php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-18 05:21:02 +02:00
Code Issues Packages Projects Releases Wiki Activity
101,716 Commits 547 Branches 1,483 Tags
abfda3de996dc2cf396f65ff6c98a1ec798316f5
Commit Graph

940 Commits

Author SHA1 Message Date
Nikita Popov
f1f39d7ed7 Fix parenthesis warning 2018-09-04 05:32:25 +02:00
Anatol Belski
7fb7869e13 Fix stack underflow in phar 
The checks can issue reads below and above the temporary buffer. A read
itself doesn't seem dangerous, but the condition result can be
arbitrary. Such reads have to be avoided. Likely this patch should be
backported.

(cherry picked from commit b053beee7e)
 2018-08-30 19:33:07 +02:00
Stanislav Malyshev
95ee9efa57 Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
  Fix tsrm_ls
  Fix #76129 - remove more potential unfiltered outputs for phar
  Fix test
  Fix bug #76248 - Malicious LDAP-Server Response causes Crash
  Fix bug #76249 - fail on invalid sequences
  Fix #76130: Heap Buffer Overflow (READ: 1786) in exif_iif_add_value
  Fix bug #75981: prevent reading beyond buffer start
 2018-04-23 22:00:24 -07:00
Stanislav Malyshev
5a18d7a0df Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Fix tsrm_ls
  Fix #76129 - remove more potential unfiltered outputs for phar
  Fix test
  Fix bug #76248 - Malicious LDAP-Server Response causes Crash
  Fix bug #76249 - fail on invalid sequences
  Fix #76130: Heap Buffer Overflow (READ: 1786) in exif_iif_add_value
  Fix bug #75981: prevent reading beyond buffer start
 2018-04-23 21:59:57 -07:00
Stanislav Malyshev
6e64aba47f Fix #76129 - remove more potential unfiltered outputs for phar 2018-04-23 13:43:43 -07:00
Stanislav Malyshev
ff83c00715 Add a bit of defensive conding for bug #76155 
Even though it should not be ever negative, since strlen() is size_t
better to be safe than sorry.
 2018-04-22 20:27:42 -07:00
Xinchen Hui
4ee9098514 Fixed bug #76085 (Segmentation fault in buildFromIterator when directory name contains a \n) 2018-03-13 12:51:26 +08:00
Bishop Bettini
d806d0315f Fixed bug #65414 2018-02-08 10:32:08 +01:00
Anatol Belski
2d4fb56c1d Allow pecl like usage in ext/phar, closes #2955 2018-01-15 14:23:46 +01:00
Lior Kaplan
fbfdd1e1c4 Happy new year (Update copyright to 2018) 2018-01-02 23:42:29 +02:00
Xinchen Hui
bd23bcec3e Merge branch 'PHP-7.1' of git.php.net:/php-src into PHP-7.1 
* 'PHP-7.1' of git.php.net:/php-src:
  Update NEWS
  Fixed bug #75571: Potential infinite loop in gdImageCreateFromGifCtx
  Fix bug #74782: remove file name from output to avoid XSS
 2018-01-02 13:49:58 +08:00
Xinchen Hui
ccd4716ec7 year++ 2018-01-02 12:53:31 +08:00
Stanislav Malyshev
92c19f8a26 Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
  Update NEWS
  Fixed bug #75571: Potential infinite loop in gdImageCreateFromGifCtx
  Fix bug #74782: remove file name from output to avoid XSS
 2018-01-01 20:52:34 -08:00
Stanislav Malyshev
459ab2eef4 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Update NEWS
  Fixed bug #75571: Potential infinite loop in gdImageCreateFromGifCtx
  Fix bug #74782: remove file name from output to avoid XSS
 2018-01-01 20:28:01 -08:00
Stanislav Malyshev
73ca9b3773 Fix bug #74782: remove file name from output to avoid XSS 2018-01-01 19:51:02 -08:00
Joe Watkins
bb9ea4e88b Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
  Fix bug #74991 - include_path has a 4096 char (minus "__DIR__:") limit, in some PHAR cases
 2017-07-26 10:47:22 +01:00
Benjamin W. Broersma
6b1fbafdf0 Fix bug #74991 - include_path has a 4096 char (minus "__DIR__:") limit, in some PHAR cases 2017-07-26 10:46:50 +01:00
Joe Watkins
b44484b912 Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
  Update copyright year to 2017
 2017-07-24 17:24:10 +01:00
Peter Kokot
924ff6164e Update copyright year to 2017 2017-07-24 17:23:57 +01:00
Fabien Villepinte
d6922ef8e3 Fix Bug #74386Phar::__construct(): wrong number of parameters by reflection 2017-05-29 08:31:47 +01:00
Fabien Villepinte
2dee44c74c Fix Bug #74386 Phar::__construct(): wrong number of parameters by reflection 2017-05-29 08:29:30 +01:00
Anatol Belski
64adba3b3f Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
  Fixed bug #51918 Phar::webPhar() does not handle requests sent through PUT and DELETE method
 2017-05-02 14:46:15 +02:00
Christian Weiske
c0c0871911 Fixed bug #51918 Phar::webPhar() does not handle requests sent through PUT and DELETE method 
phar: Support DELETE, HEAD and PUT HTTP methods in Phar::webPhar

