[PHP-CVS] com php-src: comment for the #else: ext/mysqlnd/mysqlnd_debug.h
Commit:68536a41672ead2d2872af01af4d4167c47366c0
Author:andrey and...@php.net Mon, 7 May 2012 13:55:40 +0200
Parents: 9927cc5f4b0e626e601d542b0b50e82c54650ac8
Branches: master
Link:
http://git.php.net/?p=php-src.git;a=commitdiff;h=68536a41672ead2d2872af01af4d4167c47366c0
Log:
comment for the #else
Changed paths:
M ext/mysqlnd/mysqlnd_debug.h
Diff:
diff --git a/ext/mysqlnd/mysqlnd_debug.h b/ext/mysqlnd/mysqlnd_debug.h
index d805178..3372e73 100644
--- a/ext/mysqlnd/mysqlnd_debug.h
+++ b/ext/mysqlnd/mysqlnd_debug.h
@@ -141,7 +141,7 @@ PHPAPI char * mysqlnd_get_backtrace(uint max_levels, size_t
* length TSRMLS_DC);
-#else
+#else /* defined(__GNUC__) || (defined(_MSC_VER) (_MSC_VER = 1400)) */
static inline void DBG_INF_EX(MYSQLND_DEBUG * dbg_obj, const char * const msg)
{}
static inline void DBG_ERR_EX(MYSQLND_DEBUG * dbg_obj, const char * const msg)
{}
static inline void DBG_INF_FMT_EX(MYSQLND_DEBUG * dbg_obj, ...) {}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: these methods should return a stream. This makes it easier to intercept the return value: ext/mysqlnd/mysqlnd_net.c ext/mysqlnd/mysqlnd_structs.h
Commit:c75cbd62dda8a1fab2a0e68ed07ea73ca5e2b1d2
Author:andrey and...@php.net Mon, 7 May 2012 15:32:00 +0200
Parents: 68536a41672ead2d2872af01af4d4167c47366c0
Branches: master
Link:
http://git.php.net/?p=php-src.git;a=commitdiff;h=c75cbd62dda8a1fab2a0e68ed07ea73ca5e2b1d2
Log:
these methods should return a stream. This makes it easier to intercept
the return value
Changed paths:
M ext/mysqlnd/mysqlnd_net.c
M ext/mysqlnd/mysqlnd_structs.h
Diff:
diff --git a/ext/mysqlnd/mysqlnd_net.c b/ext/mysqlnd/mysqlnd_net.c
index b2fe662..a641a41 100644
--- a/ext/mysqlnd/mysqlnd_net.c
+++ b/ext/mysqlnd/mysqlnd_net.c
@@ -105,7 +105,7 @@ MYSQLND_METHOD(mysqlnd_net, network_write_ex)(MYSQLND_NET *
const net, const zen
/* }}} */
/* {{{ mysqlnd_net::open_pipe */
-static enum_func_status
+static php_stream *
MYSQLND_METHOD(mysqlnd_net, open_pipe)(MYSQLND_NET * const net, const char *
const scheme, const size_t scheme_len,
const zend_bool persistent,
MYSQLND_STATS * const conn_stats, MYSQLND_ERROR_INFO * const error_info
TSRMLS_DC)
@@ -125,7 +125,7 @@ MYSQLND_METHOD(mysqlnd_net, open_pipe)(MYSQLND_NET * const
net, const char * con
net_stream = php_stream_open_wrapper((char*) scheme + sizeof(pipe://)
- 1, r+, streams_options, NULL);
if (!net_stream) {
SET_CLIENT_ERROR(*error_info, CR_CONNECTION_ERROR,
UNKNOWN_SQLSTATE, Unknown errror while connecting);
- DBG_RETURN(FAIL);
+ DBG_RETURN(NULL);
}
/*
Streams are not meant for C extensions! Thus we need a hack. Every
connected stream will
@@ -136,15 +136,14 @@ MYSQLND_METHOD(mysqlnd_net, open_pipe)(MYSQLND_NET *
const net, const char * con
zend_hash_index_del(EG(regular_list), net_stream-rsrc_id);
net_stream-in_free = 0;
- (void) net-data-m.set_stream(net, net_stream TSRMLS_CC);
- DBG_RETURN(PASS);
+ DBG_RETURN(net_stream);
}
/* }}} */
/* {{{ mysqlnd_net::open_tcp_or_unix */
-static enum_func_status
+static php_stream *
