478f119ab9
Update copyright headers to 2017
2017-01-04 11:14:55 -06:00
8d2539fa0f
Fix bug #73831 - NULL Pointer Dereference while unserialize php object
2016-12-31 20:14:20 -08:00
9b1430140a
fix leak, take on 7.x
2016-12-06 14:42:59 +01:00
183b4d78aa
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
This still leaks memory, I don't have enough knowledge in WDDX code to fix them :(
2016-12-05 22:33:33 -08:00
d7ce944cf1
This still leaks memory, I don't have enough knowledge in WDDX code to fix them :(
2016-12-05 22:32:59 -08:00
6292fe84d3
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
Fix bug #73631 - Invalid read when wddx decodes empty boolean element
2016-12-05 21:58:55 -08:00
266ecb6d0a
Fix bug #73631 - Invalid read when wddx decodes empty boolean element
2016-12-05 21:40:55 -08:00
e87daf363b
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
fix memory leak
2016-11-08 12:16:39 +01:00
d6d08f97cd
fix memory leak
2016-11-08 12:12:58 +01:00
6b21c28b0e
remove unreferenced var came in with merge
2016-11-01 12:55:05 +01:00
8c67460a10
Fix bug #73331 - do not try to serialize/unserialize objects wddx can not handle
...
Proper soltion would be to call serialize/unserialize and deal with the result,
but this requires more work that should be done by wddx maintainer (not me).
(cherry picked from commit 6045de69c7
2016-11-01 12:50:33 +01:00
6045de69c7
Fix bug #73331 - do not try to serialize/unserialize objects wddx can not handle
...
Proper soltion would be to call serialize/unserialize and deal with the result,
but this requires more work that should be done by wddx maintainer (not me).
2016-10-23 20:09:23 -07:00
c4cca4c20e
Fix bug #73065 : Out-Of-Bounds Read in php_wddx_push_element of wddx.c
2016-09-12 21:04:23 -07:00
b88393f08a
Fix bug #72860 : wddx_deserialize use-after-free
2016-09-12 21:04:23 -07:00
9528ce7315
Fix bug #73065 : Out-Of-Bounds Read in php_wddx_push_element of wddx.c
...
(cherry picked from commit bbaf784f8d213e201baf67e861f20b38c6e87d3b)
Conflicts:
ext/wddx/wddx.c
2016-09-12 18:13:04 +02:00
060ab26cfe
Fix bug #72860 : wddx_deserialize use-after-free
...
(cherry picked from commit ee552853ff4d72f626102025133e2cd1575043ee)
Conflicts:
ext/wddx/wddx.c
2016-09-12 17:33:32 +02:00
06c0540b90
fix char * vs zend_string *
2016-08-17 13:22:02 +02:00
195d7618e7
Avoid duplicating string
2016-08-17 18:19:14 +08:00
7d4c5a0dc9
Revert "fix tests"
...
This reverts commit a47df5be19
2016-08-17 12:04:03 +02:00
a5d00fc908
fix leak
2016-08-17 11:51:56 +02:00
e0f9fbdfa6
Bug #72663 - part 3
...
When using the php_serialize session serialization handler, do
not use the result of the unserialization if it failed.
2016-08-17 01:01:03 -07:00
0d13325b66
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6: (24 commits)
Update NEWS
BLock test with memory leak
fix tests
Fix TSRM build
Fix bug #72850 - integer overflow in uuencode
Fixed bug #72849 - integer overflow in urlencode
Fix bug #72848 - integer overflow in quoted_printable_encode caused heap corruption
Fix bug #72838 - Integer overflow lead to heap corruption in sql_regcase
Fix bug #72837 - integer overflow in bzdecompress caused heap corruption
Fix bug #72836 - integer overflow in base64_decode caused heap corruption
Fix for bug #72807 - do not produce strings with negative length
Fix for bug #72790 and bug #72799
Fix bug #72730 - imagegammacorrect allows arbitrary write access
Fix bug#72697 - select_colors write out-of-bounds
Fixed bug #72627 : Memory Leakage In exif_process_IFD_in_TIFF
Fix bug #72750 : wddx_deserialize null dereference
Fix bug #72771 : ftps:// opendir wrapper is vulnerable to protocol downgrade attack
Improve fix for #72663
Fix bug #70436 : Use After Free Vulnerability in unserialize()
Fix bug #72749 : wddx_deserialize allows illegal memory access
...
