[PHP-CVS] com php-src: comment for the #else: ext/mysqlnd/mysqlnd_debug.h
Commit:68536a41672ead2d2872af01af4d4167c47366c0 Author:andrey and...@php.net Mon, 7 May 2012 13:55:40 +0200 Parents: 9927cc5f4b0e626e601d542b0b50e82c54650ac8 Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=68536a41672ead2d2872af01af4d4167c47366c0 Log: comment for the #else Changed paths: M ext/mysqlnd/mysqlnd_debug.h Diff: diff --git a/ext/mysqlnd/mysqlnd_debug.h b/ext/mysqlnd/mysqlnd_debug.h index d805178..3372e73 100644 --- a/ext/mysqlnd/mysqlnd_debug.h +++ b/ext/mysqlnd/mysqlnd_debug.h @@ -141,7 +141,7 @@ PHPAPI char * mysqlnd_get_backtrace(uint max_levels, size_t * length TSRMLS_DC); -#else +#else /* defined(__GNUC__) || (defined(_MSC_VER) (_MSC_VER = 1400)) */ static inline void DBG_INF_EX(MYSQLND_DEBUG * dbg_obj, const char * const msg) {} static inline void DBG_ERR_EX(MYSQLND_DEBUG * dbg_obj, const char * const msg) {} static inline void DBG_INF_FMT_EX(MYSQLND_DEBUG * dbg_obj, ...) {} -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: these methods should return a stream. This makes it easier to intercept the return value: ext/mysqlnd/mysqlnd_net.c ext/mysqlnd/mysqlnd_structs.h
Commit:c75cbd62dda8a1fab2a0e68ed07ea73ca5e2b1d2 Author:andrey and...@php.net Mon, 7 May 2012 15:32:00 +0200 Parents: 68536a41672ead2d2872af01af4d4167c47366c0 Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=c75cbd62dda8a1fab2a0e68ed07ea73ca5e2b1d2 Log: these methods should return a stream. This makes it easier to intercept the return value Changed paths: M ext/mysqlnd/mysqlnd_net.c M ext/mysqlnd/mysqlnd_structs.h Diff: diff --git a/ext/mysqlnd/mysqlnd_net.c b/ext/mysqlnd/mysqlnd_net.c index b2fe662..a641a41 100644 --- a/ext/mysqlnd/mysqlnd_net.c +++ b/ext/mysqlnd/mysqlnd_net.c @@ -105,7 +105,7 @@ MYSQLND_METHOD(mysqlnd_net, network_write_ex)(MYSQLND_NET * const net, const zen /* }}} */ /* {{{ mysqlnd_net::open_pipe */ -static enum_func_status +static php_stream * MYSQLND_METHOD(mysqlnd_net, open_pipe)(MYSQLND_NET * const net, const char * const scheme, const size_t scheme_len, const zend_bool persistent, MYSQLND_STATS * const conn_stats, MYSQLND_ERROR_INFO * const error_info TSRMLS_DC) @@ -125,7 +125,7 @@ MYSQLND_METHOD(mysqlnd_net, open_pipe)(MYSQLND_NET * const net, const char * con net_stream = php_stream_open_wrapper((char*) scheme + sizeof(pipe://) - 1, r+, streams_options, NULL); if (!net_stream) { SET_CLIENT_ERROR(*error_info, CR_CONNECTION_ERROR, UNKNOWN_SQLSTATE, Unknown errror while connecting); - DBG_RETURN(FAIL); + DBG_RETURN(NULL); } /* Streams are not meant for C extensions! Thus we need a hack. Every connected stream will @@ -136,15 +136,14 @@ MYSQLND_METHOD(mysqlnd_net, open_pipe)(MYSQLND_NET * const net, const char * con zend_hash_index_del(EG(regular_list), net_stream-rsrc_id); net_stream-in_free = 0; - (void) net-data-m.set_stream(net, net_stream TSRMLS_CC); - DBG_RETURN(PASS); + DBG_RETURN(net_stream); } /* }}} */ /* {{{ mysqlnd_net::open_tcp_or_unix */ -static enum_func_status +static php_stream * MYSQLND_METHOD(mysqlnd_net, open_tcp_or_unix)(MYSQLND_NET * const net, const char * const scheme, const size_t scheme_len, const zend_bool persistent, MYSQLND_STATS * const conn_stats, MYSQLND_ERROR_INFO * const error_info TSRMLS_DC) @@ -191,7 +190,7 @@ MYSQLND_METHOD(mysqlnd_net, open_tcp_or_unix)(MYSQLND_NET * const net, const cha /* no mnd_ since we don't allocate it */ efree(errstr); } - DBG_RETURN(FAIL); + DBG_RETURN(NULL); } if (hashed_details) { /* @@ -227,8 +226,7 @@ MYSQLND_METHOD(mysqlnd_net, open_tcp_or_unix)(MYSQLND_NET * const net, const cha zend_hash_index_del(EG(regular_list), net_stream-rsrc_id); net_stream-in_free = 0; - (void) net-data-m.set_stream(net, net_stream TSRMLS_CC); - DBG_RETURN(PASS); + DBG_RETURN(net_stream); } /* }}} */ @@ -300,8 +298,11 @@ MYSQLND_METHOD(mysqlnd_net, connect_ex)(MYSQLND_NET * const net, const char * co open_stream = net-data-m.get_open_stream(net, scheme, scheme_len, error_info TSRMLS_CC); if (open_stream) { - if (PASS == (ret = open_stream(net, scheme, scheme_len, persistent, conn_stats, error_info TSRMLS_CC))) { + php_stream * net_stream = open_stream(net, scheme, scheme_len, persistent, conn_stats, error_info TSRMLS_CC); + if (net_stream) { + (void) net-data-m.set_stream(net, net_stream TSRMLS_CC); net-data-m.post_connect_set_opt(net, scheme, scheme_len, conn_stats, error_info TSRMLS_CC); + ret = PASS; } } diff --git a/ext/mysqlnd/mysqlnd_structs.h b/ext/mysqlnd/mysqlnd_structs.h index 6dcb8b3..b355a0d 100644 --- a/ext/mysqlnd/mysqlnd_structs.h +++ b/ext/mysqlnd/mysqlnd_structs.h @@ -283,7 +283,7 @@ typedef enum_func_status (*func_mysqlnd_net__init)(MYSQLND_NET * const net, MYSQ typedef void (*func_mysqlnd_net__dtor)(MYSQLND_NET * const net, MYSQLND_STATS * const conn_stats, MYSQLND_ERROR_INFO * const error_info TSRMLS_DC); typedef enum_func_status (*func_mysqlnd_net__connect_ex)(MYSQLND_NET * const net, const char * const scheme, const size_t scheme_len, const zend_bool persistent, MYSQLND_STATS * const conn_stats, MYSQLND_ERROR_INFO * const error_info TSRMLS_DC); typedef void (*func_mysqlnd_net__close_stream)(MYSQLND_NET * const net, MYSQLND_STATS * const conn_stats, MYSQLND_ERROR_INFO * const error_info TSRMLS_DC);
[PHP-CVS] com php-src: Fix bug 61903 ext\phar\tests\tar\phar_commitwrite.phpt fails: ext/phar/tests/tar/phar_commitwrite.phpt
Commit:ce59121c5f3f67f570f462e93354de0cff1bd31a Author:Anatoliy Belsky a...@php.net Mon, 7 May 2012 15:37:29 +0200 Parents: 99076bc24fae6b159c783e4772b0eaf046b5dc2e Branches: PHP-5.3 PHP-5.4 master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=ce59121c5f3f67f570f462e93354de0cff1bd31a Log: Fix bug 61903 ext\phar\tests\tar\phar_commitwrite.phpt fails Bugs: https://bugs.php.net/61903 Changed paths: M ext/phar/tests/tar/phar_commitwrite.phpt Diff: diff --git a/ext/phar/tests/tar/phar_commitwrite.phpt b/ext/phar/tests/tar/phar_commitwrite.phpt index b926b9a..262ea1d 100644 --- a/ext/phar/tests/tar/phar_commitwrite.phpt +++ b/ext/phar/tests/tar/phar_commitwrite.phpt @@ -5,6 +5,9 @@ Phar::setStub()/stopBuffering() tar-based --INI-- phar.require_hash=0 phar.readonly=0 +--ENV-- +TEMP=. +TMP=. --FILE-- ?php $p = new Phar(dirname(__FILE__) . '/brandnewphar.phar.tar', 0, 'brandnewphar.phar'); @@ -41,4 +44,4 @@ include 'phar://brandnewphar.phar/startup.php'; __HALT_COMPILER(); ? bool(true) -===DONE=== \ No newline at end of file +===DONE=== -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Fix bug 61905 ext\phar\tests\zip\phar_commitwrite.phpt fails: ext/phar/tests/zip/phar_commitwrite.phpt
