clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-23 02:47:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
89,908 Commits 491 Branches 1,363 Tags 841 MiB
d7351a5c74
Commit Graph

137 Commits

Author SHA1 Message Date
Stanislav Malyshev
780222f97f Fixed bug #68976 - Use After Free Vulnerability in unserialize() 2015-03-17 16:31:52 -07:00
Dmitry Stogov
e427188755 Fixed memory leak 2015-01-23 21:47:26 +03:00
Xinchen Hui
fc33f52d8c bump year 2015-01-15 23:27:30 +08:00
Stanislav Malyshev
b7a7b1a624 trailing whitespace removal 2015-01-10 15:07:38 -08:00
Dmitry Stogov
6a6cdecbdb Improved unserialize() 2014-12-23 02:49:33 +03:00
Anatol Belski
4acc56d5b2 Merge remote-tracking branch 'origin/master' into native-tls 
* origin/master:
  fix unserializer patch
  move this entry to the correct version
  add missing NEWS entry
  add missing NEWS entry
  Updated or skipped certain 32-bit tests
  add NEWS entry for #68594
  5.4.37
  add more BC breaks
  update news
  add CVE
  add missing test file
  Fix bug #68594 - Use after free vulnerability in unserialize()
  Fix typo
  Hash value must not zero?
 2014-12-17 05:29:36 +01:00
Stanislav Malyshev
8b0deb8cd2 fix unserializer patch 2014-12-16 17:50:54 -08:00
Stanislav Malyshev
9152214c1e Merge branch 'PHP-5.6' 
* PHP-5.6:
  update news
  add CVE
  add missing test file
  Fix bug #68594 - Use after free vulnerability in unserialize()

Conflicts:
	ext/standard/var_unserializer.c
	ext/standard/var_unserializer.re
 2014-12-16 10:25:03 -08:00
Stanislav Malyshev
681a1afd3f Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  update news
  add CVE
  add missing test file
  Fix bug #68594 - Use after free vulnerability in unserialize()

Conflicts:
	ext/standard/var_unserializer.c
 2014-12-16 10:19:32 -08:00
Stanislav Malyshev
630f9c33c2 Fix bug #68594 - Use after free vulnerability in unserialize() 2014-12-16 10:15:17 -08:00
Anatol Belski
e112f6a04e second shot on removing TSRMLS_* 2014-12-14 14:07:59 +01:00
Anatol Belski
bdeb220f48 first shot remove TSRMLS_* things 2014-12-13 23:06:14 +01:00
Anatol Belski
13f1c276ab Fixed bug #68545 NULL pointer dereference in unserialize.c 2014-12-11 10:39:37 -08:00
Anatol Belski
aeb30576f6 Merge branch 'PHP-5.6' 
* PHP-5.6:
  updated NEWS
  Fixed bug #68545 NULL pointer dereference in unserialize.c
  Updated NEWS
  Updated NEWS

Conflicts:
	ext/standard/var_unserializer.c
	ext/standard/var_unserializer.re
 2014-12-10 11:54:31 +01:00
Anatol Belski
4a82cdce66 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Fixed bug #68545 NULL pointer dereference in unserialize.c

