php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-20 14:31:06 +02:00
Code Issues Packages Projects Releases Wiki Activity
71,044 Commits 547 Branches 1,483 Tags
d734e75599593fe552eebf9bf579d73addc75a1e
Commit Graph

7534 Commits

Author SHA1 Message Date
Stanislav Malyshev
45facd15fb fix memory leak & add test 2015-04-12 22:38:34 -07:00
Stanislav Malyshev
d82d68742c Fix bug #69337 (php_stream_url_wrap_http_ex() type-confusion vulnerability) 2015-04-12 01:30:33 -07:00
Stanislav Malyshev
1defbb25ed Fix test 2015-04-12 00:56:02 -07:00
Stanislav Malyshev
a894a8155f More fixes for bug #69152 2015-04-11 16:53:22 -07:00
Stanislav Malyshev
4435b9142f Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions) 2015-04-11 16:53:22 -07:00
Stanislav Malyshev
fb83c76dee Check that the type is correct 2015-03-22 18:17:47 -07:00
Stanislav Malyshev
8b14d3052f add test for bug #68976 2015-03-17 17:03:46 -07:00
Stanislav Malyshev
646572d6d3 Fixed bug #68976 - Use After Free Vulnerability in unserialize() 2015-03-17 13:20:22 -07:00
Stanislav Malyshev
9ba4db5e5d fix tests 2015-03-17 12:55:35 -07:00
Stanislav Malyshev
1291d6bbee Fix bug #69207 - move_uploaded_file allows nulls in path 2015-03-17 12:47:58 -07:00
Felipe Pena
8f9ab04d93 - Fixed bug #67827 (broken detection of system crypt sha256/sha512 support) 2015-02-17 00:23:47 -02:00
Yasuo Ohgaki
a8722f5330 Add NULL byte protection to exec, system and passthru 2015-02-14 05:25:04 +09:00
Stanislav Malyshev
f001c63073 Update header handling to RFC 7230 2015-02-05 20:08:12 -08:00
Stanislav Malyshev
94d6cb4a78 fix TSRM 2015-01-31 23:34:14 -08:00
Stanislav Malyshev
b30a6d6018 Use better constant since MAXHOSTNAMELEN may mean shorter name 2015-01-31 21:46:56 -08:00
Stanislav Malyshev
0f9c708229 Add mitigation for CVE-2015-0235 (bug #68925) 2015-01-31 19:08:13 -08:00
Stanislav Malyshev
b585a3aed7 Fix for bug #68710 (Use After Free Vulnerability in PHP's unserialize()) 2015-01-01 16:19:05 -08:00
Stanislav Malyshev
630f9c33c2 Fix bug #68594 - Use after free vulnerability in unserialize() 2014-12-16 10:15:17 -08:00
Andrea Faulds
034e6decb3 Fix undefined behaviour in strnatcmp 2014-12-13 22:27:10 +00:00
Anatol Belski
0323f66fa2 move the test to the right place 2014-12-11 10:39:47 -08:00
Anatol Belski
13f1c276ab Fixed bug #68545 NULL pointer dereference in unserialize.c 2014-12-11 10:39:37 -08:00
Stanislav Malyshev
84be568366 update news 2014-11-30 21:37:39 -08:00
Leigh
7e870c596d Bug fixes in light of failing bcrypt tests 
Conflicts:
	ext/standard/crypt.c
 2014-11-30 21:06:39 -08:00
Leigh
2d9d10fbbf Add tests from 1.3. Add missing tests. 
3 of the missing tests fail. // TODO
 2014-11-30 21:05:40 -08:00
Leigh
29f51e1ca9 Upgrade crypt_blowfish to version 1.3 2014-11-30 21:05:32 -08:00
Stanislav Malyshev
56754a7f9e Fixed bug #68044: Integer overflow in unserialize() (32-bits only) 2014-10-13 23:14:25 -07:00
Remi Collet
2fefae4771 Fixed Sec Bug #67717 segfault in dns_get_record CVE-2014-3597 
Incomplete fix for CVE-2014-4049

