[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/ext/mysqlnd/mysqlnd.c trunk/ext/mysqlnd/mysqlnd.c
andrey Mon, 06 Dec 2010 13:50:51 + Revision: http://svn.php.net/viewvc?view=revisionrevision=306008 Log: don't crash if the API is used incorrectly Changed paths: U php/php-src/branches/PHP_5_3/ext/mysqlnd/mysqlnd.c U php/php-src/trunk/ext/mysqlnd/mysqlnd.c Modified: php/php-src/branches/PHP_5_3/ext/mysqlnd/mysqlnd.c === --- php/php-src/branches/PHP_5_3/ext/mysqlnd/mysqlnd.c 2010-12-06 13:12:16 UTC (rev 306007) +++ php/php-src/branches/PHP_5_3/ext/mysqlnd/mysqlnd.c 2010-12-06 13:50:51 UTC (rev 306008) @@ -1971,15 +1971,19 @@ } } if (ret == PASS) { + char * tmp = NULL; + /* if we get conn-user as parameter and then we first free it, then estrndup it, we will crash */ + tmp = mnd_pestrndup(user, user_len, conn-persistent); if (conn-user) { mnd_pefree(conn-user, conn-persistent); } - conn-user = mnd_pestrndup(user, user_len, conn-persistent); + conn-user = tmp; + tmp = mnd_pestrdup(passwd, conn-persistent); if (conn-passwd) { mnd_pefree(conn-passwd, conn-persistent); } - conn-passwd = mnd_pestrdup(passwd, conn-persistent); + conn-passwd = tmp; if (conn-last_message) { mnd_pefree(conn-last_message, conn-persistent); Modified: php/php-src/trunk/ext/mysqlnd/mysqlnd.c === --- php/php-src/trunk/ext/mysqlnd/mysqlnd.c 2010-12-06 13:12:16 UTC (rev 306007) +++ php/php-src/trunk/ext/mysqlnd/mysqlnd.c 2010-12-06 13:50:51 UTC (rev 306008) @@ -1994,15 +1994,19 @@ } } if (ret == PASS) { + char * tmp = NULL; + /* if we get conn-user as parameter and then we first free it, then estrndup it, we will crash */ + tmp = mnd_pestrndup(user, user_len, conn-persistent); if (conn-user) { mnd_pefree(conn-user, conn-persistent); } - conn-user = mnd_pestrndup(user, user_len, conn-persistent); + conn-user = tmp; + tmp = mnd_pestrdup(passwd, conn-persistent); if (conn-passwd) { mnd_pefree(conn-passwd, conn-persistent); } - conn-passwd = mnd_pestrdup(passwd, conn-persistent); + conn-passwd = tmp; if (conn-last_message) { mnd_pefree(conn-last_message, conn-persistent); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/ext/mysqlnd/mysqlnd_ps.c trunk/ext/mysqlnd/mysqlnd_ps.c
andrey Mon, 06 Dec 2010 13:59:14 + Revision: http://svn.php.net/viewvc?view=revisionrevision=306009 Log: Skip additional result sets sent by MySQL 5.5 servers which break the Protocol API (see http://bugs.mysql.com/bug.php?id=58700) Changed paths: U php/php-src/branches/PHP_5_3/ext/mysqlnd/mysqlnd_ps.c U php/php-src/trunk/ext/mysqlnd/mysqlnd_ps.c Modified: php/php-src/branches/PHP_5_3/ext/mysqlnd/mysqlnd_ps.c === --- php/php-src/branches/PHP_5_3/ext/mysqlnd/mysqlnd_ps.c 2010-12-06 13:50:51 UTC (rev 306008) +++ php/php-src/branches/PHP_5_3/ext/mysqlnd/mysqlnd_ps.c 2010-12-06 13:59:14 UTC (rev 306009) @@ -225,10 +225,15 @@ DBG_RETURN(FAIL); } + DBG_INF_FMT(server_status=%u cursor=%u, stmt-upsert_status.server_status, stmt-upsert_status.server_status SERVER_STATUS_CURSOR_EXISTS); + DBG_INF_FMT(server_status=%u cursor=%u, conn-upsert_status.server_status, conn-upsert_status.server_status SERVER_STATUS_CURSOR_EXISTS); + /* Free space for next result */ s-m-free_stmt_content(s TSRMLS_CC); - - DBG_RETURN(s-m-parse_execute_response(s TSRMLS_CC)); + { + enum_func_status ret = s-m-parse_execute_response(s TSRMLS_CC); + DBG_RETURN(ret); + } } /* }}} */ @@ -556,6 +561,14 @@ } } } +#ifndef MYSQLND_DONT_SKIP_OUT_PARAMS_RESULTSET + if (stmt-upsert_status.server_status SERVER_PS_OUT_PARAMS) { + s-m-free_stmt_content(s TSRMLS_CC); + DBG_INF(PS OUT Variable RSet, skipping); + /* OUT params result set. Skip for now to retain compatibility */ + ret = mysqlnd_stmt_execute_parse_response(s TSRMLS_CC); + } +#endif DBG_INF(ret == PASS? PASS:FAIL); DBG_RETURN(ret); @@ -701,6 +714,8 @@ ret = s-m-parse_execute_response(s TSRMLS_CC); + DBG_INF_FMT(server_status=%u cursor=%u, stmt-upsert_status.server_status, stmt-upsert_status.server_status SERVER_STATUS_CURSOR_EXISTS); + if (ret == PASS conn-last_query_type == QUERY_UPSERT stmt-upsert_status.affected_rows) { MYSQLND_INC_CONN_STATISTIC_W_VALUE(conn-stats, STAT_ROWS_AFFECTED_PS, stmt-upsert_status.affected_rows); } Modified: php/php-src/trunk/ext/mysqlnd/mysqlnd_ps.c === --- php/php-src/trunk/ext/mysqlnd/mysqlnd_ps.c 2010-12-06 13:50:51 UTC (rev 306008) +++ php/php-src/trunk/ext/mysqlnd/mysqlnd_ps.c 2010-12-06 13:59:14 UTC (rev 306009) @@ -225,10 +225,15 @@ DBG_RETURN(FAIL); } + DBG_INF_FMT(server_status=%u cursor=%u, stmt-upsert_status.server_status, stmt-upsert_status.server_status SERVER_STATUS_CURSOR_EXISTS); + DBG_INF_FMT(server_status=%u cursor=%u, conn-upsert_status.server_status, conn-upsert_status.server_status SERVER_STATUS_CURSOR_EXISTS); + /* Free space for next result */ s-m-free_stmt_content(s TSRMLS_CC); - - DBG_RETURN(s-m-parse_execute_response(s TSRMLS_CC)); + { + enum_func_status ret = s-m-parse_execute_response(s TSRMLS_CC); + DBG_RETURN(ret); + } } /* }}} */ @@ -556,6 +561,14 @@ } } } +#ifndef MYSQLND_DONT_SKIP_OUT_PARAMS_RESULTSET + if (stmt-upsert_status.server_status SERVER_PS_OUT_PARAMS) { + s-m-free_stmt_content(s TSRMLS_CC); + DBG_INF(PS OUT Variable RSet, skipping); + /* OUT params result set. Skip for now to retain compatibility */ + ret = mysqlnd_stmt_execute_parse_response(s TSRMLS_CC); + } +#endif DBG_INF(ret == PASS? PASS:FAIL); DBG_RETURN(ret); @@ -701,6 +714,8 @@ ret = s-m-parse_execute_response(s TSRMLS_CC); + DBG_INF_FMT(server_status=%u cursor=%u, stmt-upsert_status.server_status, stmt-upsert_status.server_status SERVER_STATUS_CURSOR_EXISTS); + if (ret == PASS conn-last_query_type == QUERY_UPSERT stmt-upsert_status.affected_rows) { MYSQLND_INC_CONN_STATISTIC_W_VALUE(conn-stats, STAT_ROWS_AFFECTED_PS, stmt-upsert_status.affected_rows); } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /SVNROOT/ global_avail
pajoye Tue, 07 Dec 2010 00:23:04 + Revision: http://svn.php.net/viewvc?view=revisionrevision=306032 Log: - test karma for eyalt Changed paths: U SVNROOT/global_avail Modified: SVNROOT/global_avail === --- SVNROOT/global_avail2010-12-07 00:08:44 UTC (rev 306031) +++ SVNROOT/global_avail2010-12-07 00:23:04 UTC (rev 306032) @@ -240,7 +240,7 @@ avail|val|pecl/bcompiler,phpdoc avail|simenec,ttk|pecl/maxdb,phpdoc/en/reference avail|ksadlocha|pecl/simplesql -avail|michael,tomerc,rdohms,wimartin,odoucet|php/php-src/*/tests +avail|eyalt,michael,tomerc,rdohms,wimartin,odoucet|php/php-src/*/tests avail|blindman|pecl/colorer avail|mike|pecl/http avail|gabe|pecl/intercept -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_3/ NEWS
pajoye Tue, 07 Dec 2010 01:22:23 + Revision: http://svn.php.net/viewvc?view=revisionrevision=306036 Log: - add CVE Changed paths: U php/php-src/branches/PHP_5_3/NEWS Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2010-12-07 01:10:14 UTC (rev 306035) +++ php/php-src/branches/PHP_5_3/NEWS 2010-12-07 01:22:23 UTC (rev 306036) @@ -18,6 +18,7 @@ . Fixed bug #46587 (mt_rand() does not check that max is greater than min). (Ilia) . Fixed #53409 (sleep() returns NULL on Windows). (Pierre) + . Fixed #29085 (bad default include_path on Windows). (Pierre) - cURL extension: . Fixed bug #52828 (curl_setopt does not accept persistent streams). @@ -40,7 +41,7 @@ words). (Ilia) - Intl extension: - . Fixed crashes on invalid parameters in intl extension. (Stas, Maksymilian + . Fixed crashes on invalid parameters in intl extension. (CVE-2010-4409). (Stas, Maksymilian Arciemowicz) . Added support for formatting the timestamp stored in a DateTime object. (Stas) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php