clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-23 02:47:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
77,303 Commits 491 Branches 1,363 Tags 841 MiB
3f627e580a
Commit Graph

8249 Commits

Author SHA1 Message Date
Stanislav Malyshev
3f627e580a Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize 2016-06-20 21:26:33 -07:00
Stanislav Malyshev
88746d60ab Fix bug #72400 and #72403 - prevent signed int overflows for string lengths 2016-06-15 21:51:28 -07:00
Stanislav Malyshev
489fd56fe3 Fix bug #72275: don't allow smart_str to overflow int 2016-06-14 00:02:17 -07:00
Remi Collet
4dd03651f3 Skip test which is 64bits only 
Diff from test output
001+ Warning: fread(): Length parameter must be greater than 0 in ...
001- Warning: fread(): Length parameter must be no more than 2147483647 in ...
 2016-05-25 16:40:52 +02:00
Stanislav Malyshev
e955913115 Better fix for bug #72135 2016-05-24 15:52:15 -07:00
Stanislav Malyshev
0da8b8b801 Fix bug #72135 - don't create strings with lengths outside int range 2016-05-15 23:26:51 -07:00
Stanislav Malyshev
abd159cce4 Fix bug #72114 - int/size_t confusion in fread 2016-05-09 21:55:29 -07:00
Stanislav Malyshev
95433e8e33 Fix bug #71798 - Integer Overflow in php_raw_url_encode 2016-03-27 14:22:19 -07:00
Anatol Belski
377d353c9f add error check to sysconf call 2016-02-02 14:19:10 +01:00
Stanislav Malyshev
2a7d8c0a06 fix tests 2016-02-01 18:58:02 -08:00
Anatol Belski
686a17893a add missing headers for SIZE_MAX 2016-01-28 13:46:34 +01:00
Anatol Belski
f4d7bbf4ac backport the escapeshell* functions hardening branch 2016-01-28 13:45:43 +01:00
Anatol Belski
828364e59c add tests 2016-01-28 13:27:26 +01:00
Stanislav Malyshev
54c210d2ea Fix bug #71459 - Integer overflow in iptcembed() 2016-01-26 17:26:52 -08:00
Stanislav Malyshev
6297a117d7 Fixed bug #71323 - Output of stream_get_meta_data can be falsified by its input 2016-01-16 22:10:54 -08:00
Ferenc Kovacs
f3838a9c35 Merge branch 'pr-1483' into PHP-5.5 
* pr-1483:
  fixup, both catched by nikic
  use another character device in this test as /dev/console seems that it is different for lxc containers
  the de_DE(iso-8859-1) locale is not available on ubuntu by default, but there is no reason to require that over the utf-8 one
  let's try running our testsuite without sudo
 2015-10-19 22:44:19 +02:00
Stanislav Malyshev
53d274beb0 Merge branch 'PHP-5.5' into PHP-5.5.29 
* PHP-5.5:
  Improve fix for #70172
  Add CVE IDs asigned (post release) to PHP 5.4.43
  Add CVE IDs asigned to #69085 (PHP 5.4.39)

Conflicts:
	ext/pcre/php_pcre.c
 2015-09-01 11:43:27 -07:00
Stanislav Malyshev
33d3acaae7 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Improve fix for #70172
  Fix bug #70312 - HAVAL gives wrong hashes in specific cases
  fix test
  add test
  Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
  Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
  Fix bug #70172 - Use After Free Vulnerability in unserialize()
  Fix bug #70388 - SOAP serialize_function_call() type confusion
  Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
  Improve fix for #70385
  Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
  Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
  Fix bug #70219 (Use after free vulnerability in session deserializer)
  Fix for bug #69782
  Add CVE IDs asigned (post release) to PHP 5.4.43
  Add CVE IDs asigned to #69085 (PHP 5.4.39)
  5.4.45 next

Conflicts:
	configure.in
	ext/pcre/php_pcre.c
	ext/standard/var_unserializer.c
	ext/standard/var_unserializer.re
	main/php_version.h
 2015-09-01 11:42:19 -07:00
Stanislav Malyshev
7c31203935 Improve fix for #70172 2015-09-01 11:38:39 -07:00
Stanislav Malyshev
6935058a98 Merge branch 'PHP-5.4.45' into PHP-5.5.29 
* PHP-5.4.45:
  add test
  Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
  Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
  Fix bug #70172 - Use After Free Vulnerability in unserialize()
  Fix bug #70388 - SOAP serialize_function_call() type confusion
  Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
  Improve fix for #70385
  Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
  Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)

Conflicts:
	ext/pcre/php_pcre.c
	ext/standard/var_unserializer.c
 2015-09-01 00:28:39 -07:00
Stanislav Malyshev
e8429400d4 Fix bug #70172 - Use After Free Vulnerability in unserialize() 2015-08-31 23:26:14 -07:00
Stanislav Malyshev
fc8eff897b More fixes for bug #70219 2015-08-28 21:50:21 -07:00
Stanislav Malyshev
24dda816d0 Merge branch 'PHP-5.4.45' into PHP-5.5.29 
* PHP-5.4.45:
  Fix bug #70219 (Use after free vulnerability in session deserializer)
  Fix for bug #69782
  5.4.45 next

