sesser Wed Jul 21 12:25:28 2004 EDT Modified files: (Branch: PHP_4_3) /php-src/ext/mssql php_mssql.c /php-src/ext/session session.c /php-src/ext/sybase php_sybase_db.c /php-src/ext/sybase_ct php_sybase_ct.c /php-src/ext/w32api w32api.c /php-src/main main.c rfc1867.c /php-src/sapi/apache mod_php4.c Log: Merge all not yet merged security fixes into the 4_3 branch
http://cvs.php.net/diff.php/php-src/ext/mssql/php_mssql.c?r1=1.86.2.34&r2=1.86.2.35&ty=u Index: php-src/ext/mssql/php_mssql.c diff -u php-src/ext/mssql/php_mssql.c:1.86.2.34 php-src/ext/mssql/php_mssql.c:1.86.2.35 --- php-src/ext/mssql/php_mssql.c:1.86.2.34 Wed Jun 30 15:47:18 2004 +++ php-src/ext/mssql/php_mssql.c Wed Jul 21 12:25:27 2004 @@ -16,7 +16,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: php_mssql.c,v 1.86.2.34 2004/06/30 19:47:18 fmk Exp $ */ +/* $Id: php_mssql.c,v 1.86.2.35 2004/07/21 16:25:27 sesser Exp $ */ #ifdef COMPILE_DL_MSSQL #define HAVE_MSSQL 1 @@ -344,6 +344,7 @@ PHP_RSHUTDOWN_FUNCTION(mssql) { STR_FREE(MS_SQL_G(appname)); + MS_SQL_G(appname) = NULL; if (MS_SQL_G(server_message)) { STR_FREE(MS_SQL_G(server_message)); MS_SQL_G(server_message) = NULL; http://cvs.php.net/diff.php/php-src/ext/session/session.c?r1=1.336.2.40&r2=1.336.2.41&ty=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.336.2.40 php-src/ext/session/session.c:1.336.2.41 --- php-src/ext/session/session.c:1.336.2.40 Wed Jun 23 12:29:16 2004 +++ php-src/ext/session/session.c Wed Jul 21 12:25:27 2004 @@ -17,7 +17,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: session.c,v 1.336.2.40 2004/06/23 16:29:16 sas Exp $ */ +/* $Id: session.c,v 1.336.2.41 2004/07/21 16:25:27 sesser Exp $ */ #ifdef HAVE_CONFIG_H #include "config.h" @@ -503,13 +503,16 @@ static void php_session_track_init(TSRMLS_D) { + zval *session_vars = NULL; + /* Unconditionally destroy existing arrays -- possible dirty data */ zend_hash_del(&EG(symbol_table), "HTTP_SESSION_VARS", sizeof("HTTP_SESSION_VARS")); zend_hash_del(&EG(symbol_table), "_SESSION", sizeof("_SESSION")); - MAKE_STD_ZVAL(PS(http_session_vars)); - array_init(PS(http_session_vars)); + MAKE_STD_ZVAL(session_vars); + array_init(session_vars); + PS(http_session_vars) = session_vars; ZEND_SET_GLOBAL_VAR_WITH_LENGTH("HTTP_SESSION_VARS", sizeof("HTTP_SESSION_VARS"), PS(http_session_vars), 2, 1); ZEND_SET_GLOBAL_VAR_WITH_LENGTH("_SESSION", sizeof("_SESSION"), PS(http_session_vars), 2, 1); http://cvs.php.net/diff.php/php-src/ext/sybase/php_sybase_db.c?r1=1.38.2.16&r2=1.38.2.17&ty=u Index: php-src/ext/sybase/php_sybase_db.c diff -u php-src/ext/sybase/php_sybase_db.c:1.38.2.16 php-src/ext/sybase/php_sybase_db.c:1.38.2.17 --- php-src/ext/sybase/php_sybase_db.c:1.38.2.16 Fri Apr 16 12:27:57 2004 +++ php-src/ext/sybase/php_sybase_db.c Wed Jul 21 12:25:27 2004 @@ -20,7 +20,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: php_sybase_db.c,v 1.38.2.16 2004/04/16 16:27:57 thetaphi Exp $ */ +/* $Id: php_sybase_db.c,v 1.38.2.17 2004/07/21 16:25:27 sesser Exp $ */ #ifdef HAVE_CONFIG_H @@ -297,7 +297,9 @@ PHP_RSHUTDOWN_FUNCTION(sybase) { efree(php_sybase_module.appname); + php_sybase_module.appname = NULL; STR_FREE(php_sybase_module.server_message); + php_sybase_module.server_message = NULL; return SUCCESS; } http://cvs.php.net/diff.php/php-src/ext/sybase_ct/php_sybase_ct.c?r1=1.73.2.17&r2=1.73.2.18&ty=u Index: php-src/ext/sybase_ct/php_sybase_ct.c diff -u php-src/ext/sybase_ct/php_sybase_ct.c:1.73.2.17 php-src/ext/sybase_ct/php_sybase_ct.c:1.73.2.18 --- php-src/ext/sybase_ct/php_sybase_ct.c:1.73.2.17 Mon Jul 12 17:07:21 2004 +++ php-src/ext/sybase_ct/php_sybase_ct.c Wed Jul 21 12:25:27 2004 @@ -18,7 +18,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: php_sybase_ct.c,v 1.73.2.17 2004/07/12 21:07:21 thekid Exp $ */ +/* $Id: php_sybase_ct.c,v 1.73.2.18 2004/07/21 16:25:27 sesser Exp $ */ #ifdef HAVE_CONFIG_H @@ -458,11 +458,13 @@ PHP_RSHUTDOWN_FUNCTION(sybase) { efree(SybCtG(appname)); + SybCtG(appname) = NULL; if (SybCtG(callback_name)) { zval_ptr_dtor(&SybCtG(callback_name)); SybCtG(callback_name)= NULL; } STR_FREE(SybCtG(server_message)); + SybCtG(server_message) = NULL; return SUCCESS; } http://cvs.php.net/diff.php/php-src/ext/w32api/w32api.c?r1=1.5.2.3&r2=1.5.2.4&ty=u Index: php-src/ext/w32api/w32api.c diff -u php-src/ext/w32api/w32api.c:1.5.2.3 php-src/ext/w32api/w32api.c:1.5.2.4 --- php-src/ext/w32api/w32api.c:1.5.2.3 Sat Jun 19 11:09:47 2004 +++ php-src/ext/w32api/w32api.c Wed Jul 21 12:25:27 2004 @@ -16,7 +16,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: w32api.c,v 1.5.2.3 2004/06/19 15:09:47 sesser Exp $ */ +/* $Id: w32api.c,v 1.5.2.4 2004/07/21 16:25:27 sesser Exp $ */ /* * Win32 API Extension for PHP 4 @@ -290,20 +290,26 @@ */ PHP_RINIT_FUNCTION(w32api) { + HashTable *tmp; + WG(funcs) = WG(libraries) = WG(callbacks) = WG(types) = NULL; + /* Allocate Request Specific HT's here */ - ALLOC_HASHTABLE(WG(funcs)); - zend_hash_init(WG(funcs), 1, NULL, php_w32api_hash_func_dtor, 1); - - ALLOC_HASHTABLE(WG(libraries)); - zend_hash_init(WG(libraries), 1, NULL, php_w32api_hash_lib_dtor, 1); - - ALLOC_HASHTABLE(WG(callbacks)); - zend_hash_init(WG(callbacks), 1, NULL, php_w32api_hash_callback_dtor, 1); - - ALLOC_HASHTABLE(WG(types)); - zend_hash_init(WG(types), 1, NULL, php_w32api_hash_type_dtor, 1); - + ALLOC_HASHTABLE(tmp); + zend_hash_init(tmp, 1, NULL, php_w32api_hash_func_dtor, 1); + WG(funcs) = tmp; + + ALLOC_HASHTABLE(tmp); + zend_hash_init(tmp, 1, NULL, php_w32api_hash_lib_dtor, 1); + WG(libraries) = tmp; + + ALLOC_HASHTABLE(tmp); + zend_hash_init(tmp, 1, NULL, php_w32api_hash_callback_dtor, 1); + WG(callbacks) = tmp; + + ALLOC_HASHTABLE(tmp); + zend_hash_init(tmp, 1, NULL, php_w32api_hash_type_dtor, 1); + WG(types) = tmp; return