Stanislav Malyshev
d76b293ac7
forgot to commit this one
2015-03-17 17:16:27 -07:00
Dmitry Stogov
e427188755
Fixed memory leak
2015-01-23 21:47:26 +03:00
Xinchen Hui
fc33f52d8c
bump year
2015-01-15 23:27:30 +08:00
Stanislav Malyshev
b7a7b1a624
trailing whitespace removal
2015-01-10 15:07:38 -08:00
Dmitry Stogov
6a6cdecbdb
Improved unserialize()
2014-12-23 02:49:33 +03:00
Anatol Belski
4acc56d5b2
Merge remote-tracking branch 'origin/master' into native-tls
...
* origin/master:
fix unserializer patch
move this entry to the correct version
add missing NEWS entry
add missing NEWS entry
Updated or skipped certain 32-bit tests
add NEWS entry for #68594
5.4.37
add more BC breaks
update news
add CVE
add missing test file
Fix bug #68594 - Use after free vulnerability in unserialize()
Fix typo
Hash value must not zero?
2014-12-17 05:29:36 +01:00
Stanislav Malyshev
8b0deb8cd2
fix unserializer patch
2014-12-16 17:50:54 -08:00
Stanislav Malyshev
9152214c1e
Merge branch 'PHP-5.6'
...
* PHP-5.6:
update news
add CVE
add missing test file
Fix bug #68594 - Use after free vulnerability in unserialize()
Conflicts:
ext/standard/var_unserializer.c
ext/standard/var_unserializer.re
2014-12-16 10:25:03 -08:00
Stanislav Malyshev
681a1afd3f
Merge branch 'PHP-5.5' into PHP-5.6
...
* PHP-5.5:
update news
add CVE
add missing test file
Fix bug #68594 - Use after free vulnerability in unserialize()
Conflicts:
ext/standard/var_unserializer.c
2014-12-16 10:19:32 -08:00
Stanislav Malyshev
630f9c33c2
Fix bug #68594 - Use after free vulnerability in unserialize()
2014-12-16 10:15:17 -08:00
Anatol Belski
e112f6a04e
second shot on removing TSRMLS_*
2014-12-14 14:07:59 +01:00
Anatol Belski
bdeb220f48
first shot remove TSRMLS_* things
2014-12-13 23:06:14 +01:00
Anatol Belski
13f1c276ab
Fixed bug #68545 NULL pointer dereference in unserialize.c
2014-12-11 10:39:37 -08:00
Anatol Belski
aeb30576f6
Merge branch 'PHP-5.6'
...
* PHP-5.6:
updated NEWS
Fixed bug #68545 NULL pointer dereference in unserialize.c
Updated NEWS
Updated NEWS
Conflicts:
ext/standard/var_unserializer.c
ext/standard/var_unserializer.re
2014-12-10 11:54:31 +01:00
Anatol Belski
4a82cdce66
Merge branch 'PHP-5.5' into PHP-5.6
...
* PHP-5.5:
Fixed bug #68545 NULL pointer dereference in unserialize.c
Conflicts:
ext/standard/var_unserializer.c
2014-12-10 11:47:34 +01:00
Anatol Belski
20d93534d5
Fixed bug #68545 NULL pointer dereference in unserialize.c
2014-12-10 11:43:33 +01:00
Stanislav Malyshev
9d7c5dbed9
secured unserialize
...