MYSQLND_METHOD(mysqlnd_net, open_tcp_or_unix)(MYSQLND_NET * const net, const
char * const scheme, const size_t scheme_len,
const zend_bool persistent,
MYSQLND_STATS * const conn_stats, MYSQLND_ERROR_INFO * const
error_info TSRMLS_DC)
@@ -191,7 +190,7 @@ MYSQLND_METHOD(mysqlnd_net, open_tcp_or_unix)(MYSQLND_NET *
const net, const cha
/* no mnd_ since we don't allocate it */
efree(errstr);
}
- DBG_RETURN(FAIL);
+ DBG_RETURN(NULL);
}
if (hashed_details) {
/*
@@ -227,8 +226,7 @@ MYSQLND_METHOD(mysqlnd_net, open_tcp_or_unix)(MYSQLND_NET *
const net, const cha
zend_hash_index_del(EG(regular_list), net_stream-rsrc_id);
net_stream-in_free = 0;
- (void) net-data-m.set_stream(net, net_stream TSRMLS_CC);
- DBG_RETURN(PASS);
+ DBG_RETURN(net_stream);
}
/* }}} */
@@ -300,8 +298,11 @@ MYSQLND_METHOD(mysqlnd_net, connect_ex)(MYSQLND_NET *
const net, const char * co
open_stream = net-data-m.get_open_stream(net, scheme, scheme_len,
error_info TSRMLS_CC);
if (open_stream) {
- if (PASS == (ret = open_stream(net, scheme, scheme_len,
persistent, conn_stats, error_info TSRMLS_CC))) {
+ php_stream * net_stream = open_stream(net, scheme, scheme_len,
persistent, conn_stats, error_info TSRMLS_CC);
+ if (net_stream) {
+ (void) net-data-m.set_stream(net, net_stream
TSRMLS_CC);
net-data-m.post_connect_set_opt(net, scheme,
scheme_len, conn_stats, error_info TSRMLS_CC);
+ ret = PASS;
}
}
diff --git a/ext/mysqlnd/mysqlnd_structs.h b/ext/mysqlnd/mysqlnd_structs.h
index 6dcb8b3..b355a0d 100644
--- a/ext/mysqlnd/mysqlnd_structs.h
+++ b/ext/mysqlnd/mysqlnd_structs.h
@@ -283,7 +283,7 @@ typedef enum_func_status
(*func_mysqlnd_net__init)(MYSQLND_NET * const net, MYSQ
typedef void (*func_mysqlnd_net__dtor)(MYSQLND_NET *
const net, MYSQLND_STATS * const conn_stats, MYSQLND_ERROR_INFO * const
error_info TSRMLS_DC);
typedef enum_func_status (*func_mysqlnd_net__connect_ex)(MYSQLND_NET *
const net, const char * const scheme, const size_t scheme_len, const zend_bool
persistent, MYSQLND_STATS * const conn_stats, MYSQLND_ERROR_INFO * const
error_info TSRMLS_DC);
typedef void
(*func_mysqlnd_net__close_stream)(MYSQLND_NET * const net, MYSQLND_STATS *
const conn_stats, MYSQLND_ERROR_INFO * const error_info TSRMLS_DC);
[PHP-CVS] com php-src: Fix bug 61903 ext\phar\tests\tar\phar_commitwrite.phpt fails: ext/phar/tests/tar/phar_commitwrite.phpt
Commit:ce59121c5f3f67f570f462e93354de0cff1bd31a Author:Anatoliy Belsky a...@php.net Mon, 7 May 2012 15:37:29 +0200 Parents: 99076bc24fae6b159c783e4772b0eaf046b5dc2e Branches: PHP-5.3 PHP-5.4 master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=ce59121c5f3f67f570f462e93354de0cff1bd31a Log: Fix bug 61903 ext\phar\tests\tar\phar_commitwrite.phpt fails Bugs: https://bugs.php.net/61903 Changed paths: M ext/phar/tests/tar/phar_commitwrite.phpt Diff: diff --git a/ext/phar/tests/tar/phar_commitwrite.phpt b/ext/phar/tests/tar/phar_commitwrite.phpt index b926b9a..262ea1d 100644 --- a/ext/phar/tests/tar/phar_commitwrite.phpt +++ b/ext/phar/tests/tar/phar_commitwrite.phpt @@ -5,6 +5,9 @@ Phar::setStub()/stopBuffering() tar-based --INI-- phar.require_hash=0 phar.readonly=0 +--ENV-- +TEMP=. +TMP=. --FILE-- ?php $p = new Phar(dirname(__FILE__) . '/brandnewphar.phar.tar', 0, 'brandnewphar.phar'); @@ -41,4 +44,4 @@ include 'phar://brandnewphar.phar/startup.php'; __HALT_COMPILER(); ? bool(true) -===DONE=== \ No newline at end of file +===DONE=== -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Fix bug 61905 ext\phar\tests\zip\phar_commitwrite.phpt fails: ext/phar/tests/zip/phar_commitwrite.phpt
