php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-04 22:52:40 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
5b3f4d25ea047f14d6485fb6f456cece384d33ee
archived-php-src/ext/standard
History
Nikita Popov 5b3f4d25ea Fix memory allocation checks for base64 encode 
base64_encode used safe_emalloc, but one of the arguments was derived from a
multiplication, thus making the allocation unsafe again.

There was a size check in place, but it was off by a factor of two as it
didn't account for the signedness of the integer type.

The unsafe allocation is not exploitable, but still causes funny behavior
when the sized overflows into a negative number.

To fix the issue the *4 factor is moved into the size argument (where it is
known to be safe), so safe_emalloc can carry out the multiplication.

The size check is removed as it doesn't really make sense once safe_emalloc
works correctly. (Would only cause base64_encode to silently return false
instead of throwing an error. Also could cause problems with other uses of
the base64 encoding API, which all don't check for a NULL return value.)

Furthermore the (length + 2) < 0 check is replaced with just length < 0.
Allowing lengths -2 and -1 doesn't make sense semantically and also is not
honored in the following code (negative length would access unallocated
memory.)

Actually the length < 0 check doesn't make sense altogether, but I left it
there just to be safe.
2012-06-24 23:32:50 +02:00
..
tests
Fixed bug #51094 (parse_ini_file() with INI_SCANNER_RAW cuts a value that includes a semi-colon)
2012-06-07 17:44:20 +02:00
array.c
Fixed bug #61730 (Segfault from array_walk modifying an array passed by reference)
2012-05-06 20:01:10 +08:00
assert.c
- Year++
2012-01-01 13:15:04 +00:00
base64.c
Fix memory allocation checks for base64 encode
2012-06-24 23:32:50 +02:00
base64.h
- Year++
2012-01-01 13:15:04 +00:00
basic_functions.c
Fixed bug #60222 (time_nanosleep() does validate input params).
2012-03-12 16:53:07 +00:00
basic_functions.h
- Year++
2012-01-01 13:15:04 +00:00
browscap.c
Remove extra ;
2012-06-22 17:32:46 +02:00
config.m4
- #51424, solaris part
2010-06-17 10:22:03 +00:00
config.w32
- add phpize support for windows, need a nmake install for now (nmake devel-pkg version is coming), works exactly the same as on unix, or should :)
2010-12-13 18:43:10 +00:00
crc32.c
- Year++
2012-01-01 13:15:04 +00:00
crc32.h
- Year++
2012-01-01 13:15:04 +00:00
credits_ext.h
- Update credits
2010-12-17 10:49:02 +00:00
credits_sapi.h
Update credits
2010-05-27 22:51:28 +00:00
credits.c
- Year++
2012-01-01 13:15:04 +00:00
credits.h
- Year++
2012-01-01 13:15:04 +00:00
crypt_blowfish.c
- update blowfish to 1.2 (Solar Designer)
2011-07-18 21:26:29 +00:00
crypt_blowfish.h
- update blowfish to 1.2 (Solar Designer)
2011-07-18 21:26:29 +00:00
crypt_freesec.c
fix CVE-2012-2143
2012-05-29 23:07:04 -07:00
crypt_freesec.h
- and the last part of the fix, inline on win
2008-08-25 14:37:07 +00:00
crypt_sha256.c
fix salt truncation bug in sha256
