The string added had uninitialized memory due to
php_read_stream_all_chunks() not moving the buffer position, resulting
in the same data always being overwritten instead of new data being
added to the end of the buffer.
This is backport as there is a security impact as described in
GHSA-3237-qqm7-mfv7 .
In the latest version of libpcre2, the offsets appearing in some
"compilation failed" warnings have increased by one, as a result of
https://github.com/PCRE2Project/pcre2/pull/756
This is causing spurious test failures, so in this commit we replace
the hard-coded offsets by a regex that matches both values.
Gentoo-bug: https://bugs.gentoo.org/965018
Closes GH-20397
These tests:
- ext/standard/tests/network/udp4loop.phpt
- ext/sockets/tests/socket_create_listen.phpt
- ext/sockets/tests/socket_create_listen-win32.phpt
all use port 31338. socket_create_listen.phpt and its win32 variant are mutually
exclusive, so they can't conflict. While udp4loop.phpt tries multiple ports, the
other tests do not. If udp4loop.phpt runs first and socket_create_listen.phpt
starts before it ends, the port is still blocked. Bump the start port for
udp4loop.phpt to avoid conflicts.
Apple Silicon has stricter rules about rwx mmap regions. They need to be created
using the MAP_JIT flag. However, the MAP_JIT seems to be incompatible with
MAP_SHARED. ZTS requires MAP_SHARED so that some threads may execute code from a
page while another writes/appends to it. We did not find another solution, other
than completely disabling JIT for Apple Silicon + ZTS.
See discussion in https://github.com/php/php-src/pull/13351.
Co-authored-by: Peter Kokot <peterkokot@gmail.com>
Fixes GH-13400
Closes GH-13396
Libxml versions prior to 2.13 cannot correctly handle a call to
xmlNodeSetName() with a name longer than 2G. It will leave the node
object in an invalid state with a NULL name. This later causes a NULL
pointer dereference when using the name during message serialization.
To solve this, implement a workaround that resets the name to the
sentinel name if this situation arises.
Versions of libxml of 2.13 and higher are not affected.
This can be exploited if a SoapVar is created with a fully qualified
name that is longer than 2G. This would be possible if some application
code uses a namespace prefix from an untrusted source like from a remote
SOAP service.
Co-authored-by: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
This adds error checks for escape function is pgsql and pdo_pgsql
extensions. It prevents possibility of storing not properly escaped
data which could potentially lead to some security issues.
This fixes stream_socket_client() and fsockopen().
Specifically it adds a check to parse_ip_address_ex and it also makes
sure that the \0 is not ignored in fsockopen() hostname formatting.
These tests attempt to test that no memory is leaked for stream calls. However,
it is incorrect to assume the memory will not increase for other reasons, e.g.
when growing resource buffers, for the output buffer, etc. This was discovered
through 9cacc57350 with USE_TRACKED_ALLOC=1, but
this can also fail with USE_ZEND_ALLOC=1 when increasing loop iterations.
Use connection ID instead of count to check whether we're using a
persistent connection. This allows the test to be run in parallel with
the other tests, but also protects against the possibility that some
other service connects to the mysql server.
Closes GH-18040
$start and $end use the H:i:s from the current time. If $end happens on
a second boundary, $start + 4 days will include $end, thus performing an
extra iteration. Fix this by setting H:i:s to 00:00:00.
Due to a deliberate change in libcurl, the expiration is now capped to
at most 400 days. We could solve this by choosing another date roughly
a year in the future, but would need to update the test next year.
This would be especially annoying for security branches.
Another option would be to actually parse the cookie list lines, but
that might not be worth the trouble. Instead we just ignore the exact
timestamp created by libcurl.
[1] <https://github.com/curl/curl/pull/15937>
Closes GH-17709.
Apparently, some ICU versions report "America/Los_Angeles" for the `ZZ`
case, what matches the behavior of ICU 76.1 (on Windows). Possibly,
there has been some bug fix backport on some systems. Anyhow, either
seems fine, so we're not picky about that.
Closes GH-17669.