Commit:2068419ae5c24781714e9d60c4baf64d254d573d Author:Anatoliy Belsky a...@php.net Mon, 7 May 2012 15:39:07 +0200 Parents: ce59121c5f3f67f570f462e93354de0cff1bd31a Branches: PHP-5.3 PHP-5.4 master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=2068419ae5c24781714e9d60c4baf64d254d573d Log: Fix bug 61905 ext\phar\tests\zip\phar_commitwrite.phpt fails Bugs: https://bugs.php.net/61905 Changed paths: M ext/phar/tests/zip/phar_commitwrite.phpt Diff: diff --git a/ext/phar/tests/zip/phar_commitwrite.phpt b/ext/phar/tests/zip/phar_commitwrite.phpt index 84bccb9..4e18a6b 100644 --- a/ext/phar/tests/zip/phar_commitwrite.phpt +++ b/ext/phar/tests/zip/phar_commitwrite.phpt @@ -5,6 +5,9 @@ Phar::setStub()/stopBuffering() zip-based --INI-- phar.require_hash=0 phar.readonly=0 +--ENV-- +TEMP=. +TMP=. --FILE-- ?php $p = new Phar(dirname(__FILE__) . '/brandnewphar.phar.zip', 0, 'brandnewphar.phar'); @@ -41,4 +44,4 @@ include 'phar://brandnewphar.phar/startup.php'; __HALT_COMPILER(); ? bool(true) -===DONE=== \ No newline at end of file +===DONE=== -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Merge branch 'PHP-5.3' into PHP-5.4: sapi/cgi/cgi_main.c
Commit:36587ff335612e4dfe4723dab47954718f5a2878 Author:Stanislav Malyshev s...@php.net Mon, 7 May 2012 12:10:36 -0700 Parents: 0556103f6a347308351436897b3b632450504dd0 7de4b75f74a817c3fead32710e04cd015bcc5360 Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=36587ff335612e4dfe4723dab47954718f5a2878 Log: Merge branch 'PHP-5.3' into PHP-5.4 * PHP-5.3: improve fix for CVE-2012-1823 Fix for CVE-2012-1823 Changed paths: MM sapi/cgi/cgi_main.c Diff: -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Merge branch 'PHP-5.4': sapi/cgi/cgi_main.c
Commit:857fc1b473f5d27ed5ea6aa78420498dbb71c6b6 Author:Stanislav Malyshev s...@php.net Mon, 7 May 2012 12:12:48 -0700 Parents: 2c505ecc57092cac1cd554fd0f645c5f05db9f65 36587ff335612e4dfe4723dab47954718f5a2878 Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=857fc1b473f5d27ed5ea6aa78420498dbb71c6b6 Log: Merge branch 'PHP-5.4' * PHP-5.4: improve fix for CVE-2012-1823 Fix for CVE-2012-1823 Changed paths: MM sapi/cgi/cgi_main.c Diff: -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: improve fix for CVE-2012-1823: sapi/cgi/cgi_main.c
Commit:7de4b75f74a817c3fead32710e04cd015bcc5360
Author:Stanislav Malyshev s...@php.net Mon, 7 May 2012 12:08:36
-0700
Parents: 004941af15674eeb5d12b8459b8ff50c25758150
Branches: master
Link:
http://git.php.net/?p=php-src.git;a=commitdiff;h=7de4b75f74a817c3fead32710e04cd015bcc5360
Log:
improve fix for CVE-2012-1823
Changed paths:
M sapi/cgi/cgi_main.c
Diff:
diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c
index 760ad66..a7ac26f 100644
--- a/sapi/cgi/cgi_main.c
+++ b/sapi/cgi/cgi_main.c
@@ -1561,10 +1561,15 @@ int main(int argc, char *argv[])
}
}
- if(query_string = getenv(QUERY_STRING)) {
+ if((query_string = getenv(QUERY_STRING)) != NULL
strchr(query_string, '=') == NULL) {
+ /* we've got query string that has no = - apache CGI will pass
it to command line */
+ unsigned char *p;
decoded_query_string = strdup(query_string);
php_url_decode(decoded_query_string,
strlen(decoded_query_string));
- if(*decoded_query_string == '-' strchr(decoded_query_string,
'=') == NULL) {
+ for (p = decoded_query_string; *p *p = ' '; p++) {
+ /* skip all leading spaces */
+ }
+ if(*p == '-') {
skip_getopt = 1;
}
free(decoded_query_string);
@@ -1819,7 +1824,7 @@ consult the installation file that came with this
distribution, or visit \n\
}
zend_first_try {
- while ((c = php_getopt(argc, argv, OPTIONS, php_optarg,
php_optind, 1, 2)) != -1) {
+ while (!skip_getopt (c = php_getopt(argc, argv, OPTIONS,
php_optarg, php_optind, 1, 2)) != -1) {
switch (c) {
case 'T':
benchmark = 1;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: improve fix for CVE-2012-1823: sapi/cgi/cgi_main.c
Commit:fc3ba0552fd5c2d7b5870f3e2fec0a9a2d2996f4
Author:Stanislav Malyshev s...@php.net Mon, 7 May 2012 12:08:36
-0700
Parents: 64170aa3a564331c22c8647e067b22cb274f6601
Branches: PHP-5.4.3
Link:
http://git.php.net/?p=php-src.git;a=commitdiff;h=fc3ba0552fd5c2d7b5870f3e2fec0a9a2d2996f4
Log:
improve fix for CVE-2012-1823
Changed paths:
M sapi/cgi/cgi_main.c
Diff:
diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c
index 84e0d63..71404a4 100644
--- a/sapi/cgi/cgi_main.c
+++ b/sapi/cgi/cgi_main.c
@@ -1806,10 +1806,15 @@ int main(int argc, char *argv[])
}
}
- if(query_string = getenv(QUERY_STRING)) {
+ if((query_string = getenv(QUERY_STRING)) != NULL
strchr(query_string, '=') == NULL) {
+ /* we've got query string that has no = - apache CGI will pass
it to command line */
+ unsigned char *p;
decoded_query_string = strdup(query_string);
php_url_decode(decoded_query_string,
strlen(decoded_query_string));
- if(*decoded_query_string == '-' strchr(decoded_query_string,
'=') == NULL) {
+ for (p = decoded_query_string; *p *p = ' '; p++) {
+ /* skip all leading spaces */
+ }
+ if(*p == '-') {
skip_getopt = 1;
}
free(decoded_query_string);
@@ -2073,7 +2078,7 @@ consult the installation file that came with this
distribution, or visit \n\
}
zend_first_try {
- while ((c = php_getopt(argc, argv, OPTIONS, php_optarg,
php_optind, 1, 2)) != -1) {
+ while (!skip_getopt (c = php_getopt(argc, argv, OPTIONS,
php_optarg, php_optind, 1, 2)) != -1) {
switch (c) {
case 'T':
benchmark = 1;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Fix for CVE-2012-1823: sapi/cgi/cgi_main.c
Commit:004941af15674eeb5d12b8459b8ff50c25758150
Author:Rasmus Lerdorf ras...@php.net Thu, 3 May 2012 15:51:52
+0200
Committer: Stanislav Malyshev s...@php.net Mon, 7 May 2012 12:06:45 -0700
Parents: 72507d38fb6701471053ef6bee65dfbe63184ec9
Branches: master
Link:
