php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-21 15:08:16 +02:00
Code Issues Packages Projects Releases Wiki Activity
71,043 Commits 547 Branches 1,483 Tags
aa2eca2e4847439c0eb28dc8c2c3534083807e26
Commit Graph

29860 Commits

Author SHA1 Message Date
Stanislav Malyshev f59b67ae50 Fix bug #69441 (Buffer Overflow when parsing tar/zip/phar in phar_set_inode) 2015-04-14 00:03:50 -07:00
Stanislav Malyshev 45facd15fb fix memory leak & add test 2015-04-12 22:38:34 -07:00
Stanislav Malyshev a643ccfb90 Fix tests 2015-04-12 20:55:35 -07:00
Stanislav Malyshev d82d68742c Fix bug #69337 (php_stream_url_wrap_http_ex() type-confusion vulnerability) 2015-04-12 01:30:33 -07:00
Stanislav Malyshev 1defbb25ed Fix test 2015-04-12 00:56:02 -07:00
Stanislav Malyshev 12d3bdee3d Additional fix for bug #69324 
Not so happy about duplication but needed due to bug #69429
 2015-04-11 16:53:22 -07:00
Stanislav Malyshev a894a8155f More fixes for bug #69152 2015-04-11 16:53:22 -07:00
Stanislav Malyshev 4435b9142f Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions) 2015-04-11 16:53:22 -07:00
Stanislav Malyshev 9faaee66fa Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar) 2015-04-11 16:53:21 -07:00
Stanislav Malyshev 0ea75af9be Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER) 2015-04-11 16:53:21 -07:00
Stanislav Malyshev f938112c49 Fix bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault) 2015-04-11 16:53:21 -07:00
Xinchen Hui 920a0afbf8 Fixed bug #68901 (use after free) 2015-04-11 16:28:07 -07:00
Xinchen Hui 9a404df382 Fixed bug #68740 (NULL Pointer Dereference) 
(cherry picked from commit 124fb22a13)
 2015-04-05 22:48:10 -07:00
Stanislav Malyshev 5ae20c6247 Fix bug #66550 (SQLite prepared statement use-after-free) 2015-04-05 22:36:26 -07:00
Remi Collet bd31cb7563 Better fix for #68601 for perf 
https://bitbucket.org/libgd/gd-libgd/commits/81e9a993f2893d651d225646378e3fd1b7465467
 2015-04-05 17:36:47 -07:00
Remi Collet afbf725e73 Fix bug #68601 buffer read overflow in gd_gif_in.c 2015-04-05 17:33:52 -07:00
Dmitry Stogov 75f40ae1f3 Fixed bug #69293 2015-03-27 18:40:58 +03:00
Stanislav Malyshev 968fbc6acf Bacport fix bug #68741 - Null pointer dereference 2015-03-22 18:30:05 -07:00
Stanislav Malyshev fb83c76dee Check that the type is correct 2015-03-22 18:17:47 -07:00
Dmitry Stogov 51856a76f8 Fixed bug #69152 2015-03-19 11:36:01 +03:00
Stanislav Malyshev ef8fc4b53d Fix bug #69253 - ZIP Integer Overflow leads to writing past heap boundary 2015-03-17 21:59:56 -07:00
Stanislav Malyshev fb04dcf6db Fix bug #69248 - heap overflow vulnerability in regcomp.c 
Merged from https://github.com/garyhouston/regex/commit/70bc2965604b6b8aaf260049e64c708dddf85334
 2015-03-17 17:04:57 -07:00
Stanislav Malyshev 8b14d3052f add test for bug #68976 2015-03-17 17:03:46 -07:00
Stanislav Malyshev 646572d6d3 Fixed bug #68976 - Use After Free Vulnerability in unserialize() 2015-03-17 13:20:22 -07:00
Stanislav Malyshev 9ba4db5e5d fix tests 2015-03-17 12:55:35 -07:00
Stanislav Malyshev 1291d6bbee Fix bug #69207 - move_uploaded_file allows nulls in path 2015-03-17 12:47:58 -07:00
Dmitry Stogov c8eaca013a Added type checks 2015-03-03 10:43:48 +03:00
Dmitry Stogov 0c136a2abd Added type checks 2015-03-03 09:44:46 +03:00
Dmitry Stogov d5248f67b5 Check variable type before its usage as IS_ARRAY. 2015-03-02 12:27:36 +03:00
Stanislav Malyshev bdfe457a2c Port for for bug #68552 2015-02-17 06:53:02 +01:00
Stanislav Malyshev 7b18981830 Fix bug #68942 (Use after free vulnerability in unserialize() with DateTimeZone) 
Conflicts:
	ext/date/php_date.c
 2015-02-17 06:43:51 +01:00
Felipe Pena 8f9ab04d93 - Fixed bug #67827 (broken detection of system crypt sha256/sha512 support) 2015-02-17 00:23:47 -02:00
Felipe Pena e08bef442c - Fixed bug #67427 (SoapServer cannot handle large messages) patch by: brandt at docoloc dot de 2015-02-16 13:07:26 -02:00
Yasuo Ohgaki a8722f5330 Add NULL byte protection to exec, system and passthru 2015-02-14 05:25:04 +09:00
Stanislav Malyshev f001c63073 Update header handling to RFC 7230 2015-02-05 20:08:12 -08:00
Stanislav Malyshev 7efbd70b03 fix sizeof size 2015-02-01 12:40:38 -08:00
Stanislav Malyshev 94d6cb4a78 fix TSRM 2015-01-31 23:34:14 -08:00
Stanislav Malyshev b30a6d6018 Use better constant since MAXHOSTNAMELEN may mean shorter name 2015-01-31 21:46:56 -08:00
Stanislav Malyshev 0f9c708229 Add mitigation for CVE-2015-0235 (bug #68925) 2015-01-31 19:08:13 -08:00
Stanislav Malyshev e63f7b47e1 Merge branch 'bug68710' into PHP-5.4 
* bug68710:
  Fix for bug #68710 (Use After Free Vulnerability in PHP's unserialize())
 2015-01-20 01:02:26 -08:00
Stanislav Malyshev fc6aa939f5 Merge branch 'bug68799' into PHP-5.4 
* bug68799:
  Fix bug #68799: Free called on unitialized pointer
 2015-01-20 01:00:11 -08:00
Daniel Lowrey e2fe8e164f Fixed bug #55618 (use case-insensitive cert name matching) 2015-01-14 18:02:50 +01:00
Stanislav Malyshev 2fc178cf44 Fix bug #68799: Free called on unitialized pointer 2015-01-11 00:51:05 -08:00
Anatol Belski ebb98e7aeb updated libmagic.patch in 5.4 2015-01-04 17:04:13 +01:00
Anatol Belski ede59c8feb Fixed bug #68735 fileinfo out-of-bounds memory access 2015-01-04 14:20:21 +01:00
Remi Collet 919abf0cb1 removed dead code 2015-01-04 09:40:19 +01:00
Stanislav Malyshev b585a3aed7 Fix for bug #68710 (Use After Free Vulnerability in PHP's unserialize()) 2015-01-01 16:19:05 -08:00
Stanislav Malyshev b75867fff0 add missing test file 2014-12-16 10:15:17 -08:00
Stanislav Malyshev 630f9c33c2 Fix bug #68594 - Use after free vulnerability in unserialize() 2014-12-16 10:15:17 -08:00
Andrea Faulds 034e6decb3 Fix undefined behaviour in strnatcmp 2014-12-13 22:27:10 +00:00