Conflicts:
Zend/zend_API.h
ext/bz2/bz2.c
ext/curl/interface.c
ext/ereg/ereg.c
ext/exif/exif.c
ext/gd/gd.c
ext/gd/tests/imagetruecolortopalette_error3.phpt
ext/gd/tests/imagetruecolortopalette_error4.phpt
ext/session/session.c
ext/snmp/snmp.c
ext/standard/base64.c
ext/standard/ftp_fopen_wrapper.c
ext/standard/quot_print.c
ext/standard/url.c
ext/standard/uuencode.c
ext/standard/var.c
ext/standard/var_unserializer.c
ext/standard/var_unserializer.re
ext/wddx/tests/bug72790.phpt
ext/wddx/tests/bug72799.phpt
ext/wddx/wddx.c
sapi/cli/generate_mime_type_map.php
2016-08-17 00:43:33 -07:00
5a34bd6d1e
Fix for bug #72790 and bug #72799
2016-08-16 22:55:41 -07:00
698a691724
Fix bug #72750 : wddx_deserialize null dereference
2016-08-16 22:55:39 -07:00
426aeb2808
Fix bug #72749 : wddx_deserialize allows illegal memory access
2016-08-16 22:55:19 -07:00
e3829b8869
Fix bug #72749 : wddx_deserialize allows illegal memory access
...
(cherry picked from commit 659a21dc20f0b64dafd8cb16573059d3b45cce6b)
Conflicts:
ext/wddx/wddx.c
2016-08-16 23:36:14 +02:00
f1486f0fd6
Fix bug #72750 : wddx_deserialize null dereference
...
(cherry picked from commit 6930a1d12c47aa1d2675837852910d177b0ceb11)
Conflicts:
ext/wddx/wddx.c
2016-08-16 13:13:05 +02:00
a47df5be19
fix tests
2016-08-16 13:01:06 +02:00
4bccb8e94e
add missing skipif section
2016-08-16 12:53:40 +02:00
0c8a2a2cd1
Fix for bug #72790 and bug #72799
...
(cherry picked from commit a14fdb9746262549bbbb96abb87338bacd147e1b)
Conflicts:
ext/wddx/wddx.c
2016-08-16 12:46:29 +02:00
99613431b4
Add missing TSRMLS_FETCH()
2016-07-30 16:28:42 +02:00
029f8e8777
Fix incorrect merge
...
Forgot to amend the merge fixes...
2016-07-30 16:07:54 +02:00
1f67b4c24d
Merge branch 'PHP-5.6' into PHP-7.0
2016-07-30 15:51:23 +02:00
e87ac688d5
Fixed bug #72142
2016-07-30 15:13:03 +02:00
99d6e09c3d
Fixed Bug #72564 boolean always deserialized as "true"
2016-07-08 10:46:33 +02:00
76a143c27c
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
add test for bug #72564 (7.x regression)
2016-07-08 10:45:32 +02:00
bfc42211d3
add test for bug #72564 (7.x regression)
2016-07-08 10:45:13 +02:00
5a9f0c77ad
re-fix leak
2016-06-21 15:21:58 +02:00
a00350486f
re-fix leak
2016-06-21 15:18:10 +02:00
9a9249a8d0
Revert "fix leak"
...
This reverts commit 757105e2a2
2016-06-21 14:58:15 +02:00
e6cc30e167
Revert "fix leak"
...
