4435b9142f
Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions)
2015-04-11 16:53:22 -07:00
f938112c49
Fix bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault)
2015-04-11 16:53:21 -07:00
ebb98e7aeb
updated libmagic.patch in 5.4
2015-01-04 17:04:13 +01:00
ede59c8feb
Fixed bug #68735 fileinfo out-of-bounds memory access
2015-01-04 14:20:21 +01:00
919abf0cb1
removed dead code
2015-01-04 09:40:19 +01:00
1803228597
Fix bug #68283 : fileinfo: out-of-bounds read in elf note headers
...
Upstream commit
https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0
CVE -2014-3710
2014-10-22 15:37:04 +02:00
e64da8c20d
Fixed bug #66242 (don't assume char is signed)
...
This fixes a bug in libmagic where a cast to 'char' is assumed to result
in sign extension to occur. However, unqualified 'char' is unsigned on
architectures such as ARM, so the cast needs to be to 'signed char'
explicitly.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org >
2014-09-20 16:39:48 -07:00
35f32637b0
Fix bug #67716 - Segfault in cdf.c
2014-08-14 17:21:20 -07:00
61ec9b5b0f
add test
2014-08-04 00:08:08 -07:00
eeaec70758
Fix bug #67705 (extensive backtracking in rule regular expression)
2014-08-04 00:05:40 -07:00
af5f997a5d
updated libmagic.patch
2014-07-01 10:25:20 +02:00
25b1dc917a
Fixed Bug #67413 fileinfo: cdf_read_property_info insufficient boundary chec
...
Upstream:
https://github.com/file/file/commit/93e063ee374b6a75729df9e7201fb511e47e259d
Adapted for C standard.
2014-06-10 14:33:37 +02:00
40ef6e07e0
Bug #67412 fileinfo: cdf_count_chain insufficient boundary check
...
Upstream:
https://github.com/file/file/commit/40bade80cbe2af1d0b2cd0420cebd5d5905a2382
2014-06-10 14:22:04 +02:00
5c9f967999
Fixed Bug #67411 fileinfo: cdf_check_stream_offset insufficient boundary check
...
Upstream:
https://github.com/file/file/commit/36fadd29849b8087af9f4586f89dbf74ea45be67
2014-06-10 14:13:14 +02:00
e77659a8c8
Fixed Bug #67410 fileinfo: mconvert incorrect handling of truncated pascal string size
...
Upstream
https://github.com/file/file/commit/27a14bc7ba285a0a5ebfdb55e54001aa11932b08
2014-06-10 14:02:36 +02:00
4fcb9a9d1b
Fix bug #67326 fileinfo: cdf_read_short_sector insufficient boundary check
...
Upstream fix https://github.com/file/file/commit/6d209c1c489457397a5763bca4b28e43aac90391.patch
Only revelant part applied
2014-06-03 11:05:00 +02:00
d2765e4b8c
updated libmagic.patch for 5.4+
2014-05-27 22:36:12 +02:00
d184f07b3c
backport this piece from 5.6, related to the #66307 fix
2014-05-26 18:05:13 -07:00
15ee33eb21
Fixed bug #66307 Fileinfo crashes with powerpoint files
2014-05-26 18:04:27 -07:00
4005f06df6
Fix bug #67328 (fileinfo: numerous file_printf calls resulting in performance degradation)
...
Upstream patch: https://github.com/file/file/commit/b8acc83781d5a24cc5101e525d15efe0482c280d
2014-05-26 18:01:17 -07:00
57225f09ed
Fix bug #67327 : fileinfo: CDF infinite loop in nelements DoS
...
Upstream fix: https://github.com/file/file/commit/f97486ef5dc3e8735440edc4fc8808c63e1a3ef0
2014-05-26 17:45:14 -07:00
2c204a55af
Fixed Bug #66987 Memory corruption in fileinfo ext (bigendian)
...
On little endian:
map->p == php_magic_database
map->magic[i] = pointer into the map
map->p == NULL
map->magic[i] = pointer to allocated memory
On big endian (ppc64, s390x, ...):
map->p != php_magic_database and map->p != NULL
map->magic[i] = pointer into a copy of the map
Trying to efree pointer in the later cause memory corruption
Thanks to dkatulek / Red Hat for the report.
2014-03-31 16:50:47 +02:00
4374a52e9d
Fixed bug #66946 extensive backtracking in awk rule regular expression
...
CVE-2013-7345
Applied upstream patch:
https://github.com/file/file/commit/ef2329cf71acb59204dd981e2c6cce6c81fe467c
Add the magicdata.patch to track patches applied to upstream data file.
