php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-05 07:02:33 +02:00
Code Issues Packages Projects Releases Wiki Activity
110,683 Commits 547 Branches 1,481 Tags
b5ce6df0dabb8b2eadbef55444e4ead5ae5dc3cc
Commit Graph

1544 Commits

Author SHA1 Message Date
Christoph M. Becker
be6d72b3a4 Revert "Fix out-of-bounds write" 
This reverts commit bf6873a18e.

CVE-2020-26159 is bogus; the "bug" was apparently a false positive
reported by Coverity, and the "fix" apparently wrong, see
<https://github.com/kkos/oniguruma/issues/221>.

Closes GH-6357.
 2020-10-26 15:40:12 +01:00
K.Kosako
bf6873a18e Fix out-of-bounds write 
Fixes CVE-2020-26159.

Backported from <cbe9f8bd9c>.
 2020-10-02 15:02:35 +02:00
XXiang
3d5de7d746 Fix bug #79787 
Closes GH-5807.
 2020-07-08 11:20:58 +02:00
George Peter Banyard
a0df5f3b54 Revert "Went to fast and forgot to update tests" 
This reverts commit 656eac74fa.
 2020-04-07 22:24:40 +02:00
George Peter Banyard
6031b08240 Revert "Fix Bug #79448 0 is a valid Unicode codepoint, but mb_substitute_character(0) fails" 
This commit brings some substantial changes in behaviour due to the weird implementation.
This will be fixed in master due to BC concerns.

This reverts commit 1333b46d6d.
 2020-04-07 22:23:24 +02:00
George Peter Banyard
656eac74fa Went to fast and forgot to update tests 
However due to the really lax conversion to integer all strings pass as 0
 2020-04-03 22:03:00 +02:00
George Peter Banyard
1333b46d6d Fix Bug #79448 0 is a valid Unicode codepoint, but mb_substitute_character(0) fails 2020-04-03 21:18:45 +02:00
George Peter Banyard
18dc9044f5 Fix bug 79441 2020-04-01 04:29:20 +02:00
Christoph M. Becker
1fdffd1c55 Fix #79371: mb_strtolower (UTF-32LE): stack-buffer-overflow 
We make sure that negative values are properly compared.
 2020-03-16 22:40:00 -07:00
Nikita Popov
6ccd675776 Add SKIPIF to test requiring mbregex 2020-01-30 11:20:42 +01:00
Nikita Popov
a62c06c4cf Fix mb_ord() crash if internal encoding not supported 
enc_name can be NULL here. Take the name from the mbfl_encoding
instead.
 2020-01-29 16:18:46 +01:00
Nikita Popov
560ff9725e Reset MBREX(search_re) in RSHUTDOWN 
This is going to cause a segfault if reused in the next request.
To illustrate the issue, run these two scripts in sequence with
the built-in server:

// script1.php
mb_ereg_search_init('foobar');
mb_ereg_search('foo');

