php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-03 22:22:18 +02:00
Code Issues Packages Projects Releases Wiki Activity
49,838 Commits 547 Branches 1,481 Tags
php-5.3.29
Commit Graph

26457 Commits

Author SHA1 Message Date
Stanislav Malyshev
0fe07a0e74 Fix missing type checks in various functions 2014-07-31 15:36:24 +02:00
Stanislav Malyshev
c74efe1b2e Fix bug #67492: unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion 
Conflicts:
	ext/spl/spl_array.c
	ext/spl/tests/SplObjectStorage_unserialize_bad.phpt
 2014-07-18 16:31:59 -07:00
Xinchen Hui
b5051ff939 Fixed bug #67359 (Segfault in recursiveDirectoryIterator) 2014-07-18 16:28:58 -07:00
Stanislav Malyshev
e2ba5c7987 Fix bug #66127 (Segmentation fault with ArrayObject unset) 2014-07-18 16:28:16 -07:00
Stanislav Malyshev
8e9777a1f1 Fix test - because of big #67397 we don't allow overlong locales anymore 2014-07-18 16:27:11 -07:00
Stanislav Malyshev
e644aad3f9 Fix bug #67397 (Buffer overflow in locale_get_display_name->uloc_getDisplayName (libicu 4.8.1)) 2014-07-18 16:26:51 -07:00
Stanislav Malyshev
8ab4e2e90d Fix bug #67349: Locale::parseLocale Double Free 2014-07-18 16:26:05 -07:00
Stanislav Malyshev
b512adf78d Fixed bug #67399 (putenv with empty variable may lead to crash) 
Conflicts:
	ext/standard/basic_functions.c
 2014-07-18 16:24:54 -07:00
Remi Collet
2fe5bcbeb5 Fixed Bug #67413 fileinfo: cdf_read_property_info insufficient boundary chec 
Upstream:
93e063ee37

Adapted for C standard.
 2014-07-18 16:21:01 -07:00
Remi Collet
892def5f12 Bug #67412 fileinfo: cdf_count_chain insufficient boundary check 
Upstream:
40bade80cb
 2014-07-18 16:20:19 -07:00
Remi Collet
8d1d038509 Fixed Bug #67411 fileinfo: cdf_check_stream_offset insufficient boundary check 
Upstream:
36fadd2984