http://git.php.net/?p=php-src.git;a=commitdiff;h=004941af15674eeb5d12b8459b8ff50c25758150
Log:
Fix for CVE-2012-1823
Changed paths:
M sapi/cgi/cgi_main.c
Diff:
diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c
index 56c736f..760ad66 100644
--- a/sapi/cgi/cgi_main.c
+++ b/sapi/cgi/cgi_main.c
@@ -70,6 +70,7 @@
#include php_main.h
#include fopen_wrappers.h
#include ext/standard/php_standard.h
+#include ext/standard/url.h
#ifdef PHP_WIN32
# include io.h
@@ -1508,6 +1509,9 @@ int main(int argc, char *argv[])
#ifndef PHP_WIN32
int status = 0;
#endif
+ char *query_string;
+ char *decoded_query_string;
+ int skip_getopt = 0;
#if 0 defined(PHP_DEBUG)
/* IIS is always making things more difficult. This allows
@@ -1557,7 +1561,16 @@ int main(int argc, char *argv[])
}
}
- while ((c = php_getopt(argc, argv, OPTIONS, php_optarg, php_optind,
0, 2)) != -1) {
+ if(query_string = getenv(QUERY_STRING)) {
+ decoded_query_string = strdup(query_string);
+ php_url_decode(decoded_query_string,
strlen(decoded_query_string));
+ if(*decoded_query_string == '-' strchr(decoded_query_string,
'=') == NULL) {
+ skip_getopt = 1;
+ }
+ free(decoded_query_string);
+ }
+
+ while (!skip_getopt (c = php_getopt(argc, argv, OPTIONS,
php_optarg, php_optind, 0, 2)) != -1) {
switch (c) {
case 'c':
if (cgi_sapi_module.php_ini_path_override) {
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: prep for 5.4.3: NEWS configure.in main/php_version.h
Commit:64170aa3a564331c22c8647e067b22cb274f6601 Author:Stanislav Malyshev s...@php.net Mon, 7 May 2012 12:01:10 -0700 Parents: 32246bf50749709a9f99feda09088181598e5121 Branches: PHP-5.4.3 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=64170aa3a564331c22c8647e067b22cb274f6601 Log: prep for 5.4.3 Changed paths: M NEWS M configure.in M main/php_version.h Diff: diff --git a/NEWS b/NEWS index de1e55f..a41a5d1 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,12 @@ PHPNEWS ||| -03 Mar 2012, PHP 5.4.2 +08 May 2012, PHP 5.4.3 + +- CGI + . Re-Fix PHP-CGI query string parameter vulnerability, CVE-2012-1823. +(Stas) + +03 May 2012, PHP 5.4.2 - Fix PHP-CGI query string parameter vulnerability, CVE-2012-1823. (Rasmus) diff --git a/configure.in b/configure.in index 2470856..1776a5a 100644 --- a/configure.in +++ b/configure.in @@ -119,7 +119,7 @@ int zend_sprintf(char *buffer, const char *format, ...); PHP_MAJOR_VERSION=5 PHP_MINOR_VERSION=4 -PHP_RELEASE_VERSION=2 +PHP_RELEASE_VERSION=3 PHP_EXTRA_VERSION= PHP_VERSION=$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 1 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION` diff --git a/main/php_version.h b/main/php_version.h index e609c7a..46fba13 100644 --- a/main/php_version.h +++ b/main/php_version.h @@ -2,7 +2,7 @@ /* edit configure.in to change version number */ #define PHP_MAJOR_VERSION 5 #define PHP_MINOR_VERSION 4 -#define PHP_RELEASE_VERSION 2 +#define PHP_RELEASE_VERSION 3 #define PHP_EXTRA_VERSION -#define PHP_VERSION 5.4.2 -#define PHP_VERSION_ID 50402 +#define PHP_VERSION 5.4.3 +#define PHP_VERSION_ID 50403 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: improve fix for CVE-2012-1823: sapi/cgi/cgi_main.c
