php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-15 03:51:07 +02:00
Code Issues Packages Projects Releases Wiki Activity
101,858 Commits 547 Branches 1,483 Tags
php-7.1.32
Commit Graph

44963 Commits

Author SHA1 Message Date
Christoph M. Becker
7bf1f9d561 Fix #75457: heap-use-after-free in php7.0.25 
Backport <https://vcs.pcre.org/pcre?view=revision&revision=1638>.
 2019-08-25 19:19:50 -07:00
Stanislav Malyshev
1258303e66 Fix CVE-2019-13224: don't allow different encodings for onig_new_deluxe() 
Backport from 0f7f61ed1b
 2019-08-24 23:11:45 -07:00
Christoph M. Becker
cd1101e8c8 Fix #77919: Potential UAF in Phar RSHUTDOWN 
We have to properly clean up in case phar_flush() is failing.

We also make the expectation of the respective test case less liberal
to avoid missing such bugs in the future.
 2019-07-29 13:18:27 -07:00
Stanislav Malyshev
aeb6d13185 Fix bug #78256 (heap-buffer-overflow on exif_process_user_comment) 2019-07-29 00:53:37 -07:00
Stanislav Malyshev
dea2989ab8 Fix bug #78222 (heap-buffer-overflow on exif_scan_thumbnail) 2019-07-29 00:53:28 -07:00
Christoph M. Becker
e944ae6b2a Upgrade to SQLite 3.28.0 
Over the years, multiple security vulnerabilities[1] have been found
and fixed in SQLite3, so it makes sense to update our bundled libsqlite
to the latest available version.

[1] <https://www.cvedetails.com/vulnerability-list/vendor_id-9237/Sqlite.html>
 2019-07-09 09:59:46 +02:00
Stanislav Malyshev
c34895e837 Fix bug #77967 - Bypassing open_basedir restrictions via file uris 2019-05-27 18:48:48 -07:00
Stanislav Malyshev
73ff4193be Fix bug #77988 - heap-buffer-overflow on php_jpg_get16 2019-05-27 17:28:09 -07:00
Stanislav Malyshev
7cf7148a8f Fix bug #78069 - Out-of-bounds read in iconv.c:_php_iconv_mime_decode() due to integer overflow 2019-05-27 16:32:42 -07:00
Christoph M. Becker
ed6dee9a19 Fix #77973: Uninitialized read in gdImageCreateFromXbm 
We have to ensure that `sscanf()` does indeed read a hex value here,
and bail out otherwise.
 2019-05-27 16:11:32 -07:00
Stanislav Malyshev
f80ad18afa Fix bug #77950 - Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG 
I do not completely understand what is going on there, but I am pretty
sure dir_entry <= offset_base if not a normal situation, so we better not
to rely on such dir_entry.
 2019-04-30 00:05:23 -07:00
Stanislav Malyshev
588db7cecf Always use ZEND_SECURE_ZERO() when cleaning up data 
Optimizing compilers have an annoying tendency to throw out
memsets over data that they think aren't used anymore. Apply secure
zero-out in cases where this has potential to happen.
 2019-04-06 18:15:42 -07:00
Remi Collet
dc1cd3daf2 fix paste issue 2019-04-02 11:05:09 +02:00
Christoph M. Becker
01a4de5c58 Pointer arithmetic on void pointers is illegal 
We quick-fix this by casting to char*; it might be more appropriate to
use char pointers in the first place.
 2019-04-02 10:39:44 +02:00
Stanislav Malyshev
887a7b5714 Fixed bug #77831 - Heap-buffer-overflow in exif_iif_add_value in EXIF 2019-04-02 00:12:26 -07:00
Stanislav Malyshev
f3aefc6d07 Fix bug #77753 - Heap-buffer-overflow in php_ifd_get32s 2019-03-31 23:09:06 -07:00
Nikita Popov
0ecac37c40 Validate subject encoding in mb_split and mb_ereg_match 
We were already validating the subject encoding in most functions,
but not these two.
 2019-03-27 23:20:27 -07:00
Nikita Popov
40fe50daf6 Validate pattern against mbregex encoding 
Oniguruma does not consistently perform this validation itself (at least
on older versions), so make sure we check pattern encoding validity on the
PHP side.
 2019-03-27 23:19:46 -07:00
bohwaz
58c25bf679 SQLite3: add DEFENSIVE config for SQLite >= 3.26.0 as a mitigation strategy against potential security flaws 2019-03-11 18:02:03 +01:00
Anatol Belski
66bd861fcd Sync with behavior change in OpenSSL 1.1.1b 
A behavior change in revealed by some openssl_decrypt() based test,
where an encrypt API is used with a decrypt context. The EVP_Cipher*
functions will automatically choose the right operation depending on the
context passed.

