Makes it like ext/standard/tests/file/filetype_variation.phpt; it's not
just Windows that can have a missing posix_mkfifo, but also a minimal
build, like the ones suggested that RMs test with (using --disable-all).
(cherry picked from commit bd484ed65f)
If you can extend the file between the file size gathering (resulting in
a buffer allocation), and reading / writing to the file you can trigger a
TOC-TOU where you write out of bounds.
To solve this, add extra bound checks and make sure that write actions
always fail when going out of bounds.
The easiest way to trigger this is via a pipe, which is used in the
test, but it should be possible with a regular file and a quick race
condition as well.
Closes GH-20591.
* PHP-8.4:
Update NEWS with info about security issues
Fix GHSA-www2-q4fc-65wf
Fix GHSA-h96m-rvf9-jgm2
Fix GHSA-8xr5-qppj-gvwj: PDO quoting result null deref
Fix GH-20584: Information Leak of Memory
* PHP-8.3:
Update NEWS with info about security issues
Fix GHSA-www2-q4fc-65wf
Fix GHSA-h96m-rvf9-jgm2
Fix GHSA-8xr5-qppj-gvwj: PDO quoting result null deref
Fix GH-20584: Information Leak of Memory
* PHP-8.2:
Update NEWS with info about security issues
Fix GHSA-www2-q4fc-65wf
Fix GHSA-h96m-rvf9-jgm2
Fix GHSA-8xr5-qppj-gvwj: PDO quoting result null deref
Fix GH-20584: Information Leak of Memory
* PHP-8.1:
Update NEWS with info about security issues
Fix GHSA-www2-q4fc-65wf
Fix GHSA-h96m-rvf9-jgm2
Fix GHSA-8xr5-qppj-gvwj: PDO quoting result null deref
Fix GH-20584: Information Leak of Memory
The string added had uninitialized memory due to
php_read_stream_all_chunks() not moving the buffer position, resulting
in the same data always being overwritten instead of new data being
added to the end of the buffer.
This is backport as there is a security impact as described in
GHSA-3237-qqm7-mfv7 .
zval_get_string() can never return NULL, you need to use the try version
to get NULL. This is observable because the process will still spawn
even if an exception had occurred. To fix this, use the try variant.
Closes GH-20650.
The string added had uninitialized memory due to
php_read_stream_all_chunks() not moving the buffer position, resulting
in the same data always being overwritten instead of new data being
added to the end of the buffer.
Closes GH-20592.
These tests:
- ext/standard/tests/network/udp4loop.phpt
- ext/sockets/tests/socket_create_listen.phpt
- ext/sockets/tests/socket_create_listen-win32.phpt
all use port 31338. socket_create_listen.phpt and its win32 variant are mutually
exclusive, so they can't conflict. While udp4loop.phpt tries multiple ports, the
other tests do not. If udp4loop.phpt runs first and socket_create_listen.phpt
starts before it ends, the port is still blocked. Bump the start port for
udp4loop.phpt to avoid conflicts.
Calvin Buckley