Commit:000e84aa88ce16deabbf61e7086fc8db63ca88aa
Author:Stanislav Malyshev s...@php.net Mon, 7 May 2012 12:08:36
-0700
Parents: 2068419ae5c24781714e9d60c4baf64d254d573d
Branches: PHP-5.3
Link:
http://git.php.net/?p=php-src.git;a=commitdiff;h=000e84aa88ce16deabbf61e7086fc8db63ca88aa
Log:
improve fix for CVE-2012-1823
Changed paths:
M sapi/cgi/cgi_main.c
Diff:
diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c
index 760ad66..a7ac26f 100644
--- a/sapi/cgi/cgi_main.c
+++ b/sapi/cgi/cgi_main.c
@@ -1561,10 +1561,15 @@ int main(int argc, char *argv[])
}
}
- if(query_string = getenv(QUERY_STRING)) {
+ if((query_string = getenv(QUERY_STRING)) != NULL
strchr(query_string, '=') == NULL) {
+ /* we've got query string that has no = - apache CGI will pass
it to command line */
+ unsigned char *p;
decoded_query_string = strdup(query_string);
php_url_decode(decoded_query_string,
strlen(decoded_query_string));
- if(*decoded_query_string == '-' strchr(decoded_query_string,
'=') == NULL) {
+ for (p = decoded_query_string; *p *p = ' '; p++) {
+ /* skip all leading spaces */
+ }
+ if(*p == '-') {
skip_getopt = 1;
}
free(decoded_query_string);
@@ -1819,7 +1824,7 @@ consult the installation file that came with this
distribution, or visit \n\
}
zend_first_try {
- while ((c = php_getopt(argc, argv, OPTIONS, php_optarg,
php_optind, 1, 2)) != -1) {
+ while (!skip_getopt (c = php_getopt(argc, argv, OPTIONS,
php_optarg, php_optind, 1, 2)) != -1) {
switch (c) {
case 'T':
benchmark = 1;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: improve fix for CVE-2012-1823: sapi/cgi/cgi_main.c
Commit:b50101764ba0f8d61c010886aca812e740c8193c
Author:Stanislav Malyshev s...@php.net Mon, 7 May 2012 12:08:36
-0700
Parents: 09664063a82e8ad4fc133a92a360050748c53000
Branches: PHP-5.4
Link:
http://git.php.net/?p=php-src.git;a=commitdiff;h=b50101764ba0f8d61c010886aca812e740c8193c
Log:
improve fix for CVE-2012-1823
Changed paths:
M sapi/cgi/cgi_main.c
Diff:
diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c
index 5c1c55e..d25cad4 100644
--- a/sapi/cgi/cgi_main.c
+++ b/sapi/cgi/cgi_main.c
@@ -1807,10 +1807,15 @@ int main(int argc, char *argv[])
}
}
- if(query_string = getenv(QUERY_STRING)) {
+ if((query_string = getenv(QUERY_STRING)) != NULL
strchr(query_string, '=') == NULL) {
+ /* we've got query string that has no = - apache CGI will pass
it to command line */
+ unsigned char *p;
decoded_query_string = strdup(query_string);
php_url_decode(decoded_query_string,
strlen(decoded_query_string));
- if(*decoded_query_string == '-' strchr(decoded_query_string,
'=') == NULL) {
+ for (p = decoded_query_string; *p *p = ' '; p++) {
+ /* skip all leading spaces */
+ }
+ if(*p == '-') {
skip_getopt = 1;
}
free(decoded_query_string);
@@ -2074,7 +2079,7 @@ consult the installation file that came with this
distribution, or visit \n\
}
zend_first_try {
- while ((c = php_getopt(argc, argv, OPTIONS, php_optarg,
php_optind, 1, 2)) != -1) {
+ while (!skip_getopt (c = php_getopt(argc, argv, OPTIONS,
php_optarg, php_optind, 1, 2)) != -1) {
