[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/ext/mysqlnd/mysqlnd.c trunk/ext/mysqlnd/mysqlnd.c
andrey Mon, 06 Dec 2010 13:50:51 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=306008
Log:
don't crash if the API is used incorrectly
Changed paths:
U php/php-src/branches/PHP_5_3/ext/mysqlnd/mysqlnd.c
U php/php-src/trunk/ext/mysqlnd/mysqlnd.c
Modified: php/php-src/branches/PHP_5_3/ext/mysqlnd/mysqlnd.c
===
--- php/php-src/branches/PHP_5_3/ext/mysqlnd/mysqlnd.c 2010-12-06 13:12:16 UTC
(rev 306007)
+++ php/php-src/branches/PHP_5_3/ext/mysqlnd/mysqlnd.c 2010-12-06 13:50:51 UTC
(rev 306008)
@@ -1971,15 +1971,19 @@
}
}
if (ret == PASS) {
+ char * tmp = NULL;
+ /* if we get conn-user as parameter and then we first free it,
then estrndup it, we will crash */
+ tmp = mnd_pestrndup(user, user_len, conn-persistent);
if (conn-user) {
mnd_pefree(conn-user, conn-persistent);
}
- conn-user = mnd_pestrndup(user, user_len, conn-persistent);
+ conn-user = tmp;
+ tmp = mnd_pestrdup(passwd, conn-persistent);
if (conn-passwd) {
mnd_pefree(conn-passwd, conn-persistent);
}
- conn-passwd = mnd_pestrdup(passwd, conn-persistent);
+ conn-passwd = tmp;
if (conn-last_message) {
mnd_pefree(conn-last_message, conn-persistent);
Modified: php/php-src/trunk/ext/mysqlnd/mysqlnd.c
===
--- php/php-src/trunk/ext/mysqlnd/mysqlnd.c 2010-12-06 13:12:16 UTC (rev
306007)
+++ php/php-src/trunk/ext/mysqlnd/mysqlnd.c 2010-12-06 13:50:51 UTC (rev
306008)
@@ -1994,15 +1994,19 @@
}
}
if (ret == PASS) {
+ char * tmp = NULL;
+ /* if we get conn-user as parameter and then we first free it,
then estrndup it, we will crash */
+ tmp = mnd_pestrndup(user, user_len, conn-persistent);
if (conn-user) {
mnd_pefree(conn-user, conn-persistent);
}
- conn-user = mnd_pestrndup(user, user_len, conn-persistent);
+ conn-user = tmp;
+ tmp = mnd_pestrdup(passwd, conn-persistent);
if (conn-passwd) {
mnd_pefree(conn-passwd, conn-persistent);
}
- conn-passwd = mnd_pestrdup(passwd, conn-persistent);
+ conn-passwd = tmp;
if (conn-last_message) {
mnd_pefree(conn-last_message, conn-persistent);
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/ext/mysqlnd/mysqlnd_ps.c trunk/ext/mysqlnd/mysqlnd_ps.c
andrey Mon, 06 Dec 2010 13:59:14 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=306009
Log:
Skip additional result sets sent by MySQL 5.5 servers
which break the Protocol API
(see http://bugs.mysql.com/bug.php?id=58700)
Changed paths:
U php/php-src/branches/PHP_5_3/ext/mysqlnd/mysqlnd_ps.c
U php/php-src/trunk/ext/mysqlnd/mysqlnd_ps.c
Modified: php/php-src/branches/PHP_5_3/ext/mysqlnd/mysqlnd_ps.c
===
--- php/php-src/branches/PHP_5_3/ext/mysqlnd/mysqlnd_ps.c 2010-12-06
13:50:51 UTC (rev 306008)
+++ php/php-src/branches/PHP_5_3/ext/mysqlnd/mysqlnd_ps.c 2010-12-06
13:59:14 UTC (rev 306009)
@@ -225,10 +225,15 @@
DBG_RETURN(FAIL);
}
+ DBG_INF_FMT(server_status=%u cursor=%u,
stmt-upsert_status.server_status, stmt-upsert_status.server_status
SERVER_STATUS_CURSOR_EXISTS);
+ DBG_INF_FMT(server_status=%u cursor=%u,
conn-upsert_status.server_status, conn-upsert_status.server_status
SERVER_STATUS_CURSOR_EXISTS);
+
/* Free space for next result */
s-m-free_stmt_content(s TSRMLS_CC);
-
- DBG_RETURN(s-m-parse_execute_response(s TSRMLS_CC));
+ {
+ enum_func_status ret = s-m-parse_execute_response(s
TSRMLS_CC);
+ DBG_RETURN(ret);
+ }
}
/* }}} */
@@ -556,6 +561,14 @@
}
}
}
+#ifndef MYSQLND_DONT_SKIP_OUT_PARAMS_RESULTSET
+ if (stmt-upsert_status.server_status SERVER_PS_OUT_PARAMS) {
+ s-m-free_stmt_content(s TSRMLS_CC);
+ DBG_INF(PS OUT Variable RSet, skipping);
+ /* OUT params result set. Skip for now to retain compatibility
*/
+ ret = mysqlnd_stmt_execute_parse_response(s TSRMLS_CC);
+ }
+#endif
DBG_INF(ret == PASS? PASS:FAIL);
DBG_RETURN(ret);
@@ -701,6 +714,8 @@