// script2.php
var_dump(mb_ereg_search_init("foobar"));
var_dump(mb_ereg_search_pos());
 2020-01-29 16:05:11 +01:00
Nikita Popov
392ad206a4 Fix use of mb_ereg_search_getregs() after invalid pattern 
This segfaulted because we assumed that if there are matches,
there must be a regular expression as well.
 2020-01-29 12:50:18 +01:00
Christoph M. Becker
f1bf4bf6eb Don't leak encoding_str 2020-01-22 11:15:16 +01:00
Christoph M. Becker
9be31a582a Fix #79154: mb_convert_encoding() can modify $from_encoding 
We must not modify arrays passed by value.
 2020-01-22 10:28:07 +01:00
Stanislav Malyshev
25ec7eb346 Merge branch 'PHP-7.2' into PHP-7.3 
* PHP-7.2:
  Update NEWS
  Fix bug #79037 (global buffer-overflow in `mbfl_filt_conv_big5_wchar`)
  Fix #79099: OOB read in php_strip_tags_ex
  Fix #79091: heap use-after-free in session_create_id()
 2020-01-20 22:46:29 -08:00
Stanislav Malyshev
2bcbc95f03 Fix bug #79037 (global buffer-overflow in mbfl_filt_conv_big5_wchar) 2020-01-20 21:43:42 -08:00
Christoph M. Becker
1979c5d16f Upgrade to Oniguruma 6.9.4 
Oniguruma 6.9.4 fixes several CVEs.
 2019-11-30 14:00:41 +01:00
Christoph M. Becker
8c4b0ddde5 Add missing skip checks 2019-11-29 23:50:05 +01:00
Christoph M. Becker
ff2140c49d Partially revert "Adapt test cases for Oniguruma 6.9.4" 
This partially reverts commit c55d09c2f5,
because `MB_ONIGURUMA_VERSION` is only available as of PHP 7.4.0, so
that change made no sense for PHP-7.3; we keep it for PHP-7.4, though.
We also stick with the modification to bug78633.phpt.
 2019-11-29 23:40:30 +01:00
Christoph M. Becker
c55d09c2f5 Adapt test cases for Oniguruma 6.9.4 
Apparently, bug 78633 has now really been fixed; the former fix only
catered to the buffer overflow, but yielded a wrong result.  Also,
the order of the named captures has been fixed.
 2019-11-29 16:59:19 +01:00
Christoph M. Becker
85874af404 Remove obsolete oniguruma.patch 
The proper `SIZEOF_SIZE_T` definitions are available as of Oniguruma
6.9.1; no more need to patch.
 2019-11-05 10:16:22 +01:00
Christoph M. Becker
4f50d58cab Fix #78633: Heap buffer overflow (read) in mb_eregi 
We backport kkos/oniguruma@15c4228aa2.
 2019-10-20 22:47:38 -07:00
Christoph M. Becker
2046b3ce4f Merge branch 'PHP-7.2' into PHP-7.3 
* PHP-7.2:
  Fix #78609: mb_check_encoding() no longer supports stringable objects
 2019-09-30 13:04:54 +02:00
Christoph M. Becker
45db6fa567 Fix #78609: mb_check_encoding() no longer supports stringable objects 
We apply type juggling for other types than array.
 2019-09-30 12:42:04 +02:00
Christoph M. Becker
8f949eba80 Fix #78559: Heap buffer overflow in mb_eregi 
We backport kkos/oniguruma@d3e402928b.
 2019-09-23 21:49:55 -07:00
Christoph M. Becker
698088ca7c Merge branch 'PHP-7.2' into PHP-7.3 
* PHP-7.2:
  Fix #78579: mb_decode_numericentity: args number inconsistency
 2019-09-21 16:16:52 +02:00
Christoph M. Becker
398b308316 Fix #78579: mb_decode_numericentity: args number inconsistency 
mb_decode_numericentity() accepts a fourth optional parameter, which is
unused, however.  Since this parameter doesn't do any harm, and to avoid
the small BC break, we're keeping this parameter for PHP 7, but adjust
the arginfo.