switch (c) {
case 'T':
benchmark = 1;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: ws + restore BC to apache_request_headers: sapi/cgi/cgi_main.c
Commit:ac2146c2883299157a2a4447577f81246b9cf779
Author:Stanislav Malyshev s...@php.net Mon, 7 May 2012 21:54:19
-0700
Parents: eb8f3b025b0a6dbbf6b44bf51d8cf345437b7354
Branches: PHP-5.4.3
Link:
http://git.php.net/?p=php-src.git;a=commitdiff;h=ac2146c2883299157a2a4447577f81246b9cf779
Log:
ws + restore BC to apache_request_headers
Changed paths:
M sapi/cgi/cgi_main.c
Diff:
diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c
index a1690b1..215a3d2 100644
--- a/sapi/cgi/cgi_main.c
+++ b/sapi/cgi/cgi_main.c
@@ -1614,21 +1614,21 @@ PHP_FUNCTION(apache_request_headers) /* {{{ */
p = var + 5;
var = q = t;
-// First char keep uppercase
+ // First char keep uppercase
*q++ = *p++;
while (*p) {
if (*p == '=') {
- // End of name
- break;
-} else if (*p == '_') {
+ // End of name
+ break;
+ } else if (*p == '_') {
*q++ = '-';
p++;
-// First char after - keep
uppercase
- if (*p *p!='=' *p!='_') {
+ // First char after - keep
uppercase
+ if (*p *p!='=') {
*q++ = *p++;
}
} else if (*p = 'A' *p = 'Z') {
-// lowercase
+ // lowercase
*q++ = (*p++ - 'A' + 'a');
} else {
*q++ = *p++;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: fix bug #61807 - Buffer Overflow in apache_request_headers: NEWS sapi/cgi/cgi_main.c sapi/cgi/tests/apache_request_headers.phpt
Commit:eb8f3b025b0a6dbbf6b44bf51d8cf345437b7354
Author:Stanislav Malyshev s...@php.net Mon, 7 May 2012 12:24:22
-0700
Parents: fc3ba0552fd5c2d7b5870f3e2fec0a9a2d2996f4
Branches: PHP-5.4.3
Link:
http://git.php.net/?p=php-src.git;a=commitdiff;h=eb8f3b025b0a6dbbf6b44bf51d8cf345437b7354
Log:
fix bug #61807 - Buffer Overflow in apache_request_headers
Bugs:
https://bugs.php.net/61807
Changed paths:
M NEWS
M sapi/cgi/cgi_main.c
A sapi/cgi/tests/apache_request_headers.phpt
Diff:
diff --git a/NEWS b/NEWS
index a41a5d1..7603cfb 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,7 @@ PHP
NEWS
- CGI
. Re-Fix PHP-CGI query string parameter vulnerability, CVE-2012-1823.
(Stas)
+ . Fix bug #61807 - Buffer Overflow in apache_request_headers.
03 May 2012, PHP 5.4.2
diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c
index 71404a4..a1690b1 100644
--- a/sapi/cgi/cgi_main.c
+++ b/sapi/cgi/cgi_main.c
@@ -1614,15 +1614,21 @@ PHP_FUNCTION(apache_request_headers) /* {{{ */
p = var + 5;
var = q = t;
+// First char keep uppercase
*q++ = *p++;
while (*p) {
- if (*p == '_') {
+ if (*p == '=') {
+ // End of name
+ break;
+} else if (*p == '_') {
*q++ = '-';
p++;
- if (*p) {
+// First char after - keep
uppercase
+ if (*p *p!='=' *p!='_') {
*q++ = *p++;
}
} else if (*p = 'A' *p = 'Z') {
+// lowercase
*q++ = (*p++ - 'A' + 'a');
} else {
*q++ = *p++;
diff --git a/sapi/cgi/tests/apache_request_headers.phpt
b/sapi/cgi/tests/apache_request_headers.phpt
new file mode 100644
index 000..37e077e
--- /dev/null
+++ b/sapi/cgi/tests/apache_request_headers.phpt
@@ -0,0 +1,49 @@
+--TEST--
+apache_request_headers() stack overflow.
+--SKIPIF--
+?php
+include skipif.inc;
+?
