clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-29 22:06:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
95,714 Commits 494 Branches 1,367 Tags 790 MiB
593b6cd0a8
Commit Graph

85 Commits

Author SHA1 Message Date
Stanislav Malyshev
0d13325b66 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6: (24 commits)
  Update NEWS
  BLock test with memory leak
  fix tests
  Fix TSRM build
  Fix bug #72850 - integer overflow in uuencode
  Fixed bug #72849 - integer overflow in urlencode
  Fix bug #72848 - integer overflow in quoted_printable_encode caused heap corruption
  Fix bug #72838 - 	Integer overflow lead to heap corruption in sql_regcase
  Fix bug #72837 - integer overflow in bzdecompress caused heap corruption
  Fix bug #72836 - integer overflow in base64_decode caused heap corruption
  Fix for bug #72807 - do not produce strings with negative length
  Fix for bug #72790 and bug #72799
  Fix bug #72730 - imagegammacorrect allows arbitrary write access
  Fix bug#72697 - select_colors write out-of-bounds
  Fixed bug #72627: Memory Leakage In exif_process_IFD_in_TIFF
  Fix bug #72750: wddx_deserialize null dereference
  Fix bug #72771: ftps:// opendir wrapper is vulnerable to protocol downgrade attack
  Improve fix for #72663
  Fix bug #70436: Use After Free Vulnerability in unserialize()
  Fix bug #72749: wddx_deserialize allows illegal memory access
  ...

Conflicts:
	Zend/zend_API.h
	ext/bz2/bz2.c
	ext/curl/interface.c
	ext/ereg/ereg.c
	ext/exif/exif.c
	ext/gd/gd.c
	ext/gd/tests/imagetruecolortopalette_error3.phpt
	ext/gd/tests/imagetruecolortopalette_error4.phpt
	ext/session/session.c
	ext/snmp/snmp.c
	ext/standard/base64.c
	ext/standard/ftp_fopen_wrapper.c
	ext/standard/quot_print.c
	ext/standard/url.c
	ext/standard/uuencode.c
	ext/standard/var.c
	ext/standard/var_unserializer.c
	ext/standard/var_unserializer.re
	ext/wddx/tests/bug72790.phpt
	ext/wddx/tests/bug72799.phpt
	ext/wddx/wddx.c
	sapi/cli/generate_mime_type_map.php
 2016-08-17 00:43:33 -07:00
Stanislav Malyshev
40bd921cea Fix TSRM build 2016-08-16 22:55:43 -07:00
Stanislav Malyshev
d6a43a8562 Fix bug #72836 - integer overflow in base64_decode caused heap corruption 2016-08-16 22:55:41 -07:00
Lauri Kenttä
3104759915 base64_decode: fix bug #72264 ('VV= =' shouldn't fail in strict mode) 2016-07-07 01:27:23 +02:00
Lauri Kenttä
0259459486 base64_decode: remove redundant code 
case 1 is already handled in the first lines of the for loop;
it would only be entered in the invalid case where the string
continues past the defined length (ch != 0 but length-- == 0).

case 2 and case 3 are redundant, since k >= j and later the
string is truncated to j characters anyway.
 2016-07-07 01:27:23 +02:00
Lauri Kenttä
c1ac081bf1 base64_decode: fix bug #72263 (skips char after padding) 2016-07-07 01:27:23 +02:00
Lauri Kenttä
b9c9be13cc base64_decode: fix bug #72152 (fail on NUL bytes in strict mode) 
This added check is actually for NOT failing in NON-strict mode.
The ch == -2 check later causes the desired failure in strict mode.
 2016-07-07 01:27:23 +02:00
Lauri Kenttä
ef6f163161 base64_decode: remove redundant check 
If length == 0 || *current != '=' is false, the for loop will always
end up in this same point, until the if statement becomes true.
Thus, the if statement is not needed.
 2016-07-07 01:27:23 +02:00
Lauri Kenttä
c65de8ac13 base64_decode: reorder to fix out of bounds read 2016-07-07 01:27:22 +02:00
Lior Kaplan
ed35de784f Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Happy new year (Update copyright to 2016)
 2016-01-01 19:48:25 +02:00
Lior Kaplan
49493a2dcf Happy new year (Update copyright to 2016) 2016-01-01 19:21:47 +02:00
Dmitry Stogov
4a2e40bb86 Use ZSTR_ API to access zend_string elements (this is just renaming without semantick changes). 2015-06-30 04:05:24 +03:00
Xinchen Hui
fc33f52d8c bump year 2015-01-15 23:27:30 +08:00
Xinchen Hui
0579e8278d bump year 2015-01-15 23:26:37 +08:00
Anatol Belski
bdeb220f48 first shot remove TSRMLS_* things 2014-12-13 23:06:14 +01:00
Johannes Schlüter
d0cb715373 s/PHP 5/PHP 7/ 2014-09-19 18:33:14 +02:00
Anatol Belski
3fa5064173 remove useless check 2014-09-19 00:06:32 +02:00
Anatol Belski
3234480827 first show to make 's' work with size_t 2014-08-27 20:49:31 +02:00
Anatol Belski
4d997f63d9 master renames phase 3 2014-08-25 20:22:49 +02:00
Anatol Belski
c3e3c98ec6 master renames phase 1 2014-08-25 19:24:55 +02:00
Anatol Belski
b7e7a89541 several fixes - 
- param parsing Z_PARAM_STR vs Z_PARAM_STRING
- some functions for new params
- etc
 2014-08-16 12:55:13 +02:00
Xinchen Hui
93428dc6b9 Refactor base64 to returning zend_string 2014-02-24 18:48:22 +08:00
Dmitry Stogov
f4cfaf36e2 Use better data structures (incomplete) 2014-02-10 10:04:30 +04:00
Xinchen Hui
c081ce628f Bump year 2014-01-03 11:08:10 +08:00
Xinchen Hui
a666285bc2 Happy New Year 2013-01-01 16:37:09 +08:00
Nikita Popov
5b3f4d25ea Fix memory allocation checks for base64 encode 
base64_encode used safe_emalloc, but one of the arguments was derived from a
multiplication, thus making the allocation unsafe again.

