Dmitry Stogov
c8eaca013a
Added type checks
2015-03-03 10:43:48 +03:00
Dmitry Stogov
0c136a2abd
Added type checks
2015-03-03 09:44:46 +03:00
Dmitry Stogov
d5248f67b5
Check variable type before its usage as IS_ARRAY.
2015-03-02 12:27:36 +03:00
Stanislav Malyshev
bdfe457a2c
Port for for bug #68552
2015-02-17 06:53:02 +01:00
Stanislav Malyshev
7b18981830
Fix bug #68942 (Use after free vulnerability in unserialize() with DateTimeZone)
...
Conflicts:
ext/date/php_date.c
2015-02-17 06:43:51 +01:00
Felipe Pena
8f9ab04d93
- Fixed bug #67827 (broken detection of system crypt sha256/sha512 support)
2015-02-17 00:23:47 -02:00
Felipe Pena
e08bef442c
- Fixed bug #67427 (SoapServer cannot handle large messages) patch by: brandt at docoloc dot de
2015-02-16 13:07:26 -02:00
Yasuo Ohgaki
a8722f5330
Add NULL byte protection to exec, system and passthru
2015-02-14 05:25:04 +09:00
Stanislav Malyshev
f001c63073
Update header handling to RFC 7230
2015-02-05 20:08:12 -08:00
Stanislav Malyshev
7efbd70b03
fix sizeof size
2015-02-01 12:40:38 -08:00
Stanislav Malyshev
94d6cb4a78
fix TSRM
2015-01-31 23:34:14 -08:00
Stanislav Malyshev
b30a6d6018
Use better constant since MAXHOSTNAMELEN may mean shorter name
2015-01-31 21:46:56 -08:00
Stanislav Malyshev
0f9c708229
Add mitigation for CVE-2015-0235 (bug #68925 )
2015-01-31 19:08:13 -08:00
Stanislav Malyshev
e63f7b47e1
Merge branch 'bug68710' into PHP-5.4
...
* bug68710:
Fix for bug #68710 (Use After Free Vulnerability in PHP's unserialize())
2015-01-20 01:02:26 -08:00
Stanislav Malyshev
fc6aa939f5
Merge branch 'bug68799' into PHP-5.4
...
* bug68799:
Fix bug #68799 : Free called on unitialized pointer
2015-01-20 01:00:11 -08:00
Daniel Lowrey
e2fe8e164f
Fixed bug #55618 (use case-insensitive cert name matching)
2015-01-14 18:02:50 +01:00
Stanislav Malyshev
2fc178cf44
Fix bug #68799 : Free called on unitialized pointer
2015-01-11 00:51:05 -08:00
Anatol Belski
ebb98e7aeb
updated libmagic.patch in 5.4
2015-01-04 17:04:13 +01:00
Anatol Belski
ede59c8feb
Fixed bug #68735 fileinfo out-of-bounds memory access
2015-01-04 14:20:21 +01:00
Remi Collet
919abf0cb1
removed dead code
2015-01-04 09:40:19 +01:00
Stanislav Malyshev
b585a3aed7
Fix for bug #68710 (Use After Free Vulnerability in PHP's unserialize())
2015-01-01 16:19:05 -08:00
Stanislav Malyshev
b75867fff0
add missing test file
2014-12-16 10:15:17 -08:00
Stanislav Malyshev
630f9c33c2
Fix bug #68594 - Use after free vulnerability in unserialize()
2014-12-16 10:15:17 -08:00
Andrea Faulds
034e6decb3
Fix undefined behaviour in strnatcmp
2014-12-13 22:27:10 +00:00
Anatol Belski
0323f66fa2
move the test to the right place
2014-12-11 10:39:47 -08:00
Anatol Belski
13f1c276ab
Fixed bug #68545 NULL pointer dereference in unserialize.c
2014-12-11 10:39:37 -08:00
Dmitry Stogov
dd791cd717
Fixed possible read after end of buffer and use after free.
2014-12-08 12:18:27 +03:00
Chris Christoff
0e985d3726
Revert unintentional docblock change
...
Revert unintentional docblock change
It looks like commit dd8e59da8f
introduced an unintended docbloc change. I have reverted this
change in this commit.
2014-12-05 13:57:03 -08:00
Stanislav Malyshev
84be568366
update news
2014-11-30 21:37:39 -08:00
Leigh
7e870c596d
Bug fixes in light of failing bcrypt tests
...