Commit:2068419ae5c24781714e9d60c4baf64d254d573d Author:Anatoliy Belsky a...@php.net Mon, 7 May 2012 15:39:07 +0200 Parents: ce59121c5f3f67f570f462e93354de0cff1bd31a Branches: PHP-5.3 PHP-5.4 master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=2068419ae5c24781714e9d60c4baf64d254d573d Log: Fix bug 61905 ext\phar\tests\zip\phar_commitwrite.phpt fails Bugs: https://bugs.php.net/61905 Changed paths: M ext/phar/tests/zip/phar_commitwrite.phpt Diff: diff --git a/ext/phar/tests/zip/phar_commitwrite.phpt b/ext/phar/tests/zip/phar_commitwrite.phpt index 84bccb9..4e18a6b 100644 --- a/ext/phar/tests/zip/phar_commitwrite.phpt +++ b/ext/phar/tests/zip/phar_commitwrite.phpt @@ -5,6 +5,9 @@ Phar::setStub()/stopBuffering() zip-based --INI-- phar.require_hash=0 phar.readonly=0 +--ENV-- +TEMP=. +TMP=. --FILE-- ?php $p = new Phar(dirname(__FILE__) . '/brandnewphar.phar.zip', 0, 'brandnewphar.phar'); @@ -41,4 +44,4 @@ include 'phar://brandnewphar.phar/startup.php'; __HALT_COMPILER(); ? bool(true) -===DONE=== \ No newline at end of file +===DONE=== -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Merge branch 'PHP-5.3' into PHP-5.4: sapi/cgi/cgi_main.c
Commit:36587ff335612e4dfe4723dab47954718f5a2878 Author:Stanislav Malyshev s...@php.net Mon, 7 May 2012 12:10:36 -0700 Parents: 0556103f6a347308351436897b3b632450504dd0 7de4b75f74a817c3fead32710e04cd015bcc5360 Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=36587ff335612e4dfe4723dab47954718f5a2878 Log: Merge branch 'PHP-5.3' into PHP-5.4 * PHP-5.3: improve fix for CVE-2012-1823 Fix for CVE-2012-1823 Changed paths: MM sapi/cgi/cgi_main.c Diff: -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Merge branch 'PHP-5.4': sapi/cgi/cgi_main.c
Commit:857fc1b473f5d27ed5ea6aa78420498dbb71c6b6 Author:Stanislav Malyshev s...@php.net Mon, 7 May 2012 12:12:48 -0700 Parents: 2c505ecc57092cac1cd554fd0f645c5f05db9f65 36587ff335612e4dfe4723dab47954718f5a2878 Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=857fc1b473f5d27ed5ea6aa78420498dbb71c6b6 Log: Merge branch 'PHP-5.4' * PHP-5.4: improve fix for CVE-2012-1823 Fix for CVE-2012-1823 Changed paths: MM sapi/cgi/cgi_main.c Diff: -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: improve fix for CVE-2012-1823: sapi/cgi/cgi_main.c
Commit:7de4b75f74a817c3fead32710e04cd015bcc5360 Author:Stanislav Malyshev s...