SUCCESS; @@ -330,6 +336,7 @@ zend_hash_destroy(WG(types)); FREE_HASHTABLE(WG(types)); + WG(funcs) = WG(libraries) = WG(callbacks) = WG(types) = NULL; return SUCCESS; } http://cvs.php.net/diff.php/php-src/main/main.c?r1=1.512.2.53&r2=1.512.2.54&ty=u Index: php-src/main/main.c diff -u php-src/main/main.c:1.512.2.53 php-src/main/main.c:1.512.2.54 --- php-src/main/main.c:1.512.2.53 Sun Feb 8 23:05:56 2004 +++ php-src/main/main.c Wed Jul 21 12:25:28 2004 @@ -18,7 +18,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: main.c,v 1.512.2.53 2004/02/09 04:05:56 iliaa Exp $ */ +/* $Id: main.c,v 1.512.2.54 2004/07/21 16:25:28 sesser Exp $ */ /* {{{ includes */ @@ -1369,6 +1369,7 @@ int _gpc_flags[5] = {0, 0, 0, 0, 0}; zend_bool have_variables_order; zval *dummy_track_vars_array = NULL; + zval *env_vars = NULL; zend_bool initialized_dummy_track_vars_array=0; int i; char *variables_order; @@ -1401,9 +1402,10 @@ } else { variables_order = PG(gpc_order); have_variables_order=0; - ALLOC_ZVAL(PG(http_globals)[TRACK_VARS_ENV]); - array_init(PG(http_globals)[TRACK_VARS_ENV]); - INIT_PZVAL(PG(http_globals)[TRACK_VARS_ENV]); + ALLOC_ZVAL(env_vars); + array_init(env_vars); + INIT_PZVAL(env_vars); + PG(http_globals)[TRACK_VARS_ENV] = env_vars; php_import_environment_variables(PG(http_globals)[TRACK_VARS_ENV] TSRMLS_CC); if (PG(register_globals)) { php_autoglobal_merge(&EG(symbol_table), Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_ENV]) TSRMLS_CC); @@ -1446,9 +1448,10 @@ case 'E': if (!_gpc_flags[3]) { if (have_variables_order) { - ALLOC_ZVAL(PG(http_globals)[TRACK_VARS_ENV]); - array_init(PG(http_globals)[TRACK_VARS_ENV]); - INIT_PZVAL(PG(http_globals)[TRACK_VARS_ENV]); + ALLOC_ZVAL(env_vars); + array_init(env_vars); + INIT_PZVAL(env_vars); + PG(http_globals)[TRACK_VARS_ENV] = env_vars; php_import_environment_variables(PG(http_globals)[TRACK_VARS_ENV] TSRMLS_CC); if (PG(register_globals)) { php_autoglobal_merge(&EG(symbol_table), Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_ENV]) TSRMLS_CC); http://cvs.php.net/diff.php/php-src/main/rfc1867.c?r1=1.122.2.21&r2=1.122.2.22&ty=u Index: php-src/main/rfc1867.c diff -u php-src/main/rfc1867.c:1.122.2.21 php-src/main/rfc1867.c:1.122.2.22 --- php-src/main/rfc1867.c:1.122.2.21 Sun May 23 06:15:24 2004 +++ php-src/main/rfc1867.c Wed Jul 21 12:25:28 2004 @@ -16,7 +16,7 @@ | Jani Taskinen <[EMAIL PROTECTED]> | +----------------------------------------------------------------------+ */ -/* $Id: rfc1867.c,v 1.122.2.21 2004/05/23 10:15:24 sesser Exp $ */ +/* $Id: rfc1867.c,v 1.122.2.22 2004/07/21 16:25:28 sesser Exp $ */ /* * This product includes software developed by the Apache Group @@ -760,7 +760,7 @@ char *boundary, *s=NULL, *boundary_end = NULL, *start_arr=NULL, *array_index=NULL; char *temp_filename=NULL, *lbuf=NULL, *abuf=NULL; int