- update for BC-compatible unserialize
- add tests
2014-11-22 22:25:18 -08:00
Veres Lajos
4b9535341a
typo fixes - https://github.com/vlajos/misspell_fixer
2014-11-19 20:23:00 +00:00
Stanislav Malyshev
3eb679b952
Fixed bug #68044 : Integer overflow in unserialize() (32-bits only)
2014-10-14 10:51:24 -07:00
Stanislav Malyshev
88eb7ea47d
Fixed bug #68044 : Integer overflow in unserialize() (32-bits only)
2014-10-14 10:44:57 -07:00
Stanislav Malyshev
9aa9014523
Fixed bug #68044 : Integer overflow in unserialize() (32-bits only)
2014-10-14 10:43:13 -07:00
Stanislav Malyshev
56754a7f9e
Fixed bug #68044 : Integer overflow in unserialize() (32-bits only)
2014-10-13 23:14:25 -07:00
Johannes Schlüter
d0cb715373
s/PHP 5/PHP 7/
2014-09-19 18:33:14 +02:00
Dmitry Stogov
bccc653185
Avoid double IS_INTERNED() check
2014-09-19 17:32:50 +04:00
Nikita Popov
6cceb54c09
Fix a number of format issues
2014-09-03 15:57:28 +02:00
Anatol Belski
28b7a03318
master renamings phase 5
2014-08-25 21:20:44 +02:00
Anatol Belski
c3e3c98ec6
master renames phase 1
2014-08-25 19:24:55 +02:00
Anatol Belski
70de6180d5
fixes to %pd format usage
2014-08-24 02:35:34 +02:00
Anatol Belski
41115d3d9d
regenerated parser files
2014-08-17 21:05:20 +02:00
Anatol Belski
5bb25776a0
further fixes on core
2014-08-16 15:34:04 +02:00
Anatol Belski
cb25136f4e
fix macros in the 5 basic extensions
2014-08-16 11:37:14 +02:00
Dmitry Stogov
73fe418637
Avoid reallocation
2014-08-13 23:30:07 +04:00
Stanislav Malyshev
342240fd7f
Better fix for bug #67072 with more BC provisions
2014-06-21 21:30:34 -07:00
Stanislav Malyshev
c42d5cf5de
Better fix for bug #67072 with more BC provisions
2014-06-21 21:29:11 -07:00
Dmitry Stogov
b108267f2c
Merge branch 'master' into phpng
...
* master: (41 commits)
Update copyright year to 2014
Update copyright year to 2014
Update copyright year to 2014
Update copyright year to 2014
Update copyright year to 2014
Update copyright year to 2014
Update copyright year to 2014
NEWS
Fix Request #67453 Allow to unserialize empty data.
Update copyright year to 2014
Update copyright year for re2c generated files
Update copyright year to 2014
Update copyright year for re2c files as well
Fix patch for bug #67436
fix failed test
Fix test on modern distro where old unsecure algo are disabled in openssl config. Testing recent algo should be enough to check this function.
Added tests for bug 67436
Fixed wrong XFAIL test - already fixed
Fix typo in Bug #67406 NEWS entry
Fix typo in Bug #67406 NEWS entry
...
Conflicts:
Zend/zend_compile.c
ext/session/session.c
ext/standard/array.c
ext/standard/http_fopen_wrapper.c
tests/classes/bug63462.phpt
2014-06-18 17:50:27 +04:00
Lior Kaplan
11b18347d8
Merge branch 'PHP-5.5' into PHP-5.6
...
* PHP-5.5:
Update copyright year for re2c generated files
Update copyright year to 2014
Update copyright year for re2c files as well
2014-06-16 23:32:10 +03:00
Lior Kaplan
6f3bcb0d6e
Update copyright year for re2c generated files
2014-06-16 23:28:36 +03:00
Anatol Belski
20568e5028
Fixed regression introduced by patch for bug #67072
...
This applies to 5.4 and 5.5 only as a legacy fix.
2014-06-03 20:43:58 +02:00
Dmitry Stogov
f9927a6c97
Merge mainstream 'master' branch into refactoring
...