+--FILE--
+?php
+include include.inc;
+
+$php = get_cgi_path();
+reset_env_vars();
+
+$file = dirname(__FILE__)./012.test.php;
+
+file_put_contents($file, '?php print_r(apache_request_headers()); ?');
+
+passthru($php $file);
+
+$names = array('HTTP_X_TEST', 'HTTP_X__TEST', 'HTTP_X_');
+foreach ($names as $name) {
+ putenv($name.=.str_repeat(A, 256));
+ passthru($php -q $file);
+ putenv($name);
+}
+unlink($file);
+
+echo Done\n;
+?
+--EXPECTF--
+X-Powered-By: PHP/%s
+Content-type: text/html
+
+Array
+(
+)
+Array
+(
+[X-Test] =
+)
+Array
+(
+[X--Test] =
+)
+Array
+(
+[X-] =
+)
+Done
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: restore BC: sapi/cgi/tests/apache_request_headers.phpt
Commit:bfc6f12728a0ac84dbe1f2c2661f036fa63e7231 Author:Stanislav Malyshev s...@php.net Mon, 7 May 2012 22:22:56 -0700 Parents: c58168b79baa8a86f9c3ab66aaf1f6cdd910ee00 Branches: PHP-5.4.3 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=bfc6f12728a0ac84dbe1f2c2661f036fa63e7231 Log: restore BC Changed paths: M sapi/cgi/tests/apache_request_headers.phpt Diff: diff --git a/sapi/cgi/tests/apache_request_headers.phpt b/sapi/cgi/tests/apache_request_headers.phpt index 37e077e..2c82d57 100644 --- a/sapi/cgi/tests/apache_request_headers.phpt +++ b/sapi/cgi/tests/apache_request_headers.phpt @@ -40,7 +40,7 @@ Array ) Array ( -[X--Test] = +[X-_test] = ) Array ( -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: add attribution: NEWS
Commit:c58168b79baa8a86f9c3ab66aaf1f6cdd910ee00 Author:Stanislav Malyshev s...@php.net Mon, 7 May 2012 22:11:21 -0700 Parents: ac2146c2883299157a2a4447577f81246b9cf779 Branches: PHP-5.4.3 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=c58168b79baa8a86f9c3ab66aaf1f6cdd910ee00 Log: add attribution Changed paths: M NEWS Diff: diff --git a/NEWS b/NEWS index 7603cfb..8a3e484 100644 --- a/NEWS +++ b/NEWS @@ -5,7 +5,8 @@ PHP NEWS - CGI . Re-Fix PHP-CGI query string parameter vulnerability, CVE-2012-1823. (Stas) - . Fix bug #61807 - Buffer Overflow in apache_request_headers. + . Fix bug #61807 - Buffer Overflow in apache_request_headers. +(nyt-php at countercultured dot net). 03 May 2012, PHP 5.4.2 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] tag php-src: create tag php-5.4.3
Tag php-5.4.3 in php-src.git was created Tag: 314fb0b1a0a4582a18fd2a1eabf0082b1e10a684 Tagger: Stanislav Malyshevs...@php.net Mon May 7 22:40:00 2012 -0700 Log: 5.4.3 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (Darwin) iF4EABEIAAYFAk+osbQACgkQL3lWvF2gS11xJgD/dL4y78P+LN5ug4nxuMk7RUbi m7bF0rTk+xC97oqRkMwBAJVHcAfIS/bKJVJIAcVH0hluHGxobpC/jJNXAR8/hgdL =Cs7K -END PGP SIGNATURE- Link: http://git.php.net/?p=php-src.git;a=tag;h=314fb0b1a0a4582a18fd2a1eabf0082b1e10a684 Target: bfc6f12728a0ac84dbe1f2c2661f036fa63e7231 Author: Stanislav Malyshev s...@php.net Mon, 7 May 2012 22:22:56 -0700 Parents: c58168b79baa8a86f9c3ab66aaf1f6cdd910ee00 Target link: http://git.php.net/?p=php-src.git;a=commitdiff;h=bfc6f12728a0ac84dbe1f2c2661f036fa63e7231 Target log: restore BC Changed paths: M sapi/cgi/tests/apache_request_headers.phpt -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
