clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-22 18:37:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
82,520 Commits 491 Branches 1,363 Tags 839 MiB
ed709d5aa0
Commit Graph

91 Commits

Author SHA1 Message Date
Stanislav Malyshev
ed709d5aa0 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  update NEWS
  fix test
  update NEWS
  Fix bug #70019 - limit extracted files to given directory
  Do not do convert_to_* on unserialize, it messes up references
  Fix #69793 - limit what we accept when unserializing exception
  Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
  Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
  ignore signatures for packages too
  Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
  Fixed bug #69892
  Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
  Improved fix for Bug #69441
  Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
  Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
  Fix bug #70081: check types for SOAP variables

Conflicts:
	ext/soap/php_http.c
	ext/spl/spl_observer.c
 2015-08-04 15:29:13 -07:00
Stanislav Malyshev
69ed3969dd Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fix bug #70019 - limit extracted files to given directory
  Do not do convert_to_* on unserialize, it messes up references
  Fix #69793 - limit what we accept when unserializing exception
  Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
  Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
  ignore signatures for packages too
  Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
  Fixed bug #69892
  Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
  Improved fix for Bug #69441
  Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
  Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
  Fix bug #70081: check types for SOAP variables

Conflicts:
	.gitignore
	ext/date/php_date.c
	ext/spl/spl_array.c
	ext/spl/spl_observer.c
 2015-08-04 14:10:57 -07:00
Stanislav Malyshev
c2e197e4ef Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage 2015-08-01 22:01:17 -07:00
Xinchen Hui
96bb3b838c Merge branch 'PHP-5.5' into PHP-5.6 2015-03-14 11:31:53 +08:00
Xinchen Hui
5b87d52041 Fixed typo 2015-03-14 11:31:12 +08:00
Xinchen Hui
396bc00caa Merge branch 'PHP-5.5' into PHP-5.6 2015-03-14 00:53:32 +08:00
Xinchen Hui
ed59370f0a Little improvement, update NEWs, added test 2015-03-14 00:52:53 +08:00
Vektah
482500b455 Fix a leak 2015-03-13 15:54:30 +11:00
Vektah
950d3d6e9b Fix bug #69227 and #65967 
This patch fixes a use (in zend_gc.c) after free (in spl_observer.c).
See https://bugs.php.net/bug.php?id=69227
 2015-03-13 15:02:05 +11:00
Xinchen Hui
9641bac0f5 Merge branch 'PHP-5.5' into PHP-5.6 2015-02-25 18:22:18 +08:00
Xinchen Hui
ffdc5728c8 Fixed bug #69108 ("Segmentation fault" when (de)serializing SplObjectStorage) 2015-02-25 18:21:59 +08:00
Xinchen Hui
0579e8278d bump year 2015-01-15 23:26:37 +08:00
Xinchen Hui
73c1be2653 Bump year 2015-01-15 23:26:03 +08:00
Stanislav Malyshev
b03993dde9 Fix bug #67492: unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion 2014-06-24 10:29:26 -07:00
Stanislav Malyshev
88223c5245 Fix bug #67492: unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion 2014-06-21 19:46:16 -07:00
Remi Collet
ea466a316f Fix Request #67453 Allow to unserialize empty data. 
SplDoublyLinkedList, SplObjectStorage and ArrayObject have empty
constructor (no arg), so it make sense to allow to unserialize empty
data.