@php.net Mon, 7 May 2012 12:08:36 -0700 Parents: 004941af15674eeb5d12b8459b8ff50c25758150 Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=7de4b75f74a817c3fead32710e04cd015bcc5360 Log: improve fix for CVE-2012-1823 Changed paths: M sapi/cgi/cgi_main.c Diff: diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c index 760ad66..a7ac26f 100644 --- a/sapi/cgi/cgi_main.c +++ b/sapi/cgi/cgi_main.c @@ -1561,10 +1561,15 @@ int main(int argc, char *argv[]) } } - if(query_string = getenv(QUERY_STRING)) { + if((query_string = getenv(QUERY_STRING)) != NULL strchr(query_string, '=') == NULL) { + /* we've got query string that has no = - apache CGI will pass it to command line */ + unsigned char *p; decoded_query_string = strdup(query_string); php_url_decode(decoded_query_string, strlen(decoded_query_string)); - if(*decoded_query_string == '-' strchr(decoded_query_string, '=') == NULL) { + for (p = decoded_query_string; *p *p = ' '; p++) { + /* skip all leading spaces */ + } + if(*p == '-') { skip_getopt = 1; } free(decoded_query_string); @@ -1819,7 +1824,7 @@ consult the installation file that came with this distribution, or visit \n\ } zend_first_try { - while ((c = php_getopt(argc, argv, OPTIONS, php_optarg, php_optind, 1, 2)) != -1) { + while (!skip_getopt (c = php_getopt(argc, argv, OPTIONS, php_optarg, php_optind, 1, 2)) != -1) { switch (c) { case 'T': benchmark = 1; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: improve fix for CVE-2012-1823: sapi/cgi/cgi_main.c
Commit:fc3ba0552fd5c2d7b5870f3e2fec0a9a2d2996f4 Author:Stanislav Malyshev s...@php.net Mon, 7 May 2012 12:08:36 -0700 Parents: 64170aa3a564331c22c8647e067b22cb274f6601 Branches: PHP-5.4.3 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=fc3ba0552fd5c2d7b5870f3e2fec0a9a2d2996f4 Log: improve fix for CVE-2012-1823 Changed paths: M sapi/cgi/cgi_main.c Diff: diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c index 84e0d63..71404a4 100644 --- a/sapi/cgi/cgi_main.c +++ b/sapi/cgi/cgi_main.c @@ -1806,10 +1806,15 @@ int main(int argc, char *argv[]) } } - if(query_string = getenv(QUERY_STRING)) { + if((query_string = getenv(QUERY_STRING)) != NULL strchr(query_string, '=') == NULL) { + /* we've got query string that has no = - apache CGI will pass it to command line */ + unsigned char *p; decoded_query_string = strdup(query_string); php_url_decode(decoded_query_string, strlen(decoded_query_string)); - if(*decoded_query_string == '-' strchr(decoded_query_string, '=') == NULL) { + for (p = decoded_query_string; *p *p = ' '; p++) { + /* skip all leading spaces */ + } + if(*p == '-') { skip_getopt = 1; } free(decoded_query_string); @@ -2073,7 +2078,7 @@ consult the installation file that came with this distribution, or visit \n\ } zend_first_try { - while ((c = php_getopt(argc, argv, OPTIONS, php_optarg, php_optind, 1, 2)) != -1) { + while (!skip_getopt (c = php_getopt(argc, argv, OPTIONS, php_optarg, php_optind, 1, 2)) != -1) { switch (c) { case 'T': benchmark = 1; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Fix for CVE-2012-1823: sapi/cgi/cgi_main.c
Commit:004941af15674eeb5d12b8459b8ff50c25758150 Author:Rasmus Lerdorf ras...@php.net Thu, 3 May 2012 15:51:52 +0200 Committer: Stanislav Malyshev s...