Conflicts:
	configure.in
	ext/standard/var_unserializer.c
	ext/standard/var_unserializer.re
	main/php_version.h
 2015-08-25 23:08:49 -07:00
Ferenc Kovacs
95a0b11d0a fixup, both catched by nikic 2015-08-24 17:02:25 +02:00
Ferenc Kovacs
e93d7953df use another character device in this test as /dev/console seems that it is different for lxc containers 2015-08-24 14:40:21 +02:00
Stanislav Malyshev
df4bf28f9f Fix bug #70219 (Use after free vulnerability in session deserializer) 2015-08-23 19:56:12 -07:00
Stanislav Malyshev
69ed3969dd Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fix bug #70019 - limit extracted files to given directory
  Do not do convert_to_* on unserialize, it messes up references
  Fix #69793 - limit what we accept when unserializing exception
  Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
  Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
  ignore signatures for packages too
  Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
  Fixed bug #69892
  Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
  Improved fix for Bug #69441
  Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
  Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
  Fix bug #70081: check types for SOAP variables

Conflicts:
	.gitignore
	ext/date/php_date.c
	ext/spl/spl_array.c
	ext/spl/spl_observer.c
 2015-08-04 14:10:57 -07:00
Stanislav Malyshev
4d2278143a Fix #69793 - limit what we accept when unserializing exception 2015-08-01 22:02:26 -07:00
Ferenc Kovacs
b6f5cb11a4 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  add missing second argument for ucfirst to the proto
 2015-07-07 15:49:16 +02:00
Ferenc Kovacs
29533ae528 add missing second argument for ucfirst to the proto 2015-07-07 15:48:55 +02:00
Stanislav Malyshev
8f2e08239f Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Move strlen() check to php_mail_detect_multiple_crlf()
  Fixed Bug #69874 : Can't set empty additional_headers for mail()
 2015-06-28 20:23:00 -07:00
Stanislav Malyshev
cd9c39d77c Merge branch 'pull-request/1350' into PHP-5.4 
* pull-request/1350:
  Move strlen() check to php_mail_detect_multiple_crlf()
  Fixed Bug #69874 : Can't set empty additional_headers for mail()
 2015-06-28 20:18:56 -07:00
Christoph M. Becker
cd068b1ed6 Made bug44295-win.phpt locale independent 
Formerly it failed on non English installations.
 2015-06-24 01:41:33 +02:00
Christoph M. Becker
8da8dc04b6 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  updated NEWS
  Fixed bug #69768 (escapeshell*() doesn't cater to !)
  bump API version to 6.8
 2015-06-24 00:23:39 +02:00
Christoph M. Becker
a621781fdb Fixed bug #69768 (escapeshell*() doesn't cater to !) 
When delayed variable substitution is enabled (can be set in the
Registry, for instance), !ENV! works similar to %ENV%, and so ! should
be escaped like %.
 2015-06-24 00:15:55 +02:00
Yasuo Ohgaki
d263ecd864 Move strlen() check to php_mail_detect_multiple_crlf() 2015-06-19 15:17:56 +09:00
Yasuo Ohgaki
dacea3f6fb Fixed Bug #69874 : Can't set empty additional_headers for mail() 2015-06-19 12:19:12 +09:00
Xinchen Hui
6a8db93115 Merge branch 'patch-3' of https://github.com/s0ph1e/php-src into PHP-5.5 2015-06-19 09:35:28 +08:00
Christian Wenz
a85156db7d fixes bug #69835: phpinfo() does not report many Windows SKUs 2015-06-18 22:01:20 +02:00
Sophia Nepochataya
1edb2e9a10 Remove excess variable in mail.c (5.5 branch) 2015-06-18 20:06:08 +03:00
Anatol Belski
e711325ca6 added test for bug #69646 2015-06-11 12:06:59 +02:00
Christian Wenz
0c8136654d Fix #69781: phpinfo() reports Professional Editions of Windows 7/8/8.1/10 as "Business" 2015-06-10 11:22:30 +02:00
Christian Wenz
82e5260104 Revert "Fix #69781: phpinfo() reports Professional Editions of Windows 7/8/8.1/10 as "Business"" 
This reverts commit 4a05c81b85.
 2015-06-10 11:22:29 +02:00
Christian Wenz
741b949a6f Fix #69781: phpinfo() reports Professional Editions of Windows 7/8/8.1/10 as "Business" 2015-06-10 11:22:28 +02:00
Stanislav Malyshev
e10af61862 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fixed bug #68776
 2015-06-09 21:33:38 -07:00
Yasuo Ohgaki
9d168b863e Fixed bug #68776 2015-06-09 21:32:54 -07:00
Stanislav Malyshev
4e2fb47092 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fix bug #69646	OS command injection vulnerability in escapeshellarg
  Fix #69719 - more checks for nulls in paths
  fix test description
  Fixed Buf #68812 Unchecked return value.

Conflicts:
	ext/dom/document.c
	ext/gd/gd.c
 2015-06-09 15:31:27 -07:00
Stanislav Malyshev
8036758491 Fix bug #69646 OS command injection vulnerability in escapeshellarg 2015-06-09 10:52:38 -07:00
Anatol Belski
1e9522021a backport the basic code to properly recognize win 8.1 and 10 2015-05-31 19:01:58 +02:00
Anatol Belski
05351f9ccb add test 2015-05-31 18:13:33 +02:00