sesser Wed Jul 21 12:25:28 2004 EDT
Modified files: (Branch: PHP_4_3)
/php-src/ext/mssql php_mssql.c
/php-src/ext/session session.c
/php-src/ext/sybase php_sybase_db.c
/php-src/ext/sybase_ct php_sybase_ct.c
/php-src/ext/w32api w32api.c
/php-src/main main.c rfc1867.c
/php-src/sapi/apache mod_php4.c
Log:
Merge all not yet merged security fixes into the 4_3 branch
http://cvs.php.net/diff.php/php-src/ext/mssql/php_mssql.c?r1=1.86.2.34&r2=1.86.2.35&ty=u
Index: php-src/ext/mssql/php_mssql.c
diff -u php-src/ext/mssql/php_mssql.c:1.86.2.34 php-src/ext/mssql/php_mssql.c:1.86.2.35
--- php-src/ext/mssql/php_mssql.c:1.86.2.34 Wed Jun 30 15:47:18 2004
+++ php-src/ext/mssql/php_mssql.c Wed Jul 21 12:25:27 2004
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: php_mssql.c,v 1.86.2.34 2004/06/30 19:47:18 fmk Exp $ */
+/* $Id: php_mssql.c,v 1.86.2.35 2004/07/21 16:25:27 sesser Exp $ */
#ifdef COMPILE_DL_MSSQL
#define HAVE_MSSQL 1
@@ -344,6 +344,7 @@
PHP_RSHUTDOWN_FUNCTION(mssql)
{
STR_FREE(MS_SQL_G(appname));
+ MS_SQL_G(appname) = NULL;
if (MS_SQL_G(server_message)) {
STR_FREE(MS_SQL_G(server_message));
MS_SQL_G(server_message) = NULL;
http://cvs.php.net/diff.php/php-src/ext/session/session.c?r1=1.336.2.40&r2=1.336.2.41&ty=u
Index: php-src/ext/session/session.c
diff -u php-src/ext/session/session.c:1.336.2.40
php-src/ext/session/session.c:1.336.2.41
--- php-src/ext/session/session.c:1.336.2.40 Wed Jun 23 12:29:16 2004
+++ php-src/ext/session/session.c Wed Jul 21 12:25:27 2004
@@ -17,7 +17,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: session.c,v 1.336.2.40 2004/06/23 16:29:16 sas Exp $ */
+/* $Id: session.c,v 1.336.2.41 2004/07/21 16:25:27 sesser Exp $ */
#ifdef HAVE_CONFIG_H
#include "config.h"
@@ -503,13 +503,16 @@
static void php_session_track_init(TSRMLS_D)
{
+ zval *session_vars = NULL;
+
/* Unconditionally destroy existing arrays -- possible dirty data */
zend_hash_del(&EG(symbol_table), "HTTP_SESSION_VARS",
sizeof("HTTP_SESSION_VARS"));
zend_hash_del(&EG(symbol_table), "_SESSION", sizeof("_SESSION"));
- MAKE_STD_ZVAL(PS(http_session_vars));
- array_init(PS(http_session_vars));
+ MAKE_STD_ZVAL(session_vars);
+ array_init(session_vars);
+ PS(http_session_vars) = session_vars;
ZEND_SET_GLOBAL_VAR_WITH_LENGTH("HTTP_SESSION_VARS",
sizeof("HTTP_SESSION_VARS"), PS(http_session_vars), 2, 1);
ZEND_SET_GLOBAL_VAR_WITH_LENGTH("_SESSION", sizeof("_SESSION"),
PS(http_session_vars), 2, 1);
http://cvs.php.net/diff.php/php-src/ext/sybase/php_sybase_db.c?r1=1.38.2.16&r2=1.38.2.17&ty=u
Index: php-src/ext/sybase/php_sybase_db.c
diff -u php-src/ext/sybase/php_sybase_db.c:1.38.2.16
php-src/ext/sybase/php_sybase_db.c:1.38.2.17
--- php-src/ext/sybase/php_sybase_db.c:1.38.2.16 Fri Apr 16 12:27:57 2004
+++ php-src/ext/sybase/php_sybase_db.c Wed Jul 21 12:25:27 2004