This reverts commit c5d9c50897
2016-06-21 14:51:43 +02:00
757105e2a2
fix leak
2016-06-21 13:26:12 +02:00
c5d9c50897
fix leak
2016-06-21 12:29:41 +02:00
2a65544f78
Merge branch 'PHP-5.6.23' into PHP-7.0.8
...
* PHP-5.6.23: (24 commits)
iFixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
update NEWS
fix tests
fix build
Fix bug #72455 : Heap Overflow due to integer overflows
Fix bug #72434 : ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize
Fix bug #72407 : NULL Pointer Dereference at _gdScaleVert
Fix bug #72402 : _php_mb_regex_ereg_replace_exec - double free
Fix bug #72298 pass2_no_dither out-of-bounds access
Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow
Fix bug #72262 - do not overflow int
Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
Fix bug #72275 : don't allow smart_str to overflow int
Fix bug #72340 : Double Free Courruption in wddx_deserialize
update NEWS
Fix #66387 : Stack overflow with imagefilltoborder
Fix bug #72321 - use efree() for emalloc allocation
5.6.23RC1
Fix bug #72140 (segfault after calling ERR_free_strings())
...
Conflicts:
configure.in
ext/mbstring/php_mbregex.c
ext/mcrypt/mcrypt.c
ext/spl/spl_array.c
ext/spl/spl_directory.c
ext/standard/php_smart_str.h
ext/standard/string.c
ext/standard/url.c
ext/wddx/wddx.c
ext/zip/php_zip.c
main/php_version.h
2016-06-21 00:24:32 -07:00
7dde353ee7
Merge branch 'PHP-5.5' into PHP-5.6.23
...
* PHP-5.5:
Fixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
update NEWS
fix tests
fix build
Fix bug #72455 : Heap Overflow due to integer overflows
Fix bug #72434 : ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize
Fix bug #72407 : NULL Pointer Dereference at _gdScaleVert
Fix bug #72402 : _php_mb_regex_ereg_replace_exec - double free
Fix bug #72298 pass2_no_dither out-of-bounds access
Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow
Fix bug #72262 - do not overflow int
Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
Fix bug #72275 : don't allow smart_str to overflow int
Fix bug #72340 : Double Free Courruption in wddx_deserialize
update NEWS
Fix #66387 : Stack overflow with imagefilltoborder
Skip test which is 64bits only
5.5.37 now
Conflicts:
configure.in
ext/mcrypt/mcrypt.c
ext/spl/spl_directory.c
main/php_version.h
2016-06-21 00:01:48 -07:00
a44c89e8af
Fix bug #72340 : Double Free Courruption in wddx_deserialize
2016-06-12 23:18:23 -07:00
1ce0ea7396
fix wddx merge
2016-03-02 00:02:33 -08:00
90a0cbd594
Merge branch 'PHP-5.6.19' into PHP-7.0.4
...
* PHP-5.6.19:
fix test file
Fix version
update NEWS
Update NEWS
Fix bug #71498 : Out-of-Bound Read in phar_parse_zipfile()
fix ts buld
prep for 5.6.19RC1
5.6.20 is next
Fixed bug #71587 - Use-After-Free / Double-Free in WDDX Deserialize
Conflicts:
configure.in
ext/wddx/wddx.c
main/php_version.h
2016-03-01 23:01:48 -08:00
91990bbde0
Merge branch 'PHP-5.5.33' into PHP-5.6.19
...
* PHP-5.5.33:
Fix bug #71498 : Out-of-Bound Read in phar_parse_zipfile()
Fixed bug #71587 - Use-After-Free / Double-Free in WDDX Deserialize
2016-03-01 22:40:00 -08:00
b1bd4119bc
Fixed bug #71587 - Use-After-Free / Double-Free in WDDX Deserialize
2016-02-14 22:34:39 -08:00
Sammy Kaye Powers