Conflicts:
	ext/standard/var_unserializer.c
 2014-12-10 11:47:34 +01:00
Anatol Belski
20d93534d5 Fixed bug #68545 NULL pointer dereference in unserialize.c 2014-12-10 11:43:33 +01:00
Stanislav Malyshev
9d7c5dbed9 secured unserialize 
- update for BC-compatible unserialize
- add tests
 2014-11-22 22:25:18 -08:00
Veres Lajos
4b9535341a typo fixes - https://github.com/vlajos/misspell_fixer 2014-11-19 20:23:00 +00:00
Stanislav Malyshev
3eb679b952 Fixed bug #68044: Integer overflow in unserialize() (32-bits only) 2014-10-14 10:51:24 -07:00
Stanislav Malyshev
88eb7ea47d Fixed bug #68044: Integer overflow in unserialize() (32-bits only) 2014-10-14 10:44:57 -07:00
Stanislav Malyshev
9aa9014523 Fixed bug #68044: Integer overflow in unserialize() (32-bits only) 2014-10-14 10:43:13 -07:00
Stanislav Malyshev
56754a7f9e Fixed bug #68044: Integer overflow in unserialize() (32-bits only) 2014-10-13 23:14:25 -07:00
Johannes Schlüter
d0cb715373 s/PHP 5/PHP 7/ 2014-09-19 18:33:14 +02:00
Dmitry Stogov
bccc653185 Avoid double IS_INTERNED() check 2014-09-19 17:32:50 +04:00
Nikita Popov
6cceb54c09 Fix a number of format issues 2014-09-03 15:57:28 +02:00
Anatol Belski
28b7a03318 master renamings phase 5 2014-08-25 21:20:44 +02:00
Anatol Belski
c3e3c98ec6 master renames phase 1 2014-08-25 19:24:55 +02:00
Anatol Belski
70de6180d5 fixes to %pd format usage 2014-08-24 02:35:34 +02:00
Anatol Belski
5bb25776a0 further fixes on core 2014-08-16 15:34:04 +02:00
Anatol Belski
b7e7a89541 several fixes - 
- param parsing Z_PARAM_STR vs Z_PARAM_STRING
- some functions for new params
- etc
 2014-08-16 12:55:13 +02:00
Dmitry Stogov
73fe418637 Avoid reallocation 2014-08-13 23:30:07 +04:00
Stanislav Malyshev
342240fd7f Better fix for bug #67072 with more BC provisions 2014-06-21 21:30:34 -07:00
Stanislav Malyshev
c42d5cf5de Better fix for bug #67072 with more BC provisions 2014-06-21 21:29:11 -07:00
Dmitry Stogov
b108267f2c Merge branch 'master' into phpng 
* master: (41 commits)
  Update copyright year to 2014
  Update copyright year to 2014
  Update copyright year to 2014
  Update copyright year to 2014
  Update copyright year to 2014
  Update copyright year to 2014
  Update copyright year to 2014
  NEWS
  Fix Request #67453 Allow to unserialize empty data.
  Update copyright year to 2014
  Update copyright year for re2c generated files
  Update copyright year to 2014
  Update copyright year for re2c files as well
  Fix patch for bug #67436
  fix failed test
  Fix test on modern distro where old unsecure algo are disabled in openssl config. Testing recent algo should be enough to check this function.
  Added tests for bug 67436
  Fixed wrong XFAIL test - already fixed
  Fix typo in Bug #67406 NEWS entry
  Fix typo in Bug #67406 NEWS entry
  ...

Conflicts:
	Zend/zend_compile.c
	ext/session/session.c
	ext/standard/array.c
	ext/standard/http_fopen_wrapper.c
	tests/classes/bug63462.phpt
 2014-06-18 17:50:27 +04:00
Lior Kaplan
11b18347d8 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Update copyright year for re2c generated files
  Update copyright year to 2014
  Update copyright year for re2c files as well
 2014-06-16 23:32:10 +03:00
Lior Kaplan
e667d23178 Update copyright year for re2c files as well 2014-06-16 23:26:50 +03:00
Anatol Belski
20568e5028 Fixed regression introduced by patch for bug #67072 
This applies to 5.4 and 5.5 only as a legacy fix.
 2014-06-03 20:43:58 +02:00
Dmitry Stogov
f9927a6c97 Merge mainstream 'master' branch into refactoring 
During merge I had to revert:
	Nikita's patch for php_splice() (it probably needs to be applyed again)
	Bob Weinand's patches related to constant expression handling (we need to review them carefully)
	I also reverted all our attempts to support sapi/phpdbg (we didn't test it anyway)