@@ -20,7 +20,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: php_sybase_db.c,v 1.38.2.16 2004/04/16 16:27:57 thetaphi Exp $ */
+/* $Id: php_sybase_db.c,v 1.38.2.17 2004/07/21 16:25:27 sesser Exp $ */
#ifdef HAVE_CONFIG_H
@@ -297,7 +297,9 @@
PHP_RSHUTDOWN_FUNCTION(sybase)
{
efree(php_sybase_module.appname);
+ php_sybase_module.appname = NULL;
STR_FREE(php_sybase_module.server_message);
+ php_sybase_module.server_message = NULL;
return SUCCESS;
}
http://cvs.php.net/diff.php/php-src/ext/sybase_ct/php_sybase_ct.c?r1=1.73.2.17&r2=1.73.2.18&ty=u
Index: php-src/ext/sybase_ct/php_sybase_ct.c
diff -u php-src/ext/sybase_ct/php_sybase_ct.c:1.73.2.17
php-src/ext/sybase_ct/php_sybase_ct.c:1.73.2.18
--- php-src/ext/sybase_ct/php_sybase_ct.c:1.73.2.17 Mon Jul 12 17:07:21 2004
+++ php-src/ext/sybase_ct/php_sybase_ct.c Wed Jul 21 12:25:27 2004
@@ -18,7 +18,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: php_sybase_ct.c,v 1.73.2.17 2004/07/12 21:07:21 thekid Exp $ */
+/* $Id: php_sybase_ct.c,v 1.73.2.18 2004/07/21 16:25:27 sesser Exp $ */
#ifdef HAVE_CONFIG_H
@@ -458,11 +458,13 @@
PHP_RSHUTDOWN_FUNCTION(sybase)
{
efree(SybCtG(appname));
+ SybCtG(appname) = NULL;
if (SybCtG(callback_name)) {
zval_ptr_dtor(&SybCtG(callback_name));
SybCtG(callback_name)= NULL;
}
STR_FREE(SybCtG(server_message));
+ SybCtG(server_message) = NULL;
return SUCCESS;
}
http://cvs.php.net/diff.php/php-src/ext/w32api/w32api.c?r1=1.5.2.3&r2=1.5.2.4&ty=u
Index: php-src/ext/w32api/w32api.c
diff -u php-src/ext/w32api/w32api.c:1.5.2.3 php-src/ext/w32api/w32api.c:1.5.2.4
--- php-src/ext/w32api/w32api.c:1.5.2.3 Sat Jun 19 11:09:47 2004
+++ php-src/ext/w32api/w32api.c Wed Jul 21 12:25:27 2004
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: w32api.c,v 1.5.2.3 2004/06/19 15:09:47 sesser Exp $ */
+/* $Id: w32api.c,v 1.5.2.4 2004/07/21 16:25:27 sesser Exp $ */
/*
* Win32 API Extension for PHP 4
@@ -290,20 +290,26 @@
*/
PHP_RINIT_FUNCTION(w32api)
{
+ HashTable *tmp;
+ WG(funcs) = WG(libraries) = WG(callbacks) = WG(types) = NULL;
+
/* Allocate Request Specific HT's here
*/
- ALLOC_HASHTABLE(WG(funcs));
- zend_hash_init(WG(funcs), 1, NULL, php_w32api_hash_func_dtor, 1);
-
- ALLOC_HASHTABLE(WG(libraries));
- zend_hash_init(WG(libraries), 1, NULL, php_w32api_hash_lib_dtor, 1);
-
- ALLOC_HASHTABLE(WG(callbacks));
- zend_hash_init(WG(callbacks), 1, NULL, php_w32api_hash_callback_dtor, 1);
-
- ALLOC_HASHTABLE(WG(types));
- zend_hash_init(WG(types), 1, NULL, php_w32api_hash_type_dtor, 1);
-
+ ALLOC_HASHTABLE(tmp);
+ zend_hash_init(tmp, 1, NULL, php_w32api_hash_func_dtor, 1);
+ WG(funcs) = tmp;
+
+ ALLOC_HASHTABLE(tmp);
+ zend_hash_init(tmp, 1, NULL, php_w32api_hash_lib_dtor, 1);
+ WG(libraries) = tmp;
+
+ ALLOC_HASHTABLE(tmp);
+ zend_hash_init(tmp, 1, NULL, php_w32api_hash_callback_dtor, 1);
+ WG(callbacks) = tmp;
+
+ ALLOC_HASHTABLE(tmp);
+ zend_hash_init(tmp, 1, NULL, php_w32api_hash_type_dtor, 1);
