Fixed bug #75535
...
The sizeof()s for Content-Length and Transfer-Encoding were missing
the trailing ":". Apart from being generally wrong, this no longer
verified that the header actually contains a colon, leading to the
null http_header_value being used.
Additionally, in the interest of being defensive, also make sure
that http_header_value is non-null by setting it to the end of
the header line (effectively an empty string) if there is no colon.
If the following conditions are correct, this value is not going
to be used though.
2017-11-17 23:18:05 +01:00
ca0bcf535c
Fixed ext/date tests due to changes in Olson database
2017-11-07 11:25:28 +00:00
d88ef8d7e1
Fix ext/soap/tests/bug69137.phpt
...
Switch to example.org. Also mark it as an online test.
2017-11-02 20:56:03 +01:00
dbfa0140ae
Sync and fix tests for ICU 60.1 compat
2017-11-02 12:37:04 +01:00
Stanislav Malyshev