2014-03-25 11:00:33 +01:00
1df558c6a0
Fixed bug #66946 extensive backtracking in awk rule regular expression
...
CVE-2013-7345
Applied upstream patch:
https://github.com/file/file/commit/ef2329cf71acb59204dd981e2c6cce6c81fe467c
Add the magicdata.patch to track patches applied to upstream data file.
2014-03-25 10:58:50 +01:00
b9d494a33b
updated libmagic.patch
2014-03-10 14:12:20 +01:00
a33759fd27
Fixed Bug #66820 out-of-bounds memory access in fileinfo
...
Upstream fix:
https://github.com/glensc/file/commit/447558595a3650db2886cd2f416ad0beba965801
Notice, test changed, with upstream agreement:
-define OFFSET_OOB(n, o, i) ((n) < (o) || (i) >= ((n) - (o)))
+define OFFSET_OOB(n, o, i) ((n) < (o) || (i) > ((n) - (o)))
2014-03-04 20:32:52 +01:00
731013ee8e
Improves fix for memory leak, keep in sync with upstream.
...
Previous fix:
http://git.php.net/?p=php-src.git;a=commitdiff;h=10eb0070700382f966bf260e44135e1f724a15d2
Upstream fix:
https://github.com/glensc/file/commit/c0c0032b9e9eb57b91fefef905a3b018bab492d9
2014-03-04 13:41:37 +01:00
ce1fd72776
updated libmagic.patch in 5.4/5
2014-02-20 19:00:05 +01:00
10eb007070
fixed leak introduced after CVE/upgrade
2014-02-20 18:53:53 +01:00
a289b37f48
updated libmagic.patch
2014-02-18 19:08:16 +01:00
89f864c547
Fixed Bug #66731 file: infinite recursion
...
Upstream commit (available in file-5.17)
https://github.com/glensc/file/commit/3c081560c23f20b2985c285338b52c7aae9fdb0f
https://github.com/glensc/file/commit/cc9e74dfeca5265ad725acc926ef0b8d2a18ee70
2014-02-18 13:54:33 +01:00
35101e9ef4
a few typofixes
2014-02-14 14:51:10 +02:00
c0d060f5c0
Bump year
2014-01-03 11:04:26 +08:00
8d86597d73
non living code related typo fixes
2013-08-04 16:05:36 -07:00
e9a95d78ef
typo fixes
2013-07-15 00:23:03 -07:00
ac40c0b562
Merge branch 'pull-request/341'
...
* pull-request/341: (23 commits)
typofixes
2013-06-10 14:20:18 -07:00
bcdac7526d
reduced the file size even more
...
the first second is what at least has to be
2013-05-25 00:09:32 +02:00
2d386db878
Fixed bug #64916 finfo testcase contains copyrighted music.
...
I wasn't able to produce a file causing exactly the same crash.
However the first three seconds of the originally reported
file are pretty enough to repro bug #64830 . That reduces its
size to 72k.
2013-05-24 23:58:31 +02:00
1a46a102d9
updated libmagic.patch after fix for #64830
2013-05-14 11:14:37 +02:00
74555e7c26
Fixed bug #64830 mimetype detection segfaults on mp3 file
2013-05-14 09:40:43 +02:00
e9b03c412b
updated libmagic.patch
2013-04-27 14:09:29 +02:00
cdc1a63790
Fixed bug bug #64713 Compilation warnings in finfo
2013-04-27 13:49:50 +02:00
a35d386612
updated libmagic.patch
2013-04-08 16:23:43 +02:00
9de5dcad1c
fix ident
2013-04-08 15:51:22 +02:00
f3ca1155d6
Refactored the previous memleak fix
...
to avoid usage of a freed pointer. Thanks Laruence )
2013-04-08 14:32:37 +02:00
28e26b0fad
fix memory leak at apprentice.c:1095
2013-04-08 12:49:53 +02:00
b0b81c0a37
fixed EOL
2013-04-08 09:20:43 +02:00
10367fa7c6
upgraded libmagic to 5.14
2013-04-07 22:15:56 +02:00
0a7395e009
Happy New Year
2013-01-01 16:28:54 +08:00
d88017e992
Merge branch 'PHP-5.3' into PHP-5.4
...
* PHP-5.3:
Fixed bug #63590 Fileinfo delivers ifferent results in TS and NTS under Windows
Conflicts:
NEWS
ext/fileinfo/libmagic.patch
ext/fileinfo/tests/finfo_open_error-win32.phpt
2012-11-27 16:45:25 +01:00
Stanislav Malyshev