There was a size check in place, but it was off by a factor of two as it
didn't account for the signedness of the integer type.

The unsafe allocation is not exploitable, but still causes funny behavior
when the sized overflows into a negative number.

To fix the issue the *4 factor is moved into the size argument (where it is
known to be safe), so safe_emalloc can carry out the multiplication.

The size check is removed as it doesn't really make sense once safe_emalloc
works correctly. (Would only cause base64_encode to silently return false
instead of throwing an error. Also could cause problems with other uses of
the base64 encoding API, which all don't check for a NULL return value.)

Furthermore the (length + 2) < 0 check is replaced with just length < 0.
Allowing lengths -2 and -1 doesn't make sense semantically and also is not
honored in the following code (negative length would access unallocated
memory.)

Actually the length < 0 check doesn't make sense altogether, but I left it
there just to be safe.
 2012-06-24 23:32:50 +02:00
Felipe Pena
e4ca0ed09f - Year++ 2012-01-01 13:15:04 +00:00
Ilia Alshanetsky
2ef05a8fa4 Fixed bug #55273 (base64_decode() with strict rejects whitespace after pad) 2011-09-12 17:20:24 +00:00
Felipe Pena
927bf09c29 - Year++ 2011-01-01 02:19:59 +00:00
Ilia Alshanetsky
3239a25e53 Missing bit from previous commit 2010-11-26 21:00:03 +00:00
Sebastian Bergmann
9ba1e81665 sed -i "s#1997-2009#1997-2010#g" **/*.c **/*.h **/*.php 2010-01-03 09:23:27 +00:00
Ilia Alshanetsky
4eb69eadc6 Improved fix for bug #47174 & added a test 2009-01-25 18:27:12 +00:00
Ilia Alshanetsky
bd9ad75f41 Fixed bug #47174 (base64_decode() interprets pad char in mid string as 
terminator)
 2009-01-21 15:38:37 +00:00
Sebastian Bergmann
08659c2dcd MFH: Bump copyright year, 3 of 3. 2008-12-31 11:15:49 +00:00
Nuno Lopes
8a77e55566 clean some dead code (with static analysis help) 2008-09-23 15:18:26 +00:00
Sebastian Bergmann
d1dded8751 MFH: Bump copyright year, 2 of 2. 2007-12-31 07:17:19 +00:00
Jani Taskinen
44c7a7378f MFH 2007-11-05 12:07:37 +00:00
Jani Taskinen
a22a6711ad MFH: Fixed compile warnings 2007-07-21 01:24:26 +00:00
Sebastian Bergmann
4223aa4d5e MFH: Bump year. 2007-01-01 09:36:18 +00:00
Ilia Alshanetsky
7e8409de8c Fixed bug #37244 (Added strict flag to base64_decode() that enforces 
RFC3548 compliance).
 2006-05-06 22:47:14 +00:00
foobar
5bd93221a8 bump year and license version 2006-01-01 12:51:34 +00:00
Ilia Alshanetsky
980b9be4b4 Fixed bug #34214 (base64_decode() does not properly ignore whitespace) 2005-08-26 03:32:31 +00:00
foobar
23e671a51e - Bumber up year 2005-08-03 14:08:58 +00:00
Ilia Alshanetsky
72a3bb18d1 Fixed bug #27460 (base64_decode() does not handle extra padding). 2004-03-06 19:06:04 +00:00
Andi Gutmans
dbeb4158d2 - A belated happy holidays and PHP 5 2004-01-08 08:18:22 +00:00
Ilia Alshanetsky
c8ecf7ec3e Fixed bug #24312 (base64_decode() does not skip 0xF0-0xFF characters) 
Patch by: gereon.steffens[at]onvista.de
 2003-06-24 15:23:17 +00:00
James Cox
f68c7ff249 updating license information in the headers. 2003-06-10 20:04:29 +00:00
Moriyoshi Koizumi
12ecc6ca1e Fixed base64_encode() integer overflow issue pointed out in TODO_SEGFAULTS 2003-06-04 14:41:45 +00:00
Frank M. Kromann
4da2e804e0 Allow base64 functions to be called from an extension buils as .so/.dll (iconv) 2003-01-01 18:11:18 +00:00
Sebastian Bergmann
b506f5c8f8 Bump year. 2002-12-31 16:08:15 +00:00