Stanislav Malyshev
1744be2d17
Fix for bug #69782
2015-08-16 17:16:15 -07:00
Stanislav Malyshev
dda81f0505
Fix bug #70019 - limit extracted files to given directory
2015-08-04 14:02:31 -07:00
Stanislav Malyshev
0e09009753
Do not do convert_to_* on unserialize, it messes up references
2015-08-04 13:59:56 -07:00
Stanislav Malyshev
4d2278143a
Fix #69793 - limit what we accept when unserializing exception
2015-08-01 22:02:26 -07:00
Stanislav Malyshev
863bf294fe
Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
2015-08-01 22:01:51 -07:00
Stanislav Malyshev
7381b6accc
Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
2015-08-01 22:01:40 -07:00
Stanislav Malyshev
c7d3c027d5
ignore signatures for packages too
2015-08-01 22:01:32 -07:00
Stanislav Malyshev
c2e197e4ef
Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
2015-08-01 22:01:17 -07:00
Stanislav Malyshev
16023f3e3b
Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
2015-07-26 17:43:16 -07:00
Stanislav Malyshev
7a4584d3f6
Improved fix for Bug #69441
2015-07-26 17:31:12 -07:00
Stanislav Malyshev
b7fa67742c
Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
2015-07-26 17:25:25 -07:00
Stanislav Malyshev
c96d08b272
Fix bug #70081 : check types for SOAP variables
2015-07-26 16:44:18 -07:00
Stanislav Malyshev
885edfef0a
Better fix for bug #69958
2015-07-07 09:38:31 -07:00
Stanislav Malyshev
97aa752fee
Fix bug #69669 (mysqlnd is vulnerable to BACKRONYM)
2015-07-07 09:38:31 -07:00
Stanislav Malyshev
6dedeb40db
Fix bug #69923 - Buffer overflow and stack smashing error in phar_fix_filepath
2015-07-07 09:38:31 -07:00
Stanislav Malyshev
bf58162ddf
Fix bug #69958 - Segfault in Phar::convertToData on invalid file
2015-07-07 09:38:30 -07:00
Ferenc Kovacs
29533ae528
add missing second argument for ucfirst to the proto
2015-07-07 15:48:55 +02:00
Stanislav Malyshev
cd9c39d77c
Merge branch 'pull-request/1350' into PHP-5.4
...
* pull-request/1350:
Move strlen() check to php_mail_detect_multiple_crlf()
Fixed Bug #69874 : Can't set empty additional_headers for mail()
2015-06-28 20:18:56 -07:00
Christoph M. Becker
a621781fdb
Fixed bug #69768 (escapeshell*() doesn't cater to !)
...
When delayed variable substitution is enabled (can be set in the
Registry, for instance), !ENV! works similar to %ENV%, and so ! should
be escaped like %.
2015-06-24 00:15:55 +02:00
Yasuo Ohgaki
d263ecd864
Move strlen() check to php_mail_detect_multiple_crlf()
2015-06-19 15:17:56 +09:00
Yasuo Ohgaki
dacea3f6fb
Fixed Bug #69874 : Can't set empty additional_headers for mail()
2015-06-19 12:19:12 +09:00
Lior Kaplan
cc7194dd10
Fixed bug #69689 (Align PCRE_MINOR with current version)
2015-06-18 17:30:21 +03:00
Yasuo Ohgaki
9d168b863e
Fixed bug #68776
2015-06-09 21:32:54 -07:00
Stanislav Malyshev
eee8b6c33f
fix test
2015-06-09 17:11:33 -07:00
Stanislav Malyshev
8036758491
Fix bug #69646 OS command injection vulnerability in escapeshellarg
2015-06-09 10:52:38 -07:00
Stanislav Malyshev
f7d7befae8
Fix #69719 - more checks for nulls in paths
2015-06-09 10:52:38 -07:00
Remi Collet
531c306fe6
fix test description
2015-06-09 09:18:54 +02:00
Lior Kaplan
7ced40e24e
Upgrade bundled sqlite to 3.8.10.2
...
Includes fixes for CVE-2015-3414, CVE-2015-3415, CVE-2015-3416 done in 3.8.9
2015-06-08 22:17:06 +03:00
Stanislav Malyshev
0765623d69
improve fix for Bug #69545
2015-05-31 17:29:00 -07:00
Stanislav Malyshev
f38ca75a3c
Update PCRE version (bug #69689 )
2015-05-30 21:17:16 -07:00
Remi Collet
88aab478bf
move test
2015-05-20 14:03:41 +02:00
Remi Collet
3ee3066bd0
fix new test
2015-05-20 08:46:14 +02:00
Remi Collet
f93d24aa67
Fixed Bug #69667 segfault in php_pgsql_meta_data
...
Incomplete fix for #68741
2015-05-20 08:46:01 +02:00
Stanislav Malyshev
9c0813fd48
Add test for bug #69522
2015-05-11 01:10:35 -07:00
Stanislav Malyshev
634aa0a2db
Update tests
2015-05-11 00:12:39 -07:00
Stanislav Malyshev
ba1d9cc4b7
Fix bug #69522 - do not allow int overflow
2015-05-10 23:06:08 -07:00
Stanislav Malyshev
e2bbf0a2df
Forgot test file
2015-05-10 02:24:29 -07:00
Stanislav Malyshev
c591f022f8
Fix bug #69403 and other int overflows
2015-05-10 02:20:08 -07:00
Stanislav Malyshev
be9b2a95ad
Fixed bug #69418 - more s->p fixes for filenames
2015-05-10 02:09:38 -07:00
Stanislav Malyshev
c27f012b7a
Fix bug #69453 - don't try to cut empty string
2015-04-29 22:51:43 -07:00
Stanislav Malyshev
ac28329354
Fix bug #69545 - avoid overflow when reading list
2015-04-29 22:50:18 -07:00
Stanislav Malyshev
95fa727992
Upgrade to PCRE 8.37 due to various bugfixes
2015-04-29 22:27:07 -07:00
Anatol Belski
9c5c3ff022
fix VC9 build with PCRE
2015-04-28 13:15:39 +02:00
Stanislav Malyshev
23917b451b
Upgrade PCRE to 8.36, it fixes some crashes
...
We probably will need to go to 8.37 once it is released.
2015-04-27 23:16:54 -07:00
Dmitry Stogov
cee9722028
Fixed recently introduced memory leak
2015-04-14 11:08:38 -07:00
Stanislav Malyshev
9af582bbe0
fix non-standard C
2015-04-14 00:46:47 -07:00
Stanislav Malyshev
d3aeb8a204
Merge branch 'PHP-5.4.40' into PHP-5.4
...
* PHP-5.4.40:
update NEWS
Fix bug #69441 (Buffer Overflow when parsing tar/zip/phar in phar_set_inode)
fix memory leak & add test
Fix tests
fix CVE num
Fix bug #69337 (php_stream_url_wrap_http_ex() type-confusion vulnerability)
Fix test
Additional fix for bug #69324
More fixes for bug #69152
Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions)
Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar)
Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER)
Fix bug #68486 and bug #69218 (segfault in apache2handler with apache 2.4)
Fix bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault)
2015-04-14 00:26:53 -07:00
Stanislav Malyshev
f59b67ae50
Fix bug #69441 (Buffer Overflow when parsing tar/zip/phar in phar_set_inode)
2015-04-14 00:03:50 -07:00
Remi Collet
ff70b40dc9
fix type in fix for #69085
2015-04-13 14:41:39 +02:00
Stanislav Malyshev
45facd15fb
fix memory leak & add test
2015-04-12 22:38:34 -07:00