+ WG(types) = tmp;
return SUCCESS;
@@ -330,6 +336,7 @@
zend_hash_destroy(WG(types));
FREE_HASHTABLE(WG(types));
+ WG(funcs) = WG(libraries) = WG(callbacks) = WG(types) = NULL;
return SUCCESS;
}
http://cvs.php.net/diff.php/php-src/main/main.c?r1=1.512.2.53&r2=1.512.2.54&ty=u
Index: php-src/main/main.c
diff -u php-src/main/main.c:1.512.2.53 php-src/main/main.c:1.512.2.54
--- php-src/main/main.c:1.512.2.53 Sun Feb 8 23:05:56 2004
+++ php-src/main/main.c Wed Jul 21 12:25:28 2004
@@ -18,7 +18,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: main.c,v 1.512.2.53 2004/02/09 04:05:56 iliaa Exp $ */
+/* $Id: main.c,v 1.512.2.54 2004/07/21 16:25:28 sesser Exp $ */
/* {{{ includes
*/
@@ -1369,6 +1369,7 @@
int _gpc_flags[5] = {0, 0, 0, 0, 0};
zend_bool have_variables_order;
zval *dummy_track_vars_array = NULL;
+ zval *env_vars = NULL;
zend_bool initialized_dummy_track_vars_array=0;
int i;
char *variables_order;
@@ -1401,9 +1402,10 @@
} else {
variables_order = PG(gpc_order);
have_variables_order=0;
- ALLOC_ZVAL(PG(http_globals)[TRACK_VARS_ENV]);
- array_init(PG(http_globals)[TRACK_VARS_ENV]);
- INIT_PZVAL(PG(http_globals)[TRACK_VARS_ENV]);
+ ALLOC_ZVAL(env_vars);
+ array_init(env_vars);
+ INIT_PZVAL(env_vars);
+ PG(http_globals)[TRACK_VARS_ENV] = env_vars;
php_import_environment_variables(PG(http_globals)[TRACK_VARS_ENV]
TSRMLS_CC);
if (PG(register_globals)) {
php_autoglobal_merge(&EG(symbol_table),
Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_ENV]) TSRMLS_CC);
@@ -1446,9 +1448,10 @@
case 'E':
if (!_gpc_flags[3]) {
if (have_variables_order) {
-
ALLOC_ZVAL(PG(http_globals)[TRACK_VARS_ENV]);
-
array_init(PG(http_globals)[TRACK_VARS_ENV]);
-
INIT_PZVAL(PG(http_globals)[TRACK_VARS_ENV]);
+ ALLOC_ZVAL(env_vars);
+ array_init(env_vars);
+ INIT_PZVAL(env_vars);
+ PG(http_globals)[TRACK_VARS_ENV] =
env_vars;
php_import_environment_variables(PG(http_globals)[TRACK_VARS_ENV] TSRMLS_CC);
if (PG(register_globals)) {
php_autoglobal_merge(&EG(symbol_table), Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_ENV])
TSRMLS_CC);
http://cvs.php.net/diff.php/php-src/main/rfc1867.c?r1=1.122.2.21&r2=1.122.2.22&ty=u
Index: php-src/main/rfc1867.c
diff -u php-src/main/rfc1867.c:1.122.2.21 php-src/main/rfc1867.c:1.122.2.22
--- php-src/main/rfc1867.c:1.122.2.21 Sun May 23 06:15:24 2004
+++ php-src/main/rfc1867.c Wed Jul 21 12:25:28 2004
@@ -16,7 +16,7 @@
| Jani Taskinen <[EMAIL PROTECTED]> |
+----------------------------------------------------------------------+
*/
-/* $Id: rfc1867.c,v 1.122.2.21 2004/05/23 10:15:24 sesser Exp $ */
+/* $Id: rfc1867.c,v 1.122.2.22 2004/07/21 16:25:28 sesser Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -760,7 +760,7 @@
char *boundary, *s=NULL, *boundary_end = NULL, *start_arr=NULL,
*array_index=NULL;
char *temp_filename=NULL, *lbuf=NULL, *abuf=NULL;