@php.net Mon, 7 May 2012 12:06:45 -0700 Parents: 72507d38fb6701471053ef6bee65dfbe63184ec9 Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=004941af15674eeb5d12b8459b8ff50c25758150 Log: Fix for CVE-2012-1823 Changed paths: M sapi/cgi/cgi_main.c Diff: diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c index 56c736f..760ad66 100644 --- a/sapi/cgi/cgi_main.c +++ b/sapi/cgi/cgi_main.c @@ -70,6 +70,7 @@ #include php_main.h #include fopen_wrappers.h #include ext/standard/php_standard.h +#include ext/standard/url.h #ifdef PHP_WIN32 # include io.h @@ -1508,6 +1509,9 @@ int main(int argc, char *argv[]) #ifndef PHP_WIN32 int status = 0; #endif + char *query_string; + char *decoded_query_string; + int skip_getopt = 0; #if 0 defined(PHP_DEBUG) /* IIS is always making things more difficult. This allows @@ -1557,7 +1561,16 @@ int main(int argc, char *argv[]) } } - while ((c = php_getopt(argc, argv, OPTIONS, php_optarg, php_optind, 0, 2)) != -1) { + if(query_string = getenv(QUERY_STRING)) { + decoded_query_string = strdup(query_string); + php_url_decode(decoded_query_string, strlen(decoded_query_string)); + if(*decoded_query_string == '-' strchr(decoded_query_string, '=') == NULL) { + skip_getopt = 1; + } + free(decoded_query_string); + } + + while (!skip_getopt (c = php_getopt(argc, argv, OPTIONS, php_optarg, php_optind, 0, 2)) != -1) { switch (c) { case 'c': if (cgi_sapi_module.php_ini_path_override) { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: prep for 5.4.3: NEWS configure.in main/php_version.h
Commit:64170aa3a564331c22c8647e067b22cb274f6601 Author:Stanislav Malyshev s...@php.net Mon, 7 May 2012 12:01:10 -0700 Parents: 32246bf50749709a9f99feda09088181598e5121 Branches: PHP-5.4.3 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=64170aa3a564331c22c8647e067b22cb274f6601 Log: prep for 5.4.3 Changed paths: M NEWS M configure.in M main/php_version.h Diff: diff --git a/NEWS b/NEWS index de1e55f..a41a5d1 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,12 @@ PHPNEWS ||| -03 Mar 2012, PHP 5.4.2 +08 May 2012, PHP 5.4.3 + +- CGI + . Re-Fix PHP-CGI query string parameter vulnerability, CVE-2012-1823. +(Stas) + +03 May 2012, PHP 5.4.2 - Fix PHP-CGI query string parameter vulnerability, CVE-2012-1823. (Rasmus) diff --git a/configure.in b/configure.in index 2470856..1776a5a 100644 --- a/configure.in +++ b/configure.in @@ -119,7 +119,7 @@ int zend_sprintf(char *buffer, const char *format, ...); PHP_MAJOR_VERSION=5 PHP_MINOR_VERSION=4 -PHP_RELEASE_VERSION=2 +PHP_RELEASE_VERSION=3 PHP_EXTRA_VERSION= PHP_VERSION=$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 1 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION` diff --git a/main/php_version.h b/main/php_version.h index e609c7a..46fba13 100644 --- a/main/php_version.h +++ b/main/php_version.h @@ -2,7 +2,7 @@ /* edit configure.in to change version number */ #define PHP_MAJOR_VERSION 5 #define PHP_MINOR_VERSION 4 -#define PHP_RELEASE_VERSION 2 +#define PHP_RELEASE_VERSION 3 #define PHP_EXTRA_VERSION -#define PHP_VERSION 5.4.2 -#define PHP_VERSION_ID 50402 +#define PHP_VERSION 5.4.3 +#define PHP_VERSION_ID 50403 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: improve fix for CVE-2012-1823: sapi/cgi/cgi_main.c
