Stanislav Malyshev
0d13325b66
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6: (24 commits)
Update NEWS
BLock test with memory leak
fix tests
Fix TSRM build
Fix bug #72850 - integer overflow in uuencode
Fixed bug #72849 - integer overflow in urlencode
Fix bug #72848 - integer overflow in quoted_printable_encode caused heap corruption
Fix bug #72838 - Integer overflow lead to heap corruption in sql_regcase
Fix bug #72837 - integer overflow in bzdecompress caused heap corruption
Fix bug #72836 - integer overflow in base64_decode caused heap corruption
Fix for bug #72807 - do not produce strings with negative length
Fix for bug #72790 and bug #72799
Fix bug #72730 - imagegammacorrect allows arbitrary write access
Fix bug#72697 - select_colors write out-of-bounds
Fixed bug #72627 : Memory Leakage In exif_process_IFD_in_TIFF
Fix bug #72750 : wddx_deserialize null dereference
Fix bug #72771 : ftps:// opendir wrapper is vulnerable to protocol downgrade attack
Improve fix for #72663
Fix bug #70436 : Use After Free Vulnerability in unserialize()
Fix bug #72749 : wddx_deserialize allows illegal memory access
...
Conflicts:
Zend/zend_API.h
ext/bz2/bz2.c
ext/curl/interface.c
ext/ereg/ereg.c
ext/exif/exif.c
ext/gd/gd.c
ext/gd/tests/imagetruecolortopalette_error3.phpt
ext/gd/tests/imagetruecolortopalette_error4.phpt
ext/session/session.c
ext/snmp/snmp.c
ext/standard/base64.c
ext/standard/ftp_fopen_wrapper.c
ext/standard/quot_print.c
ext/standard/url.c
ext/standard/uuencode.c
ext/standard/var.c
ext/standard/var_unserializer.c
ext/standard/var_unserializer.re
ext/wddx/tests/bug72790.phpt
ext/wddx/tests/bug72799.phpt
ext/wddx/wddx.c
sapi/cli/generate_mime_type_map.php
2016-08-17 00:43:33 -07:00
Stanislav Malyshev
40bd921cea
Fix TSRM build
2016-08-16 22:55:43 -07:00
Stanislav Malyshev
d6a43a8562
Fix bug #72836 - integer overflow in base64_decode caused heap corruption
2016-08-16 22:55:41 -07:00
Lauri Kenttä
3104759915
base64_decode: fix bug #72264 ('VV= =' shouldn't fail in strict mode)
2016-07-07 01:27:23 +02:00
Lauri Kenttä
0259459486
base64_decode: remove redundant code
...
case 1 is already handled in the first lines of the for loop;
it would only be entered in the invalid case where the string
continues past the defined length (ch != 0 but length-- == 0).
case 2 and case 3 are redundant, since k >= j and later the
string is truncated to j characters anyway.
2016-07-07 01:27:23 +02:00
Lauri Kenttä
c1ac081bf1
base64_decode: fix bug #72263 (skips char after padding)
2016-07-07 01:27:23 +02:00
Lauri Kenttä
b9c9be13cc
base64_decode: fix bug #72152 (fail on NUL bytes in strict mode)
...
This added check is actually for NOT failing in NON-strict mode.
The ch == -2 check later causes the desired failure in strict mode.
2016-07-07 01:27:23 +02:00
Lauri Kenttä
ef6f163161
base64_decode: remove redundant check
...
If length == 0 || *current != '=' is false, the for loop will always
end up in this same point, until the if statement becomes true.
Thus, the if statement is not needed.
2016-07-07 01:27:23 +02:00
Lauri Kenttä
c65de8ac13
base64_decode: reorder to fix out of bounds read
2016-07-07 01:27:22 +02:00
Lior Kaplan
ed35de784f
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
Happy new year (Update copyright to 2016)
2016-01-01 19:48:25 +02:00
Lior Kaplan
49493a2dcf
Happy new year (Update copyright to 2016)
2016-01-01 19:21:47 +02:00
Dmitry Stogov
4a2e40bb86
Use ZSTR_ API to access zend_string elements (this is just renaming without semantick changes).
2015-06-30 04:05:24 +03:00
Xinchen Hui
fc33f52d8c
bump year
2015-01-15 23:27:30 +08:00
Xinchen Hui
0579e8278d
bump year
2015-01-15 23:26:37 +08:00
Anatol Belski
bdeb220f48
first shot remove TSRMLS_* things
2014-12-13 23:06:14 +01:00
Johannes Schlüter
d0cb715373
s/PHP 5/PHP 7/
2014-09-19 18:33:14 +02:00
Anatol Belski
3fa5064173
remove useless check
2014-09-19 00:06:32 +02:00
Anatol Belski
3234480827
first show to make 's' work with size_t
2014-08-27 20:49:31 +02:00
Anatol Belski
4d997f63d9
master renames phase 3
2014-08-25 20:22:49 +02:00
Anatol Belski
c3e3c98ec6
master renames phase 1
2014-08-25 19:24:55 +02:00
Anatol Belski
b7e7a89541
several fixes -
...