During merge I had to revert:
Nikita's patch for php_splice() (it probably needs to be applyed again)
Bob Weinand's patches related to constant expression handling (we need to review them carefully)
I also reverted all our attempts to support sapi/phpdbg (we didn't test it anyway)
Conflicts:
Zend/zend.h
Zend/zend_API.c
Zend/zend_ast.c
Zend/zend_compile.c
Zend/zend_compile.h
Zend/zend_constants.c
Zend/zend_exceptions.c
Zend/zend_execute.c
Zend/zend_execute.h
Zend/zend_execute_API.c
Zend/zend_hash.c
Zend/zend_highlight.c
Zend/zend_language_parser.y
Zend/zend_language_scanner.c
Zend/zend_language_scanner_defs.h
Zend/zend_variables.c
Zend/zend_vm_def.h
Zend/zend_vm_execute.h
ext/date/php_date.c
ext/dom/documenttype.c
ext/hash/hash.c
ext/iconv/iconv.c
ext/mbstring/tests/zend_multibyte-10.phpt
ext/mbstring/tests/zend_multibyte-11.phpt
ext/mbstring/tests/zend_multibyte-12.phpt
ext/mysql/php_mysql.c
ext/mysqli/mysqli.c
ext/mysqlnd/mysqlnd_reverse_api.c
ext/mysqlnd/php_mysqlnd.c
ext/opcache/ZendAccelerator.c
ext/opcache/zend_accelerator_util_funcs.c
ext/opcache/zend_persist.c
ext/opcache/zend_persist_calc.c
ext/pcre/php_pcre.c
ext/pdo/pdo_dbh.c
ext/pdo/pdo_stmt.c
ext/pdo_pgsql/pgsql_driver.c
ext/pgsql/pgsql.c
ext/reflection/php_reflection.c
ext/session/session.c
ext/spl/spl_array.c
ext/spl/spl_observer.c
ext/standard/array.c
ext/standard/basic_functions.c
ext/standard/html.c
ext/standard/mail.c
ext/standard/php_array.h
ext/standard/proc_open.c
ext/standard/streamsfuncs.c
ext/standard/user_filters.c
ext/standard/var_unserializer.c
ext/standard/var_unserializer.re
main/php_variables.c
sapi/phpdbg/phpdbg.c
sapi/phpdbg/phpdbg_bp.c
sapi/phpdbg/phpdbg_frame.c
sapi/phpdbg/phpdbg_help.c
sapi/phpdbg/phpdbg_list.c
sapi/phpdbg/phpdbg_print.c
sapi/phpdbg/phpdbg_prompt.c
2014-04-26 00:32:51 +04:00
Anatol Belski
c2acdbdd3d
Improved the fix for bug #67072 , thanks Nikita
2014-04-18 15:13:32 +02:00
Anatol Belski
5328d42899
Fixed bug #67072 Echoing unserialized "SplFileObject" crash
...
The actual issue lays in the unserializer code which doesn't honor
the unserialize callback. By contrast, the serialize callback is
respected. This leads to the situation that even if a class has
disabled the serialization explicitly, user could still construct
a vulnerable string which would result bad things when trying
to unserialize.
This conserns also the classes implementing Serializable as well
as some core classes disabling serialize/unserialize callbacks
explicitly (PDO, SimpleXML, SplFileInfo and co). As of now, the
flow is first to call the unserialize callback (if available),
then call __wakeup. If the unserialize callback returns with no
success, no object is instantiated. This makes the scheme used
by internal classes effective, to disable unserialize just assign
zend_class_unserialize_deny as callback.
2014-04-17 10:48:14 +02:00
Dmitry Stogov
6bfedfd22e
Fixed unserialize()
2014-04-10 18:08:11 +04:00
Dmitry Stogov
0ae14f3a1d
Fixed access to uninitialized data
2014-04-10 10:38:40 +04:00
Dmitry Stogov
6ee5e813ab
var_push_dtor_no_addref() is useles (var_push_dtor() doesn't work properly as well)
2014-04-10 01:49:26 +04:00
Dmitry Stogov
c6cba55454
Use ZVAL_DEREF() macro
2014-03-27 13:39:09 +04:00
Dmitry Stogov
887189ca31
Refactored IS_INDIRECT usage for CV and object properties to support HashTable resizing
2014-03-26 18:07:31 +04:00
Dmitry Stogov
62c448ab8b
Fixed serialize/unserialize problems
2014-03-17 17:23:27 +04:00
Xinchen Hui
24540362b0
Re-fixed unserialize
2014-02-26 15:51:53 +08:00
Xinchen Hui
b7052ef16d
Revert "Fixed unserialize implementation (it's complicated, this issue took me 4 hours :<, need some review)"
...
This reverts commit 80a178015d
.
2014-02-26 13:33:55 +08:00
Xinchen Hui
80a178015d
Fixed unserialize implementation (it's complicated, this issue took me 4 hours :<, need some review)
2014-02-26 12:51:23 +08:00