2011-07-31 21:47:03 +00:00
crypt_sha512.c
fix termination in sha-512 too
2011-07-31 23:14:04 +00:00
crypt.c
- Year++
2012-01-01 13:15:04 +00:00
css.c
- Year++
2012-01-01 13:15:04 +00:00
css.h
- Year++
2012-01-01 13:15:04 +00:00
cyr_convert.c
- Year++
2012-01-01 13:15:04 +00:00
cyr_convert.h
- Year++
2012-01-01 13:15:04 +00:00
datetime.c
- Year++
2012-01-01 13:15:04 +00:00
datetime.h
- Year++
2012-01-01 13:15:04 +00:00
dir.c
- Year++
2012-01-01 13:15:04 +00:00
dl.c
- Year++
2012-01-01 13:15:04 +00:00
dl.h
- Year++
2012-01-01 13:15:04 +00:00
dns_win32.c
- unify warning between win and unix and enable test
2011-09-04 21:48:22 +00:00
dns.c
- Year++
2012-01-01 13:15:04 +00:00
exec.c
- Year++
2012-01-01 13:15:04 +00:00
exec.h
- Year++
2012-01-01 13:15:04 +00:00
file.c
- Year++
2012-01-01 13:15:04 +00:00
file.h
- Fixed bug #61253: Wrappers opened with errors concurrency problem
2012-03-08 12:30:59 +00:00
filestat.c
Fix bug ext\standard\tests\file\realpath_cache_win32.phpt fails
2012-05-10 15:27:44 +02:00
filters.c
- Year++
2012-01-01 13:15:04 +00:00
flock_compat.c
- Year++
2012-01-01 13:15:04 +00:00
flock_compat.h
- Year++
2012-01-01 13:15:04 +00:00
formatted_print.c
- Year++
2012-01-01 13:15:04 +00:00
fsock.c
- Year++
2012-01-01 13:15:04 +00:00
fsock.h
- Year++
2012-01-01 13:15:04 +00:00
ftok.c
- Year++
2012-01-01 13:15:04 +00:00
ftp_fopen_wrapper.c
- Year++
2012-01-01 13:15:04 +00:00
head.c
- Year++
2012-01-01 13:15:04 +00:00
head.h
- Year++
2012-01-01 13:15:04 +00:00
html.c
Fix bug 61713 check also that mbstring's found any internal_encoding
2012-05-08 18:31:11 +02:00
html.h
- Year++
2012-01-01 13:15:04 +00:00
http_fopen_wrapper.c
- Year++
2012-01-01 13:15:04 +00:00
http.c
- Year++
2012-01-01 13:15:04 +00:00
image.c
- Year++
2012-01-01 13:15:04 +00:00
incomplete_class.c
- Year++
2012-01-01 13:15:04 +00:00
info.c
- Year++
2012-01-01 13:15:04 +00:00
info.h
- Year++
2012-01-01 13:15:04 +00:00
iptc.c
- Added missing bound check in iptcparse() (path by chris at chiappa.net)
2012-04-29 19:12:12 -03:00
lcg.c
- Year++
2012-01-01 13:15:04 +00:00
levenshtein.c
- Year++
2012-01-01 13:15:04 +00:00
link_win32.c
- Year++
2012-01-01 13:15:04 +00:00
link.c
open_basedir check for linkinfo
2012-03-25 05:32:21 +05:30
mail.c
- Year++
2012-01-01 13:15:04 +00:00
Makefile.frag
math.c
fix stack overflow in php_intlog10abs()
2012-05-11 13:07:00 -04:00
md5.c
- Year++
2012-01-01 13:15:04 +00:00
md5.h
- Year++
2012-01-01 13:15:04 +00:00
metaphone.c
- Year++
2012-01-01 13:15:04 +00:00
microtime.c
- Year++
2012-01-01 13:15:04 +00:00
microtime.h
- Year++
2012-01-01 13:15:04 +00:00
pack.c
Fixed bug #61764: 'I' unpacks n as signed if n > 2^31-1 on LP64
2012-04-23 22:09:38 +01:00
pack.h
- Year++
2012-01-01 13:15:04 +00:00
pageinfo.c
- Year++
2012-01-01 13:15:04 +00:00
pageinfo.h
- Year++
2012-01-01 13:15:04 +00:00
php_array.h
- Year++
2012-01-01 13:15:04 +00:00
php_assert.h
- Year++
2012-01-01 13:15:04 +00:00
php_browscap.h
- Year++
2012-01-01 13:15:04 +00:00
php_crypt_r.c
- Year++
2012-01-01 13:15:04 +00:00
