Apple Silicon has stricter rules about rwx mmap regions. They need to be created
using the MAP_JIT flag. However, the MAP_JIT seems to be incompatible with
MAP_SHARED. ZTS requires MAP_SHARED so that some threads may execute code from a
page while another writes/appends to it. We did not find another solution, other
than completely disabling JIT for Apple Silicon + ZTS.
See discussion in https://github.com/php/php-src/pull/13351.
Co-authored-by: Peter Kokot <peterkokot@gmail.com>
Fixes GH-13400
Closes GH-13396
Libxml versions prior to 2.13 cannot correctly handle a call to
xmlNodeSetName() with a name longer than 2G. It will leave the node
object in an invalid state with a NULL name. This later causes a NULL
pointer dereference when using the name during message serialization.
To solve this, implement a workaround that resets the name to the
sentinel name if this situation arises.
Versions of libxml of 2.13 and higher are not affected.
This can be exploited if a SoapVar is created with a fully qualified
name that is longer than 2G. This would be possible if some application
code uses a namespace prefix from an untrusted source like from a remote
SOAP service.
Co-authored-by: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
This adds error checks for escape function is pgsql and pdo_pgsql
extensions. It prevents possibility of storing not properly escaped
data which could potentially lead to some security issues.
This fixes stream_socket_client() and fsockopen().
Specifically it adds a check to parse_ip_address_ex and it also makes
sure that the \0 is not ignored in fsockopen() hostname formatting.
Libxml versions prior to 2.13 cannot correctly handle a call to
xmlNodeSetName() with a name longer than 2G. It will leave the node
object in an invalid state with a NULL name. This later causes a NULL
pointer dereference when using the name during message serialization.
To solve this, implement a workaround that resets the name to the
sentinel name if this situation arises.
Versions of libxml of 2.13 and higher are not affected.
This can be exploited if a SoapVar is created with a fully qualified
name that is longer than 2G. This would be possible if some application
code uses a namespace prefix from an untrusted source like from a remote
SOAP service.
Co-authored-by: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
This adds error checks for escape function is pgsql and pdo_pgsql
extensions. It prevents possibility of storing not properly escaped
data which could potentially lead to some security issues.
This fixes stream_socket_client() and fsockopen().
Specifically it adds a check to parse_ip_address_ex and it also makes
sure that the \0 is not ignored in fsockopen() hostname formatting.
These tests attempt to test that no memory is leaked for stream calls. However,
it is incorrect to assume the memory will not increase for other reasons, e.g.
when growing resource buffers, for the output buffer, etc. This was discovered
through 9cacc57350 with USE_TRACKED_ALLOC=1, but
this can also fail with USE_ZEND_ALLOC=1 when increasing loop iterations.
Use connection ID instead of count to check whether we're using a
persistent connection. This allows the test to be run in parallel with
the other tests, but also protects against the possibility that some
other service connects to the mysql server.
Closes GH-18040
$start and $end use the H:i:s from the current time. If $end happens on
a second boundary, $start + 4 days will include $end, thus performing an
extra iteration. Fix this by setting H:i:s to 00:00:00.
Due to a deliberate change in libcurl, the expiration is now capped to
at most 400 days. We could solve this by choosing another date roughly
a year in the future, but would need to update the test next year.
This would be especially annoying for security branches.
Another option would be to actually parse the cookie list lines, but
that might not be worth the trouble. Instead we just ignore the exact
timestamp created by libcurl.
[1] <https://github.com/curl/curl/pull/15937>
Closes GH-17709.
Derick Rethans