php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-18 13:31:27 +02:00
Code Issues Packages Projects Releases Wiki Activity
83,657 Commits 547 Branches 1,483 Tags
ca46d0acbce55019b970fcd4c1e8a10edfdded93
Commit Graph

1481 Commits

Author SHA1 Message Date
Stanislav Malyshev
f74d7d92c8 Fix bug #73144 and bug #73341 - remove extra dtor 2016-10-23 22:03:16 -07:00
Stanislav Malyshev
689a9b8def Merge branch 'PHP-5.6.27' into PHP-5.6 
* PHP-5.6.27:
  Fix tests
  fix tsrm
  Fix bug #73284 - heap overflow in php_ereg_replace function
  Fix bug #73276 - crash in openssl_random_pseudo_bytes function
  Fix bug #73293 - NULL pointer dereference in SimpleXMLElement::asXML()
  fix bug #73275 - crash in openssl_encrypt function
  Fix for #73240 - Write out of bounds at number_format
  Bug #73218: add mitigation for ICU int overflow
  Add more locale length checks, due to ICU bugs.
  Fix bug #73208 - another missing length check
  Fix bug #73190: memcpy negative parameter _bc_new_num_ex
  Fix bug #73189 - Memcpy negative size parameter php_resolve_path
  Fixed bug #73174 - heap overflow in php_pcre_replace_impl
  Fix bug #73150: missing NULL check in dom_document_save_html
  Fix bug #73147: Use After Free in PHP7 unserialize()
  Fix bug #73082
  Fix bug #73073 - CachingIterator null dereference when convert to string
 2016-10-11 16:26:35 -07:00
Stanislav Malyshev
082d1f2375 Fix tests 2016-10-11 16:18:08 -07:00
Márcio Almada
4397306b32 fix bug related to #865 
In case USE_KEY flag is active, RegexIterator->accept() should keep it's
old behavior which is to accept keys mapping arrays.

This broke after PHP 5.5 but was not noticed due to lack of tests for USE_KEY.
 2016-09-22 12:46:19 +02:00
Stanislav Malyshev
33a8af0510 Fix bug #73073 - CachingIterator null dereference when convert to string 2016-09-20 22:59:12 -07:00
Stanislav Malyshev
33d0ef0fef Fix test 2016-09-12 21:04:23 -07:00
Stanislav Malyshev
ecb7f58a06 Fix bug #73029 - Missing type check when unserializing SplArray 2016-09-12 21:04:23 -07:00
Pierrick Charron
4c2e1a13be Fixed bug #72684 (AppendIterator segfault with closed generator) 2016-07-26 20:34:16 -04:00
Christoph M. Becker
6b116932b2 Fix #72646: SplFileObject::getCsvControl does not return the escape character 
This has obviously been missed when adding the $escape parameter to
SplFileObject::setCsvControl() in PHP 5.3, so we catch up on this.
 2016-07-22 15:24:50 +02:00
Loz Calver
f5ccd71d0c Fix 72122 - don't use EH_THROW for calls to getIterator 2016-07-12 10:10:35 +02:00
Valentin VALCIU
4c24f170ea Fix bug #55701: GlobIterator throws LogicException 
GlobIterator throws LogicException with message 'The parent constructor was
not called' on its first operation when the glob expression doesn't match
any file. It also throws on the first operation after the iteration
completes, when the glob expression matches some files.

# Resolved conflicts:
#	ext/spl/spl_directory.c
 2016-07-05 16:39:25 +02:00
Stanislav Malyshev
7dde353ee7 Merge branch 'PHP-5.5' into PHP-5.6.23 
* PHP-5.5:
  Fixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
  update NEWS
  fix tests
  fix build
  Fix bug #72455:  Heap Overflow due to integer overflows
  Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
  Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize
  Fix bug #72407: NULL Pointer Dereference at _gdScaleVert
  Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free
  Fix bug #72298	pass2_no_dither out-of-bounds access
  Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow
  Fix bug #72262 - do not overflow int
  Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
  Fix bug #72275: don't allow smart_str to overflow int
  Fix bug #72340: Double Free Courruption in wddx_deserialize
  update NEWS
  Fix #66387: Stack overflow with imagefilltoborder
  Skip test which is 64bits only
  5.5.37 now