Conflicts:
	ext/fileinfo/libmagic/cdf.c
 2014-07-18 16:19:30 -07:00
Remi Collet
6bd5a06894 Fixed Bug #67410 fileinfo: mconvert incorrect handling of truncated pascal string size 
Upstream
27a14bc7ba
 2014-07-18 16:17:36 -07:00
Stanislav Malyshev
ec002bd837 Fix bug #67498 - phpinfo() Type Confusion Information Leak Vulnerability 2014-07-18 16:14:42 -07:00
Remi Collet
52de149ebc Fix bug #67326 fileinfo: cdf_read_short_sector insufficient boundary check 
Upstream fix 6d209c1c48.patch
Only revelant part applied
 2014-07-18 16:13:07 -07:00
Stanislav Malyshev
2326401fc1 fix bug #67253: timelib_meridian_with_check out-of-bounds read 
Conflicts:
	ext/date/lib/parse_date.c
 2014-07-18 16:11:54 -07:00
Stanislav Malyshev
7f527897fe Fix bug #67252: convert_uudecode out-of-bounds read 2014-07-18 16:05:52 -07:00
Stanislav Malyshev
d4b67896ec Fix bug #67250 (iptcparse out-of-bounds read) 2014-07-18 16:02:52 -07:00
Stanislav Malyshev
84605098bc Fix bug #67247 spl_fixedarray_resize integer overflow 2014-07-18 15:59:59 -07:00
Stanislav Malyshev
ee1ab62763 Fix bug #67328 (fileinfo: numerous file_printf calls resulting in performance degradation) 
Upstream patch: b8acc83781
 2014-07-18 15:52:00 -07:00
Stanislav Malyshev
d77ea459bd Fix bug #67327: fileinfo: CDF infinite loop in nelements DoS 
Upstream fix: f97486ef5d
 2014-07-18 15:50:58 -07:00
Anatol Belski
44be7b7f27 backport this piece from 5.6, related to the #66307 fix 
Conflicts:
	ext/fileinfo/libmagic/readcdf.c
 2014-07-18 15:50:04 -07:00
Anatol Belski
0335d2ef3e Fixed bug #66307 Fileinfo crashes with powerpoint files 
Conflicts:
	ext/fileinfo/libmagic/readcdf.c
	ext/fileinfo/tests/finfo_file_002.phpt
 2014-07-18 15:48:18 -07:00
Remi Collet
a0bb3fd679 Fixed bug #66060 (Heap buffer over-read in DateInterval) 
Conflicts:
	ext/date/lib/parse_iso_intervals.c
 2014-07-18 15:39:37 -07:00
Stanislav Malyshev
eca037a51d Fix bug #65873 - Integer overflow in exif_read_data() 2014-07-18 15:37:15 -07:00
Stanislav Malyshev
3c328f0984 Fix bug #67251 - date_parse_from_format out-of-bounds read 
Conflicts:
	ext/date/lib/parse_date.c
	ext/date/lib/parse_date.re
 2014-06-15 00:33:24 -07:00
Stanislav Malyshev
d780c2a673 Fix bug #67249: printf out-of-bounds read 2014-06-13 16:43:56 -07:00
Sara Golemon
d400b74296 Fix potential segfault in dns_get_record() 
If the remote sends us a packet with a malformed TXT record,
we could end up trying to over-consume the packet and wander
off into overruns.
 2014-06-13 16:42:55 -07:00
Stanislav Malyshev
adc070ca99 fix typo in ODBC code 2014-05-18 23:42:30 -07:00
Will Fitch
8aa93b7f2c Revert "Fix #62479: Some chars not parsed in passwords" 
This reverts commit e6bb90c66a.
 2014-01-19 13:02:20 -05:00
Will Fitch
e6bb90c66a Fix #62479: Some chars not parsed in passwords 
This fixes an issue where backslashes and spaces aren't
correctly parsed for passwords.
 2014-01-18 19:27:00 -05:00
Anatol Belski
6f739318fd fix dir separator in cve-2013-6420 test 2013-12-11 13:31:29 +01:00
Stanislav Malyshev
c1224573c7 Fix CVE-2013-6420 - memory corruption in openssl_x509_parse 2013-12-10 11:03:49 -08:00
Stanislav Malyshev
c1c49d6e39 fix using wrong buffer pointer 2013-08-19 01:02:12 -07:00
Stanislav Malyshev
dcea4ec698 Fix CVE-2013-4073 - handling of certs with null bytes 2013-08-13 22:24:11 -07:00
Johannes Schlüter
710eee5555 add test for bug #65236 2013-07-10 19:35:18 +02:00
Rob Richards
7d163e8a08 truncate results at depth of 255 to prevent corruption 2013-07-06 07:53:07 -04:00
Anatol Belski
cd1b44c4b6 ensure the error_reporting level to get expected notice 2013-06-12 13:13:48 +02:00
Anatol Belski
eccc05fc44 fixed tests 2013-06-11 12:38:49 +02:00
Anatol Belski
f16143f5ac missing tests for bug #53437 2013-06-11 11:19:57 +02:00
Anatol Belski
88c2dbe5fc Backported the fix for bug #53437 2013-06-10 19:48:18 +02:00
Xinchen Hui
75c57122e3 Fixed bug #64997 (Segfault while using RecursiveIteratorIterator on 64-bits systems) 2013-06-09 22:24:48 +08:00
Anatol Belski
1aee7ad636 Fixed bug #64934 Apache2 TS crash with get_browser() 
In favour of reading the browscap.ini into a true global var
only once in MINIT, the price for that is to deep copy the
any data from it.
 2013-06-06 18:49:04 +02:00
Stanislav Malyshev
93e0d78ec6 fix CVE-2013-2110 - use correct formula to calculate string size 2013-06-04 21:56:33 -07:00
Matteo Beccati
2463e89794 Clean up leftover test files 2013-06-02 13:38:43 +02:00
Matteo Beccati
25aae37229 Fixed bug #64609 (pg_convert enum type support) 2013-06-02 06:29:35 +02:00
Matteo Beccati
79803bebde Fixed bug #62857 (bytea test failures) 
Postgres 9.1+ test fixes. Tests were failing due to the default
standard_conforming_strings GUC being changed to on. Also the
pg_escape_bytea test was encoding the data before estabilishing
a connection, thus falling back to the old escaping type which
isn't properly handled by the backend when using a default
configuration.

I haven't updated the NEWS file as it's just test fixes.
 2013-06-01 23:15:48 +02:00
Matteo Beccati
510498947e Slightly edited tests and fix for bug #62024 2013-05-31 16:19:58 +02:00
Matheus Degiovani
df6ca450ce Fixed bug #62024 (unable to run consecutive prepared querys with null values) 
Credits to james@kenjim.com for the patch.
 2013-05-31 14:30:57 +02:00
Matheus Degiovani
65d233f06c Fixed bug #64037 (wrong value returned when using a negative numeric field equal to the scale) 2013-05-31 14:30:51 +02:00
Remi Collet
1c623e3b07 Fixed Bug #64949 (Buffer overflow in _pdo_pgsql_error) 
There is a lot of call such as:
	pdo_pgsql_error(dbh, PGRES_FATAL_ERROR, "Copy command failed");
Where the 3rd paramater is a error message string where a sqlstate (5 chars)
is expected. This cause a segfault in copy_from.phpt and copy_to.phpt.

This is only a sanity check to avoid buffer overflow, but obviously this
calls need to be fixed (using NULL or a correct sqlstate).
 2013-05-31 08:39:32 +02:00