ret = s-m-parse_execute_response(s TSRMLS_CC);
+ DBG_INF_FMT(server_status=%u cursor=%u,
stmt-upsert_status.server_status, stmt-upsert_status.server_status
SERVER_STATUS_CURSOR_EXISTS);
+
if (ret == PASS conn-last_query_type == QUERY_UPSERT
stmt-upsert_status.affected_rows) {
MYSQLND_INC_CONN_STATISTIC_W_VALUE(conn-stats,
STAT_ROWS_AFFECTED_PS, stmt-upsert_status.affected_rows);
}
Modified: php/php-src/trunk/ext/mysqlnd/mysqlnd_ps.c
===
--- php/php-src/trunk/ext/mysqlnd/mysqlnd_ps.c 2010-12-06 13:50:51 UTC (rev
306008)
+++ php/php-src/trunk/ext/mysqlnd/mysqlnd_ps.c 2010-12-06 13:59:14 UTC (rev
306009)
@@ -225,10 +225,15 @@
DBG_RETURN(FAIL);
}
+ DBG_INF_FMT(server_status=%u cursor=%u,
stmt-upsert_status.server_status, stmt-upsert_status.server_status
SERVER_STATUS_CURSOR_EXISTS);
+ DBG_INF_FMT(server_status=%u cursor=%u,
conn-upsert_status.server_status, conn-upsert_status.server_status
SERVER_STATUS_CURSOR_EXISTS);
+
/* Free space for next result */
s-m-free_stmt_content(s TSRMLS_CC);
-
- DBG_RETURN(s-m-parse_execute_response(s TSRMLS_CC));
+ {
+ enum_func_status ret = s-m-parse_execute_response(s
TSRMLS_CC);
+ DBG_RETURN(ret);
+ }
}
/* }}} */
@@ -556,6 +561,14 @@
}
}
}
+#ifndef MYSQLND_DONT_SKIP_OUT_PARAMS_RESULTSET
+ if (stmt-upsert_status.server_status SERVER_PS_OUT_PARAMS) {
+ s-m-free_stmt_content(s TSRMLS_CC);
+ DBG_INF(PS OUT Variable RSet, skipping);
+ /* OUT params result set. Skip for now to retain compatibility
*/
+ ret = mysqlnd_stmt_execute_parse_response(s TSRMLS_CC);
+ }
+#endif
DBG_INF(ret == PASS? PASS:FAIL);
DBG_RETURN(ret);
@@ -701,6 +714,8 @@
ret = s-m-parse_execute_response(s TSRMLS_CC);
+ DBG_INF_FMT(server_status=%u cursor=%u,
stmt-upsert_status.server_status, stmt-upsert_status.server_status
SERVER_STATUS_CURSOR_EXISTS);
+
if (ret == PASS conn-last_query_type == QUERY_UPSERT
stmt-upsert_status.affected_rows) {
MYSQLND_INC_CONN_STATISTIC_W_VALUE(conn-stats,
STAT_ROWS_AFFECTED_PS, stmt-upsert_status.affected_rows);
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /SVNROOT/ global_avail
pajoye Tue, 07 Dec 2010 00:23:04 + Revision: http://svn.php.net/viewvc?view=revisionrevision=306032 Log: - test karma for eyalt Changed paths: U SVNROOT/global_avail Modified: SVNROOT/global_avail === --- SVNROOT/global_avail2010-12-07 00:08:44 UTC (rev 306031) +++ SVNROOT/global_avail2010-12-07 00:23:04 UTC (rev 306032) @@ -240,7 +240,7 @@ avail|val|pecl/bcompiler,phpdoc avail|simenec,ttk|pecl/maxdb,phpdoc/en/reference avail|ksadlocha|pecl/simplesql -avail|michael,tomerc,rdohms,wimartin,odoucet|php/php-src/*/tests +avail|eyalt,michael,tomerc,rdohms,wimartin,odoucet|php/php-src/*/tests avail|blindman|pecl/colorer avail|mike|pecl/http avail|gabe|pecl/intercept -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_3/ NEWS
pajoye Tue, 07 Dec 2010 01:22:23 + Revision: http://svn.php.net/viewvc?view=revisionrevision=306036 Log: - add CVE Changed paths: U php/php-src/branches/PHP_5_3/NEWS Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2010-12-07 01:10:14 UTC (rev 306035) +++ php/php-src/branches/PHP_5_3/NEWS 2010-12-07 01:22:23 UTC (rev 306036) @@ -18,6 +18,7 @@ . Fixed bug #46587 (mt_rand() does not check that max is greater than min). (Ilia) . Fixed #53409 (sleep() returns NULL on Windows). (Pierre) + . Fixed #29085 (bad default include_path on Windows). (Pierre) - cURL extension: . Fixed bug #52828 (curl_setopt does not accept persistent streams). @@ -40,7 +41,7 @@ words). (Ilia) - Intl extension: - . Fixed crashes on invalid parameters in intl extension. (Stas, Maksymilian + . Fixed crashes on invalid parameters in intl extension. (CVE-2010-4409). (Stas, Maksymilian Arciemowicz) . Added support for formatting the timestamp stored in a DateTime object. (Stas) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