Conflicts:
	Zend/zend.h
	Zend/zend_API.c
	Zend/zend_ast.c
	Zend/zend_compile.c
	Zend/zend_compile.h
	Zend/zend_constants.c
	Zend/zend_exceptions.c
	Zend/zend_execute.c
	Zend/zend_execute.h
	Zend/zend_execute_API.c
	Zend/zend_hash.c
	Zend/zend_highlight.c
	Zend/zend_language_parser.y
	Zend/zend_language_scanner.c
	Zend/zend_language_scanner_defs.h
	Zend/zend_variables.c
	Zend/zend_vm_def.h
	Zend/zend_vm_execute.h
	ext/date/php_date.c
	ext/dom/documenttype.c
	ext/hash/hash.c
	ext/iconv/iconv.c
	ext/mbstring/tests/zend_multibyte-10.phpt
	ext/mbstring/tests/zend_multibyte-11.phpt
	ext/mbstring/tests/zend_multibyte-12.phpt
	ext/mysql/php_mysql.c
	ext/mysqli/mysqli.c
	ext/mysqlnd/mysqlnd_reverse_api.c
	ext/mysqlnd/php_mysqlnd.c
	ext/opcache/ZendAccelerator.c
	ext/opcache/zend_accelerator_util_funcs.c
	ext/opcache/zend_persist.c
	ext/opcache/zend_persist_calc.c
	ext/pcre/php_pcre.c
	ext/pdo/pdo_dbh.c
	ext/pdo/pdo_stmt.c
	ext/pdo_pgsql/pgsql_driver.c
	ext/pgsql/pgsql.c
	ext/reflection/php_reflection.c
	ext/session/session.c
	ext/spl/spl_array.c
	ext/spl/spl_observer.c
	ext/standard/array.c
	ext/standard/basic_functions.c
	ext/standard/html.c
	ext/standard/mail.c
	ext/standard/php_array.h
	ext/standard/proc_open.c
	ext/standard/streamsfuncs.c
	ext/standard/user_filters.c
	ext/standard/var_unserializer.c
	ext/standard/var_unserializer.re
	main/php_variables.c
	sapi/phpdbg/phpdbg.c
	sapi/phpdbg/phpdbg_bp.c
	sapi/phpdbg/phpdbg_frame.c
	sapi/phpdbg/phpdbg_help.c
	sapi/phpdbg/phpdbg_list.c
	sapi/phpdbg/phpdbg_print.c
	sapi/phpdbg/phpdbg_prompt.c
 2014-04-26 00:32:51 +04:00
Anatol Belski
c2acdbdd3d Improved the fix for bug #67072, thanks Nikita 2014-04-18 15:13:32 +02:00
Anatol Belski
5328d42899 Fixed bug #67072 Echoing unserialized "SplFileObject" crash 
The actual issue lays in the unserializer code which doesn't honor
the unserialize callback. By contrast, the serialize callback is
respected. This leads to the situation that even if a class has
disabled the serialization explicitly, user could still construct
a vulnerable string which would result bad things when trying
to unserialize.

This conserns also the classes implementing Serializable as well
as some core classes disabling serialize/unserialize callbacks
explicitly (PDO, SimpleXML, SplFileInfo and co). As of now, the
flow is first to call the unserialize callback (if available),
then call __wakeup. If the unserialize callback returns with no
success, no object is instantiated. This makes the scheme used
by internal classes effective, to disable unserialize just assign
zend_class_unserialize_deny as callback.
 2014-04-17 10:48:14 +02:00
Dmitry Stogov
6bfedfd22e Fixed unserialize() 2014-04-10 18:08:11 +04:00
Dmitry Stogov
0ae14f3a1d Fixed access to uninitialized data 2014-04-10 10:38:40 +04:00
Dmitry Stogov
6ee5e813ab var_push_dtor_no_addref() is useles (var_push_dtor() doesn't work properly as well) 2014-04-10 01:49:26 +04:00
Dmitry Stogov
c6cba55454 Use ZVAL_DEREF() macro 2014-03-27 13:39:09 +04:00
Dmitry Stogov
887189ca31 Refactored IS_INDIRECT usage for CV and object properties to support HashTable resizing 2014-03-26 18:07:31 +04:00
Dmitry Stogov
62c448ab8b Fixed serialize/unserialize problems 2014-03-17 17:23:27 +04:00
Xinchen Hui
24540362b0 Re-fixed unserialize 2014-02-26 15:51:53 +08:00
Xinchen Hui
b7052ef16d Revert "Fixed unserialize implementation (it's complicated, this issue took me 4 hours :<, need some review)" 
This reverts commit 80a178015d.
 2014-02-26 13:33:55 +08:00
Xinchen Hui
80a178015d Fixed unserialize implementation (it's complicated, this issue took me 4 hours :<, need some review) 2014-02-26 12:51:23 +08:00
Xinchen Hui
7f527d8047 Fixed reference handling in serialize/unserialize 2014-02-26 11:08:13 +08:00