This allow the hack (used in various place, including PHPUnit) to
instanciate class without call to constructor to work.
 2014-06-17 09:38:54 +02:00
Bob Weinand
a93e734f81 Merge branch 'PHP-5.5' into PHP-5.6 2014-04-14 00:08:36 +02:00
Xinchen Hui
c081ce628f Bump year 2014-01-03 11:08:10 +08:00
Xinchen Hui
47c9027772 Bump year 2014-01-03 11:06:16 +08:00
Xinchen Hui
c0d060f5c0 Bump year 2014-01-03 11:04:26 +08:00
Xinchen Hui
a666285bc2 Happy New Year 2013-01-01 16:37:09 +08:00
Xinchen Hui
0a7395e009 Happy New Year 2013-01-01 16:28:54 +08:00
Xinchen Hui
1f516510b7 Merge branch 'PHP-5.3' into PHP-5.4 2012-12-13 10:44:56 +08:00
Xinchen Hui
39a3007ab2 MFH 2012-12-13 10:44:14 +08:00
Dmitry Stogov
df97c3aa0d Use get_gc instead of hacks of get_properties 2012-12-05 17:58:36 +04:00
Xinchen Hui
6284ef112e Fixed bug #63236 (Executable permission on various source files) 2012-10-09 13:28:31 +08:00
Xinchen Hui
e4a8fa6a15 Merge branch 'PHP-5.3' into PHP-5.4 2012-10-09 13:29:51 +08:00
Johannes Schlüter
b025b9d0cf Fix #62432 ReflectionMethod random corrupt memory on high concurrent 
This fixes the same issue in multiple extensions. This isn't needed
in later branches as 5.4 introduced object_properties_init()
 2012-06-27 23:26:33 +02:00
Gustavo André dos Santos Lopes
0f001703a8 Fixed bug #61453. 
The "hash" function used strncpy on data that would have NUL bytes, ending the
copy prematurely and causing collisions between objects.
 2012-03-21 12:42:09 +00:00
Felipe Pena
e4ca0ed09f - Year++ 2012-01-01 13:15:04 +00:00
Felipe Pena
4e19825281 - Year++ 2012-01-01 13:15:04 +00:00
Michael Wallner
d8ca919da1 Fixed bug #60240 (invalid read/writes when unserializing specially crafted strings) 2011-12-02 11:50:22 +00:00
Xinchen Hui
a8a0a6c3f1 Sizeof mismatch 2011-08-08 08:49:55 +00:00
Xinchen Hui
dbd405a001 Wrong sizeof 2011-08-08 02:33:03 +00:00
Felipe Pena
191df85605 - Drop C++ style comments 2011-06-10 23:14:15 +00:00
Felipe Pena
53b1c76efe - Fixed SplObjectStorage::offsetSet arginfo, reported in bug #54118 2011-03-01 00:13:23 +00:00
Felipe Pena
18097605b7 - Fixed SplObjectStorage::offsetSet arginfo, reported in bug #54118 2011-03-01 00:13:23 +00:00
Etienne Kneuss
47fc5e06f0 Implement SplObjectStorage::removeAllExcept (Patch by Matthey Turland) 2011-01-05 15:01:18 +00:00
Etienne Kneuss
78728e33fa Implement SplObjectStorage::removeAllExcept (Patch by Matthey Turland) 2011-01-05 15:01:18 +00:00
Felipe Pena
927bf09c29 - Year++ 2011-01-01 02:19:59 +00:00
Felipe Pena
0203cc3d44 - Year++ 2011-01-01 02:17:06 +00:00
Felipe Pena
6958cb4a14 - Added missing void arg checks 2010-11-14 18:40:08 +00:00
Felipe Pena
8192f0f771 - Added missing void arg checks 2010-11-14 18:40:08 +00:00
Gustavo André dos Santos Lopes
384cd8cda5 - Small optimization of the fix of bug #53071. It's not necessary to destroy 
the debug info as it's not holding references anymore (the fix removed
  the refcount increments).
 2010-10-25 02:03:20 +00:00
Gustavo André dos Santos Lopes
21d704063d - Small optimization of the fix of bug #53071. It's not necessary to destroy 
the debug info as it's not holding references anymore (the fix removed
  the refcount increments).
 2010-10-25 02:03:20 +00:00
Gustavo André dos Santos Lopes
5721132c29 - Fixed bug #53071 (SPLObjectStorage defeats gc_collect_cycles). 2010-10-25 01:41:54 +00:00
Gustavo André dos Santos Lopes
7fcce35f9b - Fixed bug #53071 (SPLObjectStorage defeats gc_collect_cycles). 2010-10-25 01:41:54 +00:00
Felipe Pena
f0d2559d26 - Fixed bug #53144 (SplObjectStorage::removeAll()) 2010-10-24 14:03:07 +00:00
Felipe Pena
6887b97a8d - Fixed bug #53144 (SplObjectStorage::removeAll()) 2010-10-24 14:03:07 +00:00
Stanislav Malyshev
865f85718f fix SplObjectStorage unserialization (CVE-2010-2225) 2010-06-29 00:58:31 +00:00