- param parsing Z_PARAM_STR vs Z_PARAM_STRING
- some functions for new params
- etc
2014-08-16 12:55:13 +02:00
Xinchen Hui
93428dc6b9
Refactor base64 to returning zend_string
2014-02-24 18:48:22 +08:00
Dmitry Stogov
f4cfaf36e2
Use better data structures (incomplete)
2014-02-10 10:04:30 +04:00
Xinchen Hui
c081ce628f
Bump year
2014-01-03 11:08:10 +08:00
Xinchen Hui
a666285bc2
Happy New Year
2013-01-01 16:37:09 +08:00
Nikita Popov
5b3f4d25ea
Fix memory allocation checks for base64 encode
...
base64_encode used safe_emalloc, but one of the arguments was derived from a
multiplication, thus making the allocation unsafe again.
There was a size check in place, but it was off by a factor of two as it
didn't account for the signedness of the integer type.
The unsafe allocation is not exploitable, but still causes funny behavior
when the sized overflows into a negative number.
To fix the issue the *4 factor is moved into the size argument (where it is
known to be safe), so safe_emalloc can carry out the multiplication.
The size check is removed as it doesn't really make sense once safe_emalloc
works correctly. (Would only cause base64_encode to silently return false
instead of throwing an error. Also could cause problems with other uses of
the base64 encoding API, which all don't check for a NULL return value.)
Furthermore the (length + 2) < 0 check is replaced with just length < 0.
Allowing lengths -2 and -1 doesn't make sense semantically and also is not
honored in the following code (negative length would access unallocated
memory.)
Actually the length < 0 check doesn't make sense altogether, but I left it
there just to be safe.
2012-06-24 23:32:50 +02:00
Felipe Pena
e4ca0ed09f
- Year++
2012-01-01 13:15:04 +00:00
Ilia Alshanetsky
2ef05a8fa4
Fixed bug #55273 (base64_decode() with strict rejects whitespace after pad)
2011-09-12 17:20:24 +00:00
Felipe Pena
927bf09c29
- Year++
2011-01-01 02:19:59 +00:00
Ilia Alshanetsky
3239a25e53
Missing bit from previous commit
2010-11-26 21:00:03 +00:00
Sebastian Bergmann
9ba1e81665
sed -i "s#1997-2009#1997-2010#g" **/*.c **/*.h **/*.php
2010-01-03 09:23:27 +00:00
Ilia Alshanetsky
4eb69eadc6
Improved fix for bug #47174 & added a test
2009-01-25 18:27:12 +00:00
Ilia Alshanetsky
bd9ad75f41
Fixed bug #47174 (base64_decode() interprets pad char in mid string as
...
terminator)
2009-01-21 15:38:37 +00:00
Sebastian Bergmann
08659c2dcd
MFH: Bump copyright year, 3 of 3.
2008-12-31 11:15:49 +00:00
Nuno Lopes
8a77e55566
clean some dead code (with static analysis help)
2008-09-23 15:18:26 +00:00
Sebastian Bergmann
d1dded8751
MFH: Bump copyright year, 2 of 2.
2007-12-31 07:17:19 +00:00
Jani Taskinen
44c7a7378f
MFH
2007-11-05 12:07:37 +00:00
Jani Taskinen
a22a6711ad
MFH: Fixed compile warnings
2007-07-21 01:24:26 +00:00
Sebastian Bergmann
4223aa4d5e
MFH: Bump year.
2007-01-01 09:36:18 +00:00
Ilia Alshanetsky
7e8409de8c
Fixed bug #37244 (Added strict flag to base64_decode() that enforces
...
RFC3548 compliance).
2006-05-06 22:47:14 +00:00
foobar
5bd93221a8
bump year and license version
2006-01-01 12:51:34 +00:00
Ilia Alshanetsky
980b9be4b4
Fixed bug #34214 (base64_decode() does not properly ignore whitespace)
2005-08-26 03:32:31 +00:00
foobar
23e671a51e
- Bumber up year
2005-08-03 14:08:58 +00:00
Ilia Alshanetsky
72a3bb18d1
Fixed bug #27460 (base64_decode() does not handle extra padding).
2004-03-06 19:06:04 +00:00
Andi Gutmans
dbeb4158d2
- A belated happy holidays and PHP 5
2004-01-08 08:18:22 +00:00
Ilia Alshanetsky
c8ecf7ec3e
Fixed bug #24312 (base64_decode() does not skip 0xF0-0xFF characters)
...
Patch by: gereon.steffens[at]onvista.de
2003-06-24 15:23:17 +00:00
James Cox
f68c7ff249
updating license information in the headers.
2003-06-10 20:04:29 +00:00
Moriyoshi Koizumi
12ecc6ca1e
Fixed base64_encode() integer overflow issue pointed out in TODO_SEGFAULTS
2003-06-04 14:41:45 +00:00
Frank M. Kromann
4da2e804e0
Allow base64 functions to be called from an extension buils as .so/.dll (iconv)
2003-01-01 18:11:18 +00:00
Sebastian Bergmann
b506f5c8f8
Bump year.
2002-12-31 16:08:15 +00:00