clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-22 18:37:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
92,638 Commits 491 Branches 1,363 Tags 839 MiB
41de89f61b
Commit Graph

899 Commits

Author SHA1 Message Date
Jakub Zelenka
41de89f61b Merge branch 'PHP-5.6' into PHP-7.0 2015-10-29 19:14:25 +00:00
Jakub Zelenka
e62db72111 Use standard title for new openssl tests 2015-10-29 19:11:57 +00:00
root
06c6b51e7d new tests to openssl module, don't covered yet. 2015-10-29 19:06:40 +00:00
Dmitry Stogov
c67fc6bb09 Fixed memory leak in php_stream_context_set_option() 2015-10-29 20:06:55 +03:00
Anatol Belski
83bfefeccb Fixed bug #70718 stream_select() when OpenSSL extension is loaded on PHP Win64 2015-10-26 15:54:29 +01:00
Jakub Zelenka
2ee99f8954 Check EVP_SealFinal return code 
This can be done since we no longer support OpenSSL 0.9.6
 2015-10-25 17:53:39 +00:00
marcosptf
dae3ab8e7a Update openssl_x509_checkpurpose.phpt 2015-09-29 10:41:24 +02:00
root
fc3580c9d5 add test to openssl ext 2015-09-29 10:41:22 +02:00
Dmitry Stogov
ad4fa8f758 Fixed incorrect usage of HASH_OF() macro. Replaced HASH_OF() with more appropriate Z_ARRVAL_P() or Z_OBJPROP_P(). 2015-09-24 22:39:59 +03:00
Anatol Belski
257693614e add test 2015-09-23 19:48:38 +02:00
Anatol Belski
ca89d9a797 expose openssl config path so it can be tested 2015-09-23 19:48:20 +02:00
Anatol Belski
aba42e3dda use bundled openssl.cnf 2015-09-23 17:14:59 +02:00
Anatol Belski
77b9acd326 add test 2015-09-23 14:17:04 +02:00
Anatol Belski
15d43095d7 expose openssl config path so it can be tested 2015-09-23 14:17:03 +02:00
Jakub Zelenka
6a81363405 Require at least OpenSSL version 0.9.8 2015-09-20 13:01:15 +01:00
Jakub Zelenka
76783a26d2 Merge branch 'PHP-5.6' into PHP-7.0 2015-09-20 12:38:58 +01:00
Jakub Zelenka
dcd569aad6 Use tabs for arg info indent in openssl.c 2015-09-20 12:34:35 +01:00
Jakub Zelenka
e235cb65fb Fix request #70438: Add IV parameter for openssl_seal and openssl_open 2015-09-06 19:09:56 +01:00
Jakub Zelenka
473ccf47a5 Merge branch 'PHP-5.6' 2015-09-06 16:42:37 +01:00
Jakub Zelenka
d47029167d Fix bug #60632: openssl_seal fails with AES 2015-09-06 16:39:59 +01:00
Christoph M. Becker
28e82cc714 Merge branch 'PHP-5.6' 
* PHP-5.6:
  Fix #70395: Missing ARG_INFO for openssl_seal()
 2015-09-05 03:19:43 +02:00
Christoph M. Becker
43b26c7b21 Fix #70395: Missing ARG_INFO for openssl_seal() 
This patch adds the missing ARG_INFO for the optional 5th parameter $method.
 2015-09-05 03:08:02 +02:00
Jakub Zelenka
6b9f31ab74 Merge branch 'PHP-5.6' 2015-08-27 20:17:33 +01:00
Jakub Zelenka
ad028ebc11 Use new range checks in openssl ext 2015-08-26 19:55:29 +01:00
Jakub Zelenka
c39336d1d8 Fix bug #55259 (openssl extension does not get the DH parameters from DH key resource) 2015-08-25 20:26:11 +01:00
Anatol Belski
78b2b1d6f7 fix test 
backport from master
 2015-08-23 17:27:55 +02:00
Jakub Zelenka
7ad1703413 Add overflow check for openssl_pkcs12_read 2015-08-20 19:29:54 +01:00
Jakub Zelenka
c3f0c87564 Add overflow checks for openssl_pkey_* functions 2015-08-19 20:10:14 +01:00
Jakub Zelenka
478ecc674b Move overflow checks in openssl_pbkdf2 2015-08-19 20:06:58 +01:00
Jakub Zelenka
6a201b3651 Use macros for openssl overflow checks 
It reduces code duplications
 2015-08-18 20:17:04 +01:00
Jakub Zelenka
618c327a56 Fix possible overflow in openssl_pbkdf2 
Especially key_length would lead to the crash if it overflowed
to the negative value.
 2015-08-18 19:46:59 +01:00
Jakub Zelenka
c4a98e876c Check and use correct signature_len type for EVP_VerifyFinal 2015-08-17 18:43:02 +01:00
Jakub Zelenka
f3abea9f91 Fix some int overflows in openssl 
There might be more. I just did a quick check for enc/dec, rand
and one BN call.
 2015-08-16 15:43:00 +01:00
Stanislav Malyshev
ed709d5aa0 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  update NEWS
  fix test
  update NEWS
  Fix bug #70019 - limit extracted files to given directory
  Do not do convert_to_* on unserialize, it messes up references
  Fix #69793 - limit what we accept when unserializing exception
  Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
  Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
  ignore signatures for packages too
  Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
  Fixed bug #69892
  Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
  Improved fix for Bug #69441
  Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
  Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
  Fix bug #70081: check types for SOAP variables