Conflicts:
	configure.in
	ext/mcrypt/mcrypt.c
	ext/spl/spl_directory.c
	main/php_version.h
 2016-06-21 00:01:48 -07:00
Stanislav Malyshev
7f428cae88 fix build 2016-06-20 22:13:31 -07:00
Stanislav Malyshev
3f627e580a Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize 2016-06-20 21:26:33 -07:00
Stanislav Malyshev
7245bff300 Fix bug #72262 - do not overflow int 2016-06-15 21:58:26 -07:00
Nikita Popov
cc3cdd0057 Fixed bug #67582 2016-03-20 17:46:12 +01:00
Xinchen Hui
ead7632cf9 Fixed test script 2016-03-17 15:23:44 +08:00
Lior Kaplan
49493a2dcf Happy new year (Update copyright to 2016) 2016-01-01 19:21:47 +02:00
Xinchen Hui
620ccc9b1a Fixed bug #71204 (segfault if clean spl_autoload_funcs while autoloading) 2015-12-23 08:10:59 -08:00
Reeze Xia
1c0622a472 Make test for bug #70852 to cover all cases 2015-11-05 14:09:24 +08:00
Reeze Xia
51218b3b9d Fixed bug #70852 Segfault getting NULL offset of an ArrayObject. 2015-11-05 13:46:03 +08:00
Stanislav Malyshev
0b35e0c5a1 Merge branch 'pull-request/1535' into PHP-5.6 
* pull-request/1535:
  Bug #70561: Fix DirectoryIterator to throw OutOfBoundsException
 2015-10-18 17:17:55 -07:00
Xinchen Hui
925412ee1c Do not edit the zval cause it might be in shared memory 2015-10-03 19:50:38 -07:00
Bishop Bettini
368d3ff0d9 Bug #70561: Fix DirectoryIterator to throw OutOfBoundsException 
-------------------------------------------------------------------------------
DirectoryIterator implements SeekableIterator, which "should throw an
OutOfBoundsException if the position is not seekable". As is, seek just returns
and one must call valid(). This approach is different than most (all?) other
SeekableIterator implementations and leads to developer confusion. See the
bug report for a specific example.
 2015-09-23 11:14:52 -04:00
Stanislav Malyshev
c19d59c550 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  update NEWS
  add NEWS for fixes
  Improve fix for #70172
  Fix bug #70312 - HAVAL gives wrong hashes in specific cases
  fix test
  add test
  Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
  Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
  Fix bug #70172 - Use After Free Vulnerability in unserialize()
  Fix bug #70388 - SOAP serialize_function_call() type confusion
  Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
  Improve fix for #70385
  Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
  Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
  Fix bug #70219 (Use after free vulnerability in session deserializer)
  Fix for bug #69782
  Add CVE IDs asigned (post release) to PHP 5.4.43
  Add CVE IDs asigned to #69085 (PHP 5.4.39)
  5.4.45 next

Conflicts:
	ext/pcre/php_pcre.c
	ext/standard/var_unserializer.c
	ext/standard/var_unserializer.re
	ext/zip/php_zip.c
 2015-09-01 12:06:41 -07:00
Stanislav Malyshev
33d3acaae7 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Improve fix for #70172
  Fix bug #70312 - HAVAL gives wrong hashes in specific cases
  fix test
  add test
  Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
  Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
  Fix bug #70172 - Use After Free Vulnerability in unserialize()
  Fix bug #70388 - SOAP serialize_function_call() type confusion
  Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
  Improve fix for #70385
  Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
  Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
  Fix bug #70219 (Use after free vulnerability in session deserializer)
  Fix for bug #69782
  Add CVE IDs asigned (post release) to PHP 5.4.43
  Add CVE IDs asigned to #69085 (PHP 5.4.39)
  5.4.45 next

Conflicts:
	configure.in
	ext/pcre/php_pcre.c
	ext/standard/var_unserializer.c
	ext/standard/var_unserializer.re
	main/php_version.h
 2015-09-01 11:42:19 -07:00
Stanislav Malyshev
6935058a98 Merge branch 'PHP-5.4.45' into PHP-5.5.29 
* PHP-5.4.45:
  add test
  Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
  Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
  Fix bug #70172 - Use After Free Vulnerability in unserialize()
  Fix bug #70388 - SOAP serialize_function_call() type confusion
  Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
  Improve fix for #70385
  Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
  Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)

