php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-23 07:58:20 +02:00
Code Issues Packages Projects Releases Wiki Activity
121,942 Commits 549 Branches 1,485 Tags
cab1ea46e76dba2aac81b77cf77dc8bbcb53ec87
Commit Graph

379 Commits

Author SHA1 Message Date
Christoph M. Becker e589609b4c Merge branch 'PHP-7.4' into PHP-8.0 
* PHP-7.4:
  Fix #77961: finfo_open crafted magic parsing SIGABRT
 2020-11-24 14:06:53 +01:00
Christoph M. Becker 39f95f5614 Fix #77961: finfo_open crafted magic parsing SIGABRT 
libmagic may abort the running process, which is not desirable for PHP;
we raise a fatal error instead.

Closes GH-6437.
 2020-11-24 14:01:15 +01:00
Anatol Belski f2b40775af Revert "libmagic: Move the allocation on the stack" 
This reverts commit 1d84a58736.

Signed-off-by: Anatol Belski <ab@php.net>
 2020-09-02 20:04:00 +02:00
Anatol Belski 8c31001bf1 libmagic: Constify arg 2020-09-02 17:35:51 +02:00
Anatol Belski 1d84a58736 libmagic: Move the allocation on the stack 2020-09-02 17:35:51 +02:00
Anatol Belski c676e8f356 libmagic: Fix VS compat 2020-08-29 19:58:26 +02:00
Anatol Belski f8f288145b libmagic: Remove unneeded includes 
Signed-off-by: Anatol Belski <ab@php.net>
 2020-08-29 19:41:53 +02:00
Anatol Belski bf93f1d824 fileinfo: Followup fixes 
Signed-off-by: Anatol Belski <ab@php.net>
 2020-08-29 19:03:41 +02:00
Anatol Belski c3eeab01ba fileinfo: Upgrade to libmagic 5.39 
Signed-off-by: Anatol Belski <ab@php.net>
 2020-08-29 02:05:56 +02:00
George Peter Banyard 1b2ec73c1d Drop various unused macros/APIs 
Also convert_libmagic_pattern() to return a zend_string*

Closes GH-6029
 2020-08-26 12:59:43 +02:00
David Carlier f32653accc fileinfo build fix proposal for haiku. 
Haiku already defines a unichar type and different than the fileinfo's anyway.

Closed GH-5983
 2020-08-21 16:13:09 +02:00
George Peter Banyard 3f286fa89a Promote Notice to Warning in libmagic 
The current behaviour makes little to no sense, having a notice which starts with 'Warning:' should just be a warning

Closes GH-5824
 2020-07-10 14:43:43 +02:00
George Peter Banyard f91f72607b Drop unnecessary stdint and inttypes header checks 
These are always available as of C99.

Closes GH-5323

Co-authored-by: "Christoph M. Becker" <cmbecker69@gmx.de>
 2020-04-22 20:18:19 +02:00
George Peter Banyard 457380cae7 Drop wchar header check as always defined since C95 2020-03-31 00:14:56 +02:00
Christoph M. Becker 7702b693b5 Fix #79283: Segfault in libmagic patch contains a buffer overflow 
To solve this, we properly calculate the required string length upfront
instead of allocating an oversized string (`len * 4 + 4`).
 2020-03-16 22:42:15 -07:00
Christoph M. Becker aa88f33f7d Fix #79283: Segfault in libmagic patch contains a buffer overflow 
To solve this, we properly calculate the required string length upfront
instead of allocating an oversized string (`len * 4 + 4`).
 2020-03-16 22:40:48 -07:00
Nikita Popov d4ba1fd963 Merge branch 'PHP-7.3' into PHP-7.4 
* PHP-7.3:
  Fix #74170: locale information change after mime_content_type
 2019-12-20 11:24:03 +01:00
Sergei Turchanov c62cd9a43a Fix #74170: locale information change after mime_content_type 
Some functions in libmagic (distributed with fileinfo extension) perform this sequence of calls:
func() {
setlocale(LC_TYPE, "C")
.. do some work ..
setlocale(LC_TYPE, "")
}

It effectively resets LC_TYPE if it that was set before the function call.

To avoid manipulations with current locale at all, the problematic functions
were modified to use locale-independent functions.
 2019-12-20 11:22:59 +01:00
Stanislav Malyshev 53b1d76144 Merge branch 'PHP-7.3' into PHP-7.4 
* PHP-7.3:
  Fix libmagic buffer overflow issue (CVE-2019-18218)
  bump version
  set versions for release
 2019-10-28 20:47:50 -07:00
Stanislav Malyshev 8c2b3b0568 Merge branch 'PHP-7.2' into PHP-7.3 
* PHP-7.2:
  Fix libmagic buffer overflow issue (CVE-2019-18218)
  bump version
  set versions for release
 2019-10-28 20:47:44 -07:00
Stanislav Malyshev 2bdb13a1f7 Merge branch 'PHP-7.1' into PHP-7.2 
* PHP-7.1:
  Fix libmagic buffer overflow issue (CVE-2019-18218)
  bump version
  set versions for release
 2019-10-28 20:47:30 -07:00
Stanislav Malyshev 469820048d Fix libmagic buffer overflow issue (CVE-2019-18218) 
Ported from https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84
 2019-10-27 16:30:38 -07:00
Peter Kokot f002761e08 Update libmagic patch 
This simplifies the libmagic patch:
- in upstream the HAVE_STRERROR check has been removed
- in upstream library the HAVE_SIGNAL_H has been removed
- indentations syncs with the upstream library
- some irrelevant changes removed from the patch (log comment), upstream
  has this correctly logged already so no need to patch the comment.