Conflicts:
ext/standard/crypt.c
2014-11-30 21:06:39 -08:00
Leigh
2d9d10fbbf
Add tests from 1.3. Add missing tests.
...
3 of the missing tests fail. // TODO
2014-11-30 21:05:40 -08:00
Leigh
29f51e1ca9
Upgrade crypt_blowfish to version 1.3
2014-11-30 21:05:32 -08:00
Matteo Beccati
2323e95df9
Fixed bug #66584 Segmentation fault on statement deallocation
2014-11-11 16:25:31 -08:00
Remi Collet
7740edae36
Fix bug #63595 GMP memory management conflicts with other libraries using GMP
...
Drop use of php memory allocators as this raise various conflicts
with other extensions and libraries which use libgmp.
No other solution found.
We cannot for ensure correct use of allocator with shared lib.
Some memory can allocated before php init
Some memory can be freed after php shutdown
Known broken run cases
- php + curl + gnutls + gmp
- mod_gnutls + mod_php + gnutls + gmp
- php + freetds + gnutls + gmp
- php + odbc + freetds + gnutls + gmp
- php + php-mapi (zarafa) + gnutls + gmp
2014-11-03 11:42:15 -08:00
Stanislav Malyshev
c351b47ce8
Initialize the offset table - PCRE may sometimes miss offsets
2014-11-03 11:31:02 -08:00
Remi Collet
1803228597
Fix bug #68283 : fileinfo: out-of-bounds read in elf note headers
...
Upstream commit
39c7ac1106
CVE -2014-3710
2014-10-22 15:37:04 +02:00
Stanislav Malyshev
287c91c1f0
Fix bug #68113 (Heap corruption in exif_thumbnail())
2014-10-13 23:17:45 -07:00
Stanislav Malyshev
ab0939e5e5
Fix bug #68089 - do not accept options with embedded \0
...
Conflicts:
ext/curl/interface.c
2014-10-13 23:16:06 -07:00
Stanislav Malyshev
56754a7f9e
Fixed bug #68044 : Integer overflow in unserialize() (32-bits only)
2014-10-13 23:14:25 -07:00
Stanislav Malyshev
88412772d2
Fix bug #68027 - fix date parsing in XMLRPC lib
2014-10-13 23:12:11 -07:00
Matthew Daley
fcbe20d357
Set an LDAP error code when failing ldap_bind due to null bytes
...
Some applications check a LDAP link's error code after seeing ldap_bind
fail due to a null byte bind attempt and hence incorrectly receive the
last set error code.
Fix by setting an LDAP error code before returning in this case.
2014-09-28 12:23:52 -07:00
Derick Rethans
16e2d954fc
- Updated to version 2014.8 (2014h)
2014-09-26 16:26:59 +01:00
Stanislav Malyshev
408b172017
Revert xp_ssl.c to the state of 5.4.32 due to regressions
2014-09-26 00:44:24 -07:00
Ard Biesheuvel
e64da8c20d
Fixed bug #66242 (don't assume char is signed)
...
This fixes a bug in libmagic where a cast to 'char' is assumed to result
in sign extension to occur. However, unqualified 'char' is unsigned on
architectures such as ARM, so the cast needs to be to 'signed char'
explicitly.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
2014-09-20 16:39:48 -07:00
Matteo Beccati
00525b824a
Fixed freetype test on multiple environments
...
Some environments, apparently regardless to the freetype version, output 155, while others 156. I guess we can accept both ;)
This reverts commit 592df89027
.
2014-09-16 10:19:29 +02:00
Daniel Lowrey
372844918a
Bug #41631 : Fix regression from first attempt ( 6569db8
)
2014-09-09 09:01:42 -06:00
Daniel Lowrey
f86b2193a4
Bug #67965 : Fix blocking behavior in non-blocking crypto streams
2014-09-09 07:37:57 -06:00
Matteo Beccati
592df89027
Fixed test with freetype >= 2.4.12
2014-09-03 09:43:29 +02:00
Derick Rethans
e665a07ab9
- Updated to version 2014.7 (2014g)
2014-09-01 16:40:49 +01:00
Chris Wright
32be79dcfa
Fix stream_select() issue with OpenSSL buffer
...
Ensure data from OpenSSL internal buffer has been
transfered to PHP stream buffer before a select()
emulation operation is performed
Addresses bug #65137
https://bugs.php.net/bug.php?id=65137
Conflicts:
ext/openssl/xp_ssl.c
2014-08-27 13:25:50 +01:00