int boundary_len=0, total_bytes=0, cancel_upload=0, is_arr_upload=0,
array_len=0, max_file_size=0, skip_upload=0;
- zval *http_post_files=NULL;
+ zval *http_post_files=NULL; HashTable *uploaded_files=NULL;
#if HAVE_MBSTRING && !defined(COMPILE_DL_MBSTRING)
int str_len = 0, num_vars = 0, num_vars_max = 2*10, *len_list = NULL;
char **val_list = NULL;
@@ -811,8 +811,9 @@
/* Initialize $_FILES[] */
zend_hash_init(&PG(rfc1867_protected_variables), 5, NULL, NULL, 0);
- ALLOC_HASHTABLE(SG(rfc1867_uploaded_files));
- zend_hash_init(SG(rfc1867_uploaded_files), 5, NULL, (dtor_func_t)
free_estring, 0);
+ ALLOC_HASHTABLE(uploaded_files);
+ zend_hash_init(uploaded_files, 5, NULL, (dtor_func_t) free_estring, 0);
+ SG(rfc1867_uploaded_files) = uploaded_files;
ALLOC_ZVAL(http_post_files);
array_init(http_post_files);
http://cvs.php.net/diff.php/php-src/sapi/apache/mod_php4.c?r1=1.146.2.13&r2=1.146.2.14&ty=u
Index: php-src/sapi/apache/mod_php4.c
diff -u php-src/sapi/apache/mod_php4.c:1.146.2.13
php-src/sapi/apache/mod_php4.c:1.146.2.14
--- php-src/sapi/apache/mod_php4.c:1.146.2.13 Wed Jan 28 12:42:20 2004
+++ php-src/sapi/apache/mod_php4.c Wed Jul 21 12:25:28 2004
@@ -17,7 +17,7 @@
| PHP 4.0 patches by Zeev Suraski <[EMAIL PROTECTED]> |
+----------------------------------------------------------------------+
*/
-/* $Id: mod_php4.c,v 1.146.2.13 2004/01/28 17:42:20 rasmus Exp $ */
+/* $Id: mod_php4.c,v 1.146.2.14 2004/07/21 16:25:28 sesser Exp $ */
#include "php_apache_http.h"
#include "http_conf_globals.h"
@@ -465,7 +465,7 @@
request_rec *r = ((request_rec *) SG(server_context));
char *content_length = (char *) table_get(r->subprocess_env, "CONTENT_LENGTH");
const char *authorization=NULL;
- char *tmp;
+ char *tmp, *tmp_user;
SG(request_info).query_string = r->args;
SG(request_info).path_translated = r->filename;
@@ -482,15 +482,16 @@
&& (!PG(safe_mode) || (PG(safe_mode) && !auth_type(r)))
&& !strcasecmp(getword(r->pool, &authorization, ' '), "Basic")) {
tmp = uudecode(r->pool, authorization);
- SG(request_info).auth_user = getword_nulls_nc(r->pool, &tmp, ':');
- if (SG(request_info).auth_user) {
- r->connection->user = pstrdup(r->connection->pool,
SG(request_info).auth_user);
+ tmp_user = getword_nulls_nc(r->pool, &tmp, ':');
+ SG(request_info).auth_user = NULL;
+ if (tmp_user) {
+ r->connection->user = pstrdup(r->connection->pool, tmp_user);
r->connection->ap_auth_type = "Basic";
- SG(request_info).auth_user =
estrdup(SG(request_info).auth_user);
+ SG(request_info).auth_user = estrdup(tmp_user);
}
- SG(request_info).auth_password = tmp;
- if (SG(request_info).auth_password) {
- SG(request_info).auth_password =
estrdup(SG(request_info).auth_password);
+ SG(request_info).auth_password = NULL;
+ if (tmp) {
+ SG(request_info).auth_password = estrdup(tmp);
}
} else {
SG(request_info).auth_user = NULL;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