Conflicts:
	ext/soap/php_http.c
	ext/spl/spl_observer.c
 2015-08-04 15:29:13 -07:00
Stanislav Malyshev
69ed3969dd Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fix bug #70019 - limit extracted files to given directory
  Do not do convert_to_* on unserialize, it messes up references
  Fix #69793 - limit what we accept when unserializing exception
  Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
  Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
  ignore signatures for packages too
  Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
  Fixed bug #69892
  Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
  Improved fix for Bug #69441
  Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
  Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
  Fix bug #70081: check types for SOAP variables

Conflicts:
	.gitignore
	ext/date/php_date.c
	ext/spl/spl_array.c
	ext/spl/spl_observer.c
 2015-08-04 14:10:57 -07:00
Stanislav Malyshev
16023f3e3b Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes 2015-07-26 17:43:16 -07:00
Stanislav Malyshev
97047e7665 Merge branch 'PHP-5.6' 
* PHP-5.6:
  update NEWS
  fix test
  update NEWS
  Fix bug #70019 - limit extracted files to given directory
  Do not do convert_to_* on unserialize, it messes up references
  Fix #69793 - limit what we accept when unserializing exception
  Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
  Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
  ignore signatures for packages too
  Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
  Fixed bug #69892
  Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
  Improved fix for Bug #69441
  Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
  Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
  Fix bug #70081: check types for SOAP variables

Conflicts:
	Zend/zend_exceptions.c
	ext/date/php_date.c
	ext/openssl/openssl.c
	ext/phar/phar_internal.h
	ext/soap/php_http.c
	ext/spl/spl_array.c
	ext/spl/spl_dllist.c
	ext/spl/spl_observer.c
	ext/standard/tests/serialize/bug69152.phpt
	sapi/cli/tests/005.phpt
 2015-08-04 16:14:24 -07:00
Anatol Belski
545b364d56 remove TSRMLS_* 
either remains or merged in from PHP5
 2015-08-02 13:42:01 +02:00
Anatol Belski
b281211979 fix backport mistake 
in 5.6 it has to be explicitly copied to avoid double free
 2015-07-03 16:21:02 +02:00
Anatol Belski
d870683d6b backport c01943bffc into 5.6 2015-07-03 11:16:02 +02:00
Anatol Belski
c01943bffc fix improper behavior 
openssl_spki_export() is documented to return string, but it's
obviously not achieved writing it to stdout :)
 2015-07-03 10:15:52 +02:00
Dmitry Stogov
4a2e40bb86 Use ZSTR_ API to access zend_string elements (this is just renaming without semantick changes). 2015-06-30 04:05:24 +03:00
Tjerk Meesters
03a670eaaa Merge branch 'PHP-5.6' 
* PHP-5.6:
  Fixed #69882: OpenSSL error "key values mismatch" after openssl_pkcs12_read with extra certs
 2015-06-26 06:03:29 +08:00
Tjerk Meesters
2ff3dafccf Fixed #69882: OpenSSL error "key values mismatch" after openssl_pkcs12_read with extra certs 
Squashed commit of the following:

commit a64c1d9bc4
Author: Tomasz Sawicki <falundir@gmail.com>
Date:   Wed Jun 24 08:49:37 2015 +0200

    Fix #69882: OpenSSL error "key values mismatch" after openssl_pkcs12_read with extra certs

    The "key values mismatch" error is triggered in openssl_pkcs12_read by
    PKCS12_parse, because it uses X509_check_private_key to separate main
    certificate (which corresponds to private key) from extra certificates.
    Extra certificates usually comes first (p12 contents are reversed as
    stack) and X509_check_private_key triggers X509_R_KEY_VALUES_MISMATCH
    error.
    The fix pops "key values mismatch" error from OpenSSL error stack for
    each extra certificate if there are any.
 2015-06-26 05:33:28 +08:00
Nikita Popov
8a83aed458 Drop duplicate object-to-type notices 
We already generate a recoverable fatal for these earlier, no need
to throw an additional notice.
 2015-06-22 16:25:32 +02:00
Nikita Popov
5d3cf577aa Make convert_to_* safe with rc>1 
This only involves switching zval_dtor to zval_ptr_dtor for arrays
and making the convert_to_object for arrays a bit more generic.

All the other changes outside zend_operators.c just make use of
this new ability (use COPY instead of DUP).

What's still missing: Proper references handling. I've seen many
convert_to* calls that will break when a reference is used.

Also fixes bug #69788.
 2015-06-11 23:23:57 +02:00
Radu Brănișcan
0c7634fcc7 Corrected line comment 5256 
From the text "dectupt" to "decrypt"
 2015-05-23 11:11:58 +02:00
Anatol Belski
c93a360661 fix _timezone usage for vc14 2015-05-10 18:17:24 +02:00
Rasmus Lerdorf
741382d968 Remove SSLv3 test dependencies 
SSLv3 is going away. Debian8 already ships with an openssl
with no SSLv3 support which was causing these tests to fail.

Conflicts:
	ext/openssl/tests/session_meta_capture.phpt
 2015-05-05 10:40:55 +02:00
Nikita Popov
2a87a42cd4 Dropped CN_match and SNI_server_name context options 2015-04-24 18:18:18 +02:00