For PHP 8, we will remove this parameter.
 2019-09-21 16:15:23 +02:00
Stanislav Malyshev
5748cec3ee Upgrade oniguruma lib to 6.9.3 2019-08-27 23:40:46 -07:00
Stanislav Malyshev
d3f2cfe20a Update Oniguruma to 6.9.1 2019-08-25 00:02:32 -07:00
Stanislav Malyshev
5704eca6f7 Merge branch 'PHP-7.2' into PHP-7.3 
* PHP-7.2:
  Fix CVE-2019-13224: don't allow different encodings for onig_new_deluxe()
  set version for release
 2019-08-24 23:16:09 -07:00
Stanislav Malyshev
087cb7bab2 Merge branch 'PHP-7.1' into PHP-7.2 
* PHP-7.1:
  Fix CVE-2019-13224: don't allow different encodings for onig_new_deluxe()
  set version for release
 2019-08-24 23:15:36 -07:00
Stanislav Malyshev
1258303e66 Fix CVE-2019-13224: don't allow different encodings for onig_new_deluxe() 
Backport from 0f7f61ed1b
 2019-08-24 23:11:45 -07:00
Nikita Popov
354a1c27aa Merge branch 'PHP-7.2' into PHP-7.3 2019-04-12 10:37:08 +02:00
Nikita Popov
3b53d28e60 Fix key leaks in mb_convert_encoding() 2019-04-12 10:36:58 +02:00
Nikita Popov
a61d24e4d8 Avoid onig match param unused variable warning 2019-04-11 12:35:24 +02:00
Stanislav Malyshev
bc8f292c05 Merge branch 'mb-limit-73' into PHP-7.3 
* mb-limit-73:
  Add fallbacks for older oniguruma versions
  Add mbstring.regex_stack_limit to php.ini-*
  Implement RF bug #72777 - ensure stack limits on mbstring functions.
 2019-04-01 00:00:14 -07:00
Stanislav Malyshev
e12c069d33 Add fallbacks for older oniguruma versions 2019-03-30 23:18:33 -07:00
Matteo Beccati
263c587854 Fixed SKIPIF when --disable-mbregex is used 2019-03-30 18:29:49 +01:00
Matteo Beccati
f030f34622 Merge branch 'PHP-7.2' into PHP-7.3 
* PHP-7.2:
  Fixed SKIPIF when --disable-mbregex is used
 2019-03-30 18:29:44 +01:00
Matteo Beccati
0dbb581cf4 Fixed SKIPIF when --disable-mbregex is used 2019-03-30 18:28:33 +01:00
Stanislav Malyshev
66c35b083b Merge branch 'PHP-7.2' into PHP-7.3 
* PHP-7.2:
  Validate subject encoding in mb_split and mb_ereg_match
  Validate pattern against mbregex encoding
  SQLite3: add DEFENSIVE config for SQLite >= 3.26.0 as a mitigation strategy against potential security flaws
 2019-03-28 00:42:56 -07:00
Stanislav Malyshev
402adc1df1 Merge branch 'PHP-7.1' into PHP-7.2 
* PHP-7.1:
  Validate subject encoding in mb_split and mb_ereg_match
  Validate pattern against mbregex encoding
  SQLite3: add DEFENSIVE config for SQLite >= 3.26.0 as a mitigation strategy against potential security flaws
 2019-03-28 00:35:22 -07:00
Yasuo Ohgaki
738016bd88 Implement RF bug #72777 - ensure stack limits on mbstring functions. 
The patch creates new config: mbstring.regex_stack_limit, which
defaults to 100000.
 2019-03-28 00:31:57 -07:00
Nikita Popov
0ecac37c40 Validate subject encoding in mb_split and mb_ereg_match 
We were already validating the subject encoding in most functions,
but not these two.
 2019-03-27 23:20:27 -07:00
Nikita Popov
40fe50daf6 Validate pattern against mbregex encoding 
Oniguruma does not consistently perform this validation itself (at least
on older versions), so make sure we check pattern encoding validity on the
PHP side.
 2019-03-27 23:19:46 -07:00
Nikita Popov
3c98c2d0cb Fixed bug #77514 2019-01-24 15:13:49 +01:00
Nikita Popov
d6212835f2 Merge branch 'PHP-7.2' into PHP-7.3 2019-01-14 10:23:44 +01:00
Nikita Popov
3ad0ebdf5c Fixed bug #77454 2019-01-14 10:22:48 +01:00
Nikita Popov
76c687feaf Fixed bug #77428 
mb_ereg_replace historically has not supported escaping backslashes
with backslashes. Go back to that behavior for BC reasons.
 2019-01-08 10:21:01 +01:00