Up to now only GET and POST requests could be handled with Phar::webPhar(),
which is insufficient for today's REST APIs.
This patch expands the list of supported HTTP methods.
 2017-05-02 14:44:47 +02:00
Joe Watkins
9fe4d2d9cb Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
  Fix of Bug #74383: Wrong reflection on Phar::running
 2017-04-10 06:32:40 +01:00
Mitch Hagstrand
d9a05807d2 Fix of Bug #74383: Wrong reflection on Phar::running 2017-04-10 06:32:15 +01:00
Mitch Hagstrand
775afd5e2d Fix of Bug #74383: Wrong reflection on Phar::running 2017-04-10 06:24:57 +01:00
Jakub Zelenka
cdc33251d2 Add OpenSSL 1.1.0 support to PHP 7.0 2017-04-07 19:21:33 +01:00
Anatol Belski
929819aaac Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
  fix remaining tests for Opcache runs
 2017-01-13 17:21:01 +01:00
Anatol Belski
aaaef22db6 fix remaining tests for Opcache runs 
The fail reason here is the TMP change while both top and test
run same binary with opcache enabled.
 2017-01-13 17:16:15 +01:00
Christoph M. Becker
e7ce861def Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
  Fix #70417: PharData::compress() doesn't close temp file
 2017-01-05 18:51:04 +01:00
Christoph M. Becker
995ecffbb2 Fix #70417: PharData::compress() doesn't close temp file 
According to the comment, it has not been deemed necessary to close compressed
files. However, we don't want to keep unclosed file handles to save ressources.
So we're also closing compressed archives, if they're not aliased.
 2017-01-05 14:12:31 +01:00
Sammy Kaye Powers
dac6c639bb Update copyright headers to 2017 2017-01-04 11:23:42 -06:00
Sammy Kaye Powers
478f119ab9 Update copyright headers to 2017 2017-01-04 11:14:55 -06:00
Stanislav Malyshev
2075fb2b73 Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
  Fix bug #73737 FPE when parsing a tag format
  Fix bug #73773 - Seg fault when loading hostile phar
  Fix bug #73825 - Heap out of bounds read on unserialize in finish_nested_data()
  Fix bug #73768 - Memory corruption when loading hostile phar
  Fix int overflows in phar (bug #73764)
 2017-01-02 21:07:01 -08:00
Stanislav Malyshev
7f0de1a138 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Fix bug #73737 FPE when parsing a tag format
  Fix bug #73773 - Seg fault when loading hostile phar
  Fix bug #73825 - Heap out of bounds read on unserialize in finish_nested_data()
  Fix bug #73768 - Memory corruption when loading hostile phar
  Fix int overflows in phar (bug #73764)
 2017-01-02 21:01:35 -08:00
Stanislav Malyshev
e5246580a8 Fix bug #73773 - Seg fault when loading hostile phar 2016-12-31 18:47:50 -08:00
Stanislav Malyshev
b28b8b2fee Fix bug #73768 - Memory corruption when loading hostile phar 2016-12-30 15:57:24 -08:00
Stanislav Malyshev
ca46d0acbc Fix int overflows in phar (bug #73764) 2016-12-30 15:39:48 -08:00
Sara Golemon
5004ae2b62 Silence warning from unhandled enum 
(cherry picked from commit 57bbe2c140)
 2016-12-17 00:12:33 +01:00
Anatol Belski
2f9e928af8 fix leaking streams and memory mapped files 
(cherry picked from commit f1ff23095b)
 2016-12-17 00:12:19 +01:00
Sara Golemon
587f1b2427 Silence warning from unhandled enum 
(cherry picked from commit 57bbe2c140)
 2016-12-16 22:55:13 +01:00
Anatol Belski
9cdf64c225 fix leaking streams and memory mapped files 
(cherry picked from commit f1ff23095b)
 2016-12-16 22:55:02 +01:00
Stanislav Malyshev
f9a80a0a29 Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
  Fix more size_t/int implicit conversions
 2016-11-25 15:32:59 -08:00
Stanislav Malyshev
8be94d46f8 Fix more size_t/int implicit conversions 
Now the conversions are explicit and do checks. Not sure it's
the best way but at least we can see them now in the open.
 2016-11-25 15:31:50 -08:00
Stanislav Malyshev
bcc913fa8b Fix int/size_t confusion in isValidPharFilename (bug #73580) 2016-11-25 15:31:50 -08:00
Stanislav Malyshev
7010547c4e Fix more size_t/int implicit conversions 
Now the conversions are explicit and do checks. Not sure it's
the best way but at least we can see them now in the open.
 2016-11-25 15:30:20 -08:00
Stanislav Malyshev
2cc3df3252 Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
  Fix int/size_t confusion in isValidPharFilename (bug #73580)
 2016-11-25 13:43:59 -08:00
Stanislav Malyshev
cb6bcaa61f Fix int/size_t confusion in isValidPharFilename (bug #73580) 2016-11-25 13:42:35 -08:00
Pedro Magalhães
9b41591883 Remove binary casts from PHAR's default stub 2016-11-09 03:23:15 +00:00
Anatol Belski
001fbbb94f fix erroneous resource destruction 2016-09-14 12:07:38 +02:00