Conflicts:
	ext/pcre/php_pcre.c
	ext/standard/var_unserializer.c
 2015-09-01 00:28:39 -07:00
Stanislav Malyshev
c8f07ad477 add test 2015-09-01 00:26:12 -07:00
Stanislav Malyshev
259057b2a4 Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList 2015-09-01 00:20:45 -07:00
Stanislav Malyshev
f06a069c46 Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage 2015-09-01 00:14:15 -07:00
Anatol Belski
aa23bc6d1d fix dir separator 2015-08-21 14:08:33 +02:00
Anatol Belski
9e69ef4ce2 fix dir separator in test 2015-08-21 14:05:58 +02:00
Christoph M. Becker
484b92919b Fix #70303: Incorrect constructor reflection for ArrayObject 
The first parameter of ArrayObject::__construct() is optional. Reflection
should reflect this.
 2015-08-19 16:23:16 +02:00
Xinchen Hui
b584b51398 Fixed bug #70290 (Null pointer deref (segfault) in spl_autoload via ob_start) 2015-08-19 18:41:28 +08:00
Stanislav Malyshev
ed709d5aa0 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  update NEWS
  fix test
  update NEWS
  Fix bug #70019 - limit extracted files to given directory
  Do not do convert_to_* on unserialize, it messes up references
  Fix #69793 - limit what we accept when unserializing exception
  Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
  Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
  ignore signatures for packages too
  Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
  Fixed bug #69892
  Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
  Improved fix for Bug #69441
  Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
  Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
  Fix bug #70081: check types for SOAP variables

Conflicts:
	ext/soap/php_http.c
	ext/spl/spl_observer.c
 2015-08-04 15:29:13 -07:00
Stanislav Malyshev
69ed3969dd Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fix bug #70019 - limit extracted files to given directory
  Do not do convert_to_* on unserialize, it messes up references
  Fix #69793 - limit what we accept when unserializing exception
  Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
  Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
  ignore signatures for packages too
  Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
  Fixed bug #69892
  Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
  Improved fix for Bug #69441
  Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
  Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
  Fix bug #70081: check types for SOAP variables

Conflicts:
	.gitignore
	ext/date/php_date.c
	ext/spl/spl_array.c
	ext/spl/spl_observer.c
 2015-08-04 14:10:57 -07:00
Stanislav Malyshev
863bf294fe Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList) 2015-08-01 22:01:51 -07:00
Stanislav Malyshev
7381b6accc Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject 2015-08-01 22:01:40 -07:00
Stanislav Malyshev
c7d3c027d5 ignore signatures for packages too 2015-08-01 22:01:32 -07:00
Stanislav Malyshev
c2e197e4ef Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage 2015-08-01 22:01:17 -07:00
Stanislav Malyshev
b7fa67742c Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items) 2015-07-26 17:25:25 -07:00
Xinchen Hui
e41f600365 Fixed bug #69970 (Use-after-free vulnerability in spl_recursive_it_move_forward_ex()) 2015-07-07 21:25:28 +08:00
Anatol Belski
18b3508c3c Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  fixed test related to fix for bug #67805
 2015-06-08 13:28:23 +02:00
Anatol Belski
17f2d1e8a7 fixed test related to fix for bug #67805 2015-06-08 13:27:22 +02:00
Anatol Belski
3c02e6f457 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  updated NEWS
  Fix bug #67805 - SplFileObject setMaxLineLength.
 2015-06-08 12:11:58 +02:00
Willian Gustavo Veiga
b470d9a0d6 Fix bug #67805 - SplFileObject setMaxLineLength. 2015-06-08 12:08:05 +02:00
Stanislav Malyshev
e96c64ed5e Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Fix bug #69737 - Segfault when SplMinHeap::compare produces fatal error
 2015-06-01 22:53:56 -07:00
Stanislav Malyshev
1cbd25ca15 Fix bug #69737 - Segfault when SplMinHeap::compare produces fatal error 2015-06-01 22:07:16 -07:00
Xinchen Hui
96bb3b838c Merge branch 'PHP-5.5' into PHP-5.6 2015-03-14 11:31:53 +08:00
Xinchen Hui
5b87d52041 Fixed typo 2015-03-14 11:31:12 +08:00