Closes GH-4298
 2019-07-08 12:38:47 +02:00
Anatol Belski 5ae0a6b784 Set buffer to NULL to prevent double free (Kamil Dudka at redhat) 
Based on the upstream patch d13204e8da43f1d8a98cf3f74591cde02ecdb2f7.
 2019-06-29 17:13:21 +02:00
Anatol Belski 0c8454c02d Partially reapply ba40f505e5 2019-05-30 02:48:01 +02:00
Anatol Belski 57c23df142 Fix datatype 2019-05-30 02:34:35 +02:00
Anatol Belski 622b10f06e Ported limagic 5.37 2019-05-30 02:22:40 +02:00
Nikita Popov 908660c1d7 Avoid maybe uninit warning in libmagic 
GCC 5 false positive, gone in newer versions.
 2019-04-15 10:59:45 +02:00
Nikita Popov ba40f505e5 Fix unused variable warnings in libmagic 
These variables are only used in assertions.
 2019-04-12 12:03:26 +02:00
Nikita Popov b65cb7e2aa Fix libmagic warnings 2019-04-11 15:20:05 +02:00
Nikita Popov 275fa53564 Accept zend_string* instead of char* in php_pcre_match_impl() 2019-03-18 12:32:06 +01:00
Fabien Villepinte b6f9ade9f2 Remove unused variables 2019-03-17 23:29:51 +01:00
Anatol Belski 93a38b1f7c Merge branch 'PHP-7.3' into PHP-7.4 
* PHP-7.3:
  Fix typo in libmagic version
 2019-03-08 21:45:18 +01:00
Fabien Villepinte d9a3cb0b36 Fix typo in libmagic version 2019-03-08 20:51:09 +01:00
Anatol Belski c8ebfaa4eb Merge branch 'PHP-7.3' into PHP-7.4 
* PHP-7.3:
  Fixed bug #77576 pull the libmagic implementation of gmtime_r
 2019-03-08 20:48:24 +01:00
Anatol Belski 65ffdc2adf Fixed bug #77576 pull the libmagic implementation of gmtime_r 
PHP already has all the checks to handle the *_r function variants.
Thus, reusing it to get right symbols.
 2019-03-08 20:32:15 +01:00
Nikita Popov 27e9c05e81 Remove preg_options param from pcre_get_compiled_regex() 
This parameter is always zero and not necessary to call pcre2_match.

I'm leaving the parameter behind on the _ex() variant, so the preg_flags
are still accessible in some way.
 2018-12-26 17:20:13 +01:00
Anatol Belski 992e4fbc65 Fix regex 2018-11-10 12:13:03 +01:00
Anatol Belski 9d77bf0978 Fix regex 2018-11-10 12:11:02 +01:00
Anatol Belski 22f71a66ec Sync one more upstream libmagic piece 2018-11-10 00:19:42 +01:00
Anatol Belski 29dcf19f8b Declare function proto in header 2018-11-05 21:29:35 +01:00
Anatol Belski 0e33c2822c Declare function proto in header 2018-11-05 21:28:04 +01:00
Anatol Belski c621182c42 Backport 7f5f4601 for 7.2 2018-11-04 16:57:55 +01:00
Anatol Belski 7f5f46013b Rework places in libmagic regarding previous CVE-2014-3538 fixes 
CVE-2014-3538 was fixed upstream, but the old patch was still kept in
the PHP port. This patch causes performance regressions when PCRE JIT is
not enabled. This is fixed by applying the relevant original code from
the newer libmagic, which makes the old patch obsolete as the
CVE-2014-3538 tests still pass.
 2018-11-04 13:11:28 +01:00
Anatol Belski e1af7a794a Fix possible stack buffer overflow 2018-08-04 16:56:08 +02:00
Anatol Belski 6f24d75b56 Remove unnecessary decls, php.h is included 2018-06-03 12:45:37 +02:00
Anatol Belski 4363588f2f Align the ported place with libmagic 2018-06-03 12:14:42 +02:00
Dmitry Stogov 5eb1f92f31 Use zend_string_release_ex() instread of zend_string_release() in places, where we sure about string persistence. 2018-05-28 16:27:12 +03:00
Anatol Belski 94699d2ade Use suitable datatypes 2018-04-30 14:27:11 +02:00
Anatol Belski f603ab57fc Reuse the struct timespec based pieces in libmagic 2018-04-30 12:02:47 +02:00