Check possible buffer overflow
- pass real buffer end to dn_expand calls
- check buffer len before each read
 2014-08-19 08:33:49 +02:00
Veres Lajos
3f42f2f5d1 typofixes 2014-08-17 15:44:02 +03:00
Stanislav Malyshev
eab42649ab fix test 2014-08-14 17:07:28 -07:00
Anatol Belski
b7cd099ae0 split the glob() test to test different basedir 2014-08-14 17:04:51 -07:00
Anatol Belski
ad492ca932 fixed glob() edge case on windows, ref bug #47358 2014-08-14 16:58:16 -07:00
Pierre Joye
481c4715d4 - fix bug #47358, glob returns error, should be empty array() 
Conflicts:
	ext/standard/dir.c
 2014-08-14 16:56:22 -07:00
Anatol Belski
ae74549239 backport the fix for bug #67739 2014-08-04 09:57:08 +02:00
Tjerk Meesters
da3add26cf Fixed bug #67693 - incorrect push to the empty array 2014-07-30 18:15:14 +08:00
Tjerk Meesters
4fc0d46ae7 Fix for bug #34407 - ucwords and title case 
Added support for ranges like trim() has
 2014-07-12 10:44:11 +08:00
Anatol Belski
03214a2aef Backported the patch from bug #67407 into 5.4 2014-07-08 09:52:35 +02:00
Nikita Popov
18989420b6 Add test for bug #67151 2014-07-02 22:39:54 +02:00
Nikita Popov
3cc6bd10ac Fix bug #67151: strtr with empty array crashes 2014-07-02 22:33:20 +02:00
Michael Wallner
34e686c556 fix integer overflow in {stream,file}_{get,put}_contents() 2014-07-02 09:53:03 +02:00
Stanislav Malyshev
3488cf6fd8 Merge branch 'PHP-5.4.30' into PHP-5.4 
* PHP-5.4.30:
  5.4.30
  Better fix for bug #67072 with more BC provisions
  Fix bug #67498 - phpinfo() Type Confusion Information Leak Vulnerability
  update CVE
  Fix bug #67492: unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion
  Fix bug #67397 (Buffer overflow in locale_get_display_name->uloc_getDisplayName (libicu 4.8.1))
  Fix bug #67349: Locale::parseLocale Double Free
  add CVEs
  Fix potential segfault in dns_get_record()
  Fix bug #66127 (Segmentation fault with ArrayObject unset)
  5.4.30 rc1

Conflicts:
	configure.in
	main/php_version.h
 2014-06-24 10:23:36 -07:00
Stanislav Malyshev
6d97b4b2b3 Better fix for bug #67072 with more BC provisions 2014-06-23 22:16:25 -07:00
Stanislav Malyshev
fb0128af2a Fix bug #67498 - phpinfo() Type Confusion Information Leak Vulnerability 2014-06-23 00:22:59 -07:00
Stanislav Malyshev
c42d5cf5de Better fix for bug #67072 with more BC provisions 2014-06-21 21:29:11 -07:00
Lior Kaplan
6f3bcb0d6e Update copyright year for re2c generated files 2014-06-16 23:28:36 +03:00
Lior Kaplan
e667d23178 Update copyright year for re2c files as well 2014-06-16 23:26:50 +03:00
Sara Golemon
21525d0413 Fix potential segfault in dns_get_record() 
If the remote sends us a packet with a malformed TXT record,
we could end up trying to over-consume the packet and wander
off into overruns.
 2014-06-15 01:04:24 -07:00
Adam Harvey
b51f82f260 Follow 308 Permanent Redirect responses. 
Fixes bug #67430 (http:// wrapper doesn't follow 308 redirects).
 2014-06-12 18:12:53 -07:00
Adam Harvey
1b9cbab9a7 Keep 308-399 HTTP response codes when header('Location:') is called. 
Fixes bug #67428 (header('Location: foo') will override a 308-399 response
code).
 2014-06-12 17:35:05 -07:00
Sara Golemon
4f73394fdd Fix potential segfault in dns_get_record() 
If the remote sends us a packet with a malformed TXT record,
we could end up trying to over-consume the packet and wander
off into overruns.
 2014-06-11 13:37:04 -07:00
Stanislav Malyshev
62857998c5 Fixed bug #67399 (putenv with empty variable may lead to crash) 2014-06-08 23:09:09 -07:00