php_crypt_r.h
- Year++
2012-01-01 13:15:04 +00:00
php_crypt.h
- Year++
2012-01-01 13:15:04 +00:00
php_dir.h
- Year++
2012-01-01 13:15:04 +00:00
php_dns.h
- Year++
2012-01-01 13:15:04 +00:00
php_ext_syslog.h
- Year++
2012-01-01 13:15:04 +00:00
php_filestat.h
- Year++
2012-01-01 13:15:04 +00:00
php_fopen_wrapper.c
fd fix
2012-05-16 16:35:16 +02:00
php_fopen_wrappers.h
- Year++
2012-01-01 13:15:04 +00:00
php_ftok.h
- Year++
2012-01-01 13:15:04 +00:00
php_http.h
- Year++
2012-01-01 13:15:04 +00:00
php_image.h
- Year++
2012-01-01 13:15:04 +00:00
php_incomplete_class.h
- Year++
2012-01-01 13:15:04 +00:00
php_iptc.h
- Year++
2012-01-01 13:15:04 +00:00
php_lcg.h
- Year++
2012-01-01 13:15:04 +00:00
php_link.h
- Year++
2012-01-01 13:15:04 +00:00
php_mail.h
- Year++
2012-01-01 13:15:04 +00:00
php_math.h
- Year++
2012-01-01 13:15:04 +00:00
php_metaphone.h
- Year++
2012-01-01 13:15:04 +00:00
php_rand.h
- Year++
2012-01-01 13:15:04 +00:00
php_smart_str_public.h
- Year++
2012-01-01 13:15:04 +00:00
php_smart_str.h
- Year++
2012-01-01 13:15:04 +00:00
php_standard.h
- Year++
2012-01-01 13:15:04 +00:00
php_string.h
- Year++
2012-01-01 13:15:04 +00:00
php_type.h
- Year++
2012-01-01 13:15:04 +00:00
php_uuencode.h
- Year++
2012-01-01 13:15:04 +00:00
php_var.h
- Year++
2012-01-01 13:15:04 +00:00
php_versioning.h
- Year++
2012-01-01 13:15:04 +00:00
proc_open.c
Typofix in comment in proc_open.c
2012-05-30 14:42:39 +08:00
proc_open.h
- Year++
2012-01-01 13:15:04 +00:00
quot_print.c
- Year++
2012-01-01 13:15:04 +00:00
quot_print.h
- Year++
2012-01-01 13:15:04 +00:00
rand.c
- Year++
2012-01-01 13:15:04 +00:00
scanf.c
- Year++
2012-01-01 13:15:04 +00:00
scanf.h
- Year++
2012-01-01 13:15:04 +00:00
sha1.c
- Year++
2012-01-01 13:15:04 +00:00
sha1.h
- Year++
2012-01-01 13:15:04 +00:00
soundex.c
- Year++
2012-01-01 13:15:04 +00:00
streamsfuncs.c
- Better fix for #61115.
2012-02-24 22:56:21 +00:00
streamsfuncs.h
- Year++
2012-01-01 13:15:04 +00:00
string.c
MFH: Fix bug #60801 (strpbrk() mishandles NUL byte). (Trunk commit: r322934).
2012-03-02 03:39:04 +00:00
strnatcmp.c
Fix for bug #49698
2009-09-28 13:29:53 +00:00
syslog.c
- Year++
2012-01-01 13:15:04 +00:00
type.c
- Year++
2012-01-01 13:15:04 +00:00
uniqid.c
- Year++
2012-01-01 13:15:04 +00:00
uniqid.h
- Year++
2012-01-01 13:15:04 +00:00
url_scanner_ex.c
- Fix #55301 (url scanner part) check if malloc succeded
2011-07-28 10:52:45 +00:00
url_scanner_ex.h
- Year++
2012-01-01 13:15:04 +00:00
url_scanner_ex.re
- Fix #55301 (url scanner part) check if malloc succeded
2011-07-28 10:52:45 +00:00
url.c
- Year++
2012-01-01 13:15:04 +00:00
url.h
- Year++
2012-01-01 13:15:04 +00:00
user_filters.c
- Year++
2012-01-01 13:15:04 +00:00
uuencode.c
- Year++
2012-01-01 13:15:04 +00:00
var_unserializer.c
- Year++
2012-01-01 13:15:04 +00:00
var_unserializer.re
- Year++
2012-01-01 13:15:04 +00:00
var.c
- Year++
2012-01-01 13:15:04 +00:00
versioning.c
- Year++
2012-01-01 13:15:04 +00:00
winver.h
- double declaration and comments cleanup
2008-12-09 17:57:59 +00:00