boundary_len=0, total_bytes=0, cancel_upload=0, is_arr_upload=0, array_len=0, max_file_size=0, skip_upload=0; - zval *http_post_files=NULL; + zval *http_post_files=NULL; HashTable *uploaded_files=NULL; #if HAVE_MBSTRING && !defined(COMPILE_DL_MBSTRING) int str_len = 0, num_vars = 0, num_vars_max = 2*10, *len_list = NULL; char **val_list = NULL; @@ -811,8 +811,9 @@ /* Initialize $_FILES[] */ zend_hash_init(&PG(rfc1867_protected_variables), 5, NULL, NULL, 0); - ALLOC_HASHTABLE(SG(rfc1867_uploaded_files)); - zend_hash_init(SG(rfc1867_uploaded_files), 5, NULL, (dtor_func_t) free_estring, 0); + ALLOC_HASHTABLE(uploaded_files); + zend_hash_init(uploaded_files, 5, NULL, (dtor_func_t) free_estring, 0); + SG(rfc1867_uploaded_files) = uploaded_files; ALLOC_ZVAL(http_post_files); array_init(http_post_files); http://cvs.php.net/diff.php/php-src/sapi/apache/mod_php4.c?r1=1.146.2.13&r2=1.146.2.14&ty=u Index: php-src/sapi/apache/mod_php4.c diff -u php-src/sapi/apache/mod_php4.c:1.146.2.13 php-src/sapi/apache/mod_php4.c:1.146.2.14 --- php-src/sapi/apache/mod_php4.c:1.146.2.13 Wed Jan 28 12:42:20 2004 +++ php-src/sapi/apache/mod_php4.c Wed Jul 21 12:25:28 2004 @@ -17,7 +17,7 @@ | PHP 4.0 patches by Zeev Suraski <[EMAIL PROTECTED]> | +----------------------------------------------------------------------+ */ -/* $Id: mod_php4.c,v 1.146.2.13 2004/01/28 17:42:20 rasmus Exp $ */ +/* $Id: mod_php4.c,v 1.146.2.14 2004/07/21 16:25:28 sesser Exp $ */ #include "php_apache_http.h" #include "http_conf_globals.h" @@ -465,7 +465,7 @@ request_rec *r = ((request_rec *) SG(server_context)); char *content_length = (char *) table_get(r->subprocess_env, "CONTENT_LENGTH"); const char *authorization=NULL; - char *tmp; + char *tmp, *tmp_user; SG(request_info).query_string = r->args; SG(request_info).path_translated = r->filename; @@ -482,15 +482,16 @@ && (!PG(safe_mode) || (PG(safe_mode) && !auth_type(r))) && !strcasecmp(getword(r->pool, &authorization, ' '), "Basic")) { tmp = uudecode(r->pool, authorization); - SG(request_info).auth_user = getword_nulls_nc(r->pool, &tmp, ':'); - if (SG(request_info).auth_user) { - r->connection->user = pstrdup(r->connection->pool, SG(request_info).auth_user); + tmp_user = getword_nulls_nc(r->pool, &tmp, ':'); + SG(request_info).auth_user = NULL; + if (tmp_user) { + r->connection->user = pstrdup(r->connection->pool, tmp_user); r->connection->ap_auth_type = "Basic"; - SG(request_info).auth_user = estrdup(SG(request_info).auth_user); + SG(request_info).auth_user = estrdup(tmp_user); } - SG(request_info).auth_password = tmp; - if (SG(request_info).auth_password) { - SG(request_info).auth_password = estrdup(SG(request_info).auth_password); + SG(request_info).auth_password = NULL; + if (tmp) { + SG(request_info).auth_password = estrdup(tmp); } } else { SG(request_info).auth_user = NULL;
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php