(cherry picked from commit 19a44ffb7b)
 2019-03-08 15:47:32 +01:00
Stanislav Malyshev
e0f5d62bd6 Fix bug #77586 - phar_tar_writeheaders_int() buffer overflow 2019-03-03 23:05:32 -08:00
Stanislav Malyshev
44f87fbf36 Fix test error message 2019-03-03 19:30:14 -08:00
Stanislav Malyshev
8ac6fee856 Fix bug #77563 - Uninitialized read in exif_process_IFD_in_MAKERNOTE 
Also fix for bug #77659
 2019-03-03 18:35:43 -08:00
Stanislav Malyshev
5f0e62a3e5 Fix bug #77540 - Invalid Read on exif_process_SOFn 2019-03-03 18:35:26 -08:00
Stanislav Malyshev
5e824a88d0 Fix integer overflows on 32-bits 2019-03-03 18:35:04 -08:00
Christoph M. Becker
254a5914ad Fix #77431 SplFileInfo::__construct() accepts NUL bytes 
`SplFileInfo::__construct()` has to expect a path instead of a string,
analogous to `SplFileObject::__construct()`.
 2019-03-03 18:23:46 -08:00
Stanislav Malyshev
7f0ab7c20c Fix bug #77396 - Null Pointer Dereference in phar_create_or_parse_filename 2019-03-03 18:22:32 -08:00
Stanislav Malyshev
27625f063e Still leaking for some reason, XFAIL for now, I'll look into it later. 2019-01-07 01:03:04 -08:00
Stanislav Malyshev
1afebfb3fa Merge branch 'PHP-5.6' into PHP-7.1 
* PHP-5.6:
  Fix bug #77418 - Heap overflow in utf32be_mbc_to_code
  [ci skip] Add NEWS
  Fix more issues with encodilng length
  Fix #77270: imagecolormatch Out Of Bounds Write on Heap
  Fix bug #77380  (Global out of bounds read in xmlrpc base64 code)
  Fix bug #77371 (heap buffer overflow in mb regex functions - compile_string_node)
  Fix bug #77370 - check that we do not read past buffer end when parsing multibytes
  Fix #77269: Potential unsigned underflow in gdImageScale
  Fix bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext)
  Fix bug #77242 (heap out of bounds read in xmlrpc_decode())
  Regenerate certs for openssl tests
 2019-01-06 23:33:34 -08:00
Stanislav Malyshev
9d6c59eeea Fix bug #77418 - Heap overflow in utf32be_mbc_to_code 2019-01-06 23:31:15 -08:00
Stanislav Malyshev
0c35032012 Fix test 2019-01-06 12:30:44 -08:00
Stanislav Malyshev
8d3dfabef4 Fix #77369 - memcpy with negative length via crafted DNS response 2019-01-06 11:39:09 -08:00
Stanislav Malyshev
31f59e1f30 Fix more issues with encodilng length 
Should fix bug #77381, bug #77382, bug #77385, bug #77394.
 2019-01-06 11:38:46 -08:00
Christoph M. Becker
567c9f5842 Fix #77270: imagecolormatch Out Of Bounds Write on Heap 
At least some of the image reading functions may return images which
use color indexes greater than or equal to im->colorsTotal.  We cater
to this by always using a buffer size which is sufficient for
`gdMaxColors` in `gdImageColorMatch()`.
 2019-01-06 11:38:46 -08:00
Stanislav Malyshev
4feb9e66ff Fix bug #77380 (Global out of bounds read in xmlrpc base64 code) 2019-01-06 11:38:46 -08:00
Stanislav Malyshev
c6e34d91b8 Fix bug #77371 (heap buffer overflow in mb regex functions - compile_string_node) 2019-01-06 11:38:46 -08:00
Stanislav Malyshev
deb06bbb9c Fix bug #77370 - check that we do not read past buffer end when parsing multibytes 2019-01-06 11:38:46 -08:00
Christoph M. Becker
dfd8237aec Fix #77269: Potential unsigned underflow in gdImageScale 
Belatedly, we're porting the respective upstream patch[1].

[1] <60bfb401ad>
 2019-01-06 11:38:46 -08:00
Stanislav Malyshev
78bd347774 Fix bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext) 2019-01-06 11:38:46 -08:00
Stanislav Malyshev
9c62b95e5e Fix bug #77242 (heap out of bounds read in xmlrpc_decode()) 2019-01-06 11:38:46 -08:00
Alexander Kurilo
e3e3289bd1 Regenerate certs for openssl tests 2019-01-06 11:38:46 -08:00
Stanislav Malyshev
c95daa9c75 Fix more issues with encodilng length 
Should fix bug #77381, bug #77382, bug #77385, bug #77394.
 2019-01-06 11:34:27 -08:00
Christoph M. Becker
7a12dad4dd Fix #77270: imagecolormatch Out Of Bounds Write on Heap 
At least some of the image reading functions may return images which
use color indexes greater than or equal to im->colorsTotal.  We cater
to this by always using a buffer size which is sufficient for
`gdMaxColors` in `gdImageColorMatch()`.
 2019-01-06 11:34:20 -08:00
Stanislav Malyshev
1cc2182bcc Fix bug #77380 (Global out of bounds read in xmlrpc base64 code) 2019-01-06 11:34:00 -08:00
Stanislav Malyshev
28362ed4fa Fix bug #77371 (heap buffer overflow in mb regex functions - compile_string_node) 2019-01-06 11:33:54 -08:00
Stanislav Malyshev
20407d06ca Fix bug #77370 - check that we do not read past buffer end when parsing multibytes 2019-01-06 11:33:44 -08:00
Christoph M. Becker
a918020c03 Fix #77269: Potential unsigned underflow in gdImageScale 
Belatedly, we're porting the respective upstream patch[1].

[1] <60bfb401ad>
 2019-01-06 11:33:38 -08:00
Stanislav Malyshev
428d8164ff Fix bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext) 2019-01-06 11:33:32 -08:00
Stanislav Malyshev
4fc0bceb7c Fix bug #77242 (heap out of bounds read in xmlrpc_decode()) 2019-01-06 11:33:25 -08:00
Alexander Kurilo
f51062523d Regenerate certs for openssl tests 2019-01-02 10:00:36 -08:00