Commit:000e84aa88ce16deabbf61e7086fc8db63ca88aa Author:Stanislav Malyshev s...@php.net Mon, 7 May 2012 12:08:36 -0700 Parents: 2068419ae5c24781714e9d60c4baf64d254d573d Branches: PHP-5.3 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=000e84aa88ce16deabbf61e7086fc8db63ca88aa Log: improve fix for CVE-2012-1823 Changed paths: M sapi/cgi/cgi_main.c Diff: diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c index 760ad66..a7ac26f 100644 --- a/sapi/cgi/cgi_main.c +++ b/sapi/cgi/cgi_main.c @@ -1561,10 +1561,15 @@ int main(int argc, char *argv[]) } } - if(query_string = getenv(QUERY_STRING)) { + if((query_string = getenv(QUERY_STRING)) != NULL strchr(query_string, '=') == NULL) { + /* we've got query string that has no = - apache CGI will pass it to command line */ + unsigned char *p; decoded_query_string = strdup(query_string); php_url_decode(decoded_query_string, strlen(decoded_query_string)); - if(*decoded_query_string == '-' strchr(decoded_query_string, '=') == NULL) { + for (p = decoded_query_string; *p *p = ' '; p++) { + /* skip all leading spaces */ + } + if(*p == '-') { skip_getopt = 1; } free(decoded_query_string); @@ -1819,7 +1824,7 @@ consult the installation file that came with this distribution, or visit \n\ } zend_first_try { - while ((c = php_getopt(argc, argv, OPTIONS, php_optarg, php_optind, 1, 2)) != -1) { + while (!skip_getopt (c = php_getopt(argc, argv, OPTIONS, php_optarg, php_optind, 1, 2)) != -1) { switch (c) { case 'T': benchmark = 1; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: improve fix for CVE-2012-1823: sapi/cgi/cgi_main.c
Commit:b50101764ba0f8d61c010886aca812e740c8193c Author:Stanislav Malyshev s...@php.net Mon, 7 May 2012 12:08:36 -0700 Parents: 09664063a82e8ad4fc133a92a360050748c53000 Branches: PHP-5.4 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=b50101764ba0f8d61c010886aca812e740c8193c Log: improve fix for CVE-2012-1823 Changed paths: M sapi/cgi/cgi_main.c Diff: diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c index 5c1c55e..d25cad4 100644 --- a/sapi/cgi/cgi_main.c +++ b/sapi/cgi/cgi_main.c @@ -1807,10 +1807,15 @@ int main(int argc, char *argv[]) } } - if(query_string = getenv(QUERY_STRING)) { + if((query_string = getenv(QUERY_STRING)) != NULL strchr(query_string, '=') == NULL) { + /* we've got query string that has no = - apache CGI will pass it to command line */ + unsigned char *p; decoded_query_string = strdup(query_string); php_url_decode(decoded_query_string, strlen(decoded_query_string)); - if(*decoded_query_string == '-' strchr(decoded_query_string, '=') == NULL) { + for (p = decoded_query_string; *p *p = ' '; p++) { + /* skip all leading spaces */ + } + if(*p == '-') { skip_getopt = 1; } free(decoded_query_string); @@ -2074,7 +2079,7 @@ consult the installation file that came with this distribution, or visit \n\ } zend_first_try { - while ((c = php_getopt(argc, argv, OPTIONS, php_optarg, php_optind, 1, 2)) != -1) { + while (!skip_getopt (c = php_getopt(argc, argv, OPTIONS, php_optarg, php_optind, 1, 2)) != -1) { switch (c) { case 'T': benchmark = 1; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: ws + restore BC to apache_request_headers: sapi/cgi/cgi_main.c
Commit:ac2146c2883299157a2a4447577f81246b9cf779 Author:Stanislav Malyshev s...@php.net Mon, 7 May 2012 21:54:19 -0700 Parents: eb8f3b025b0a6dbbf6b44bf51d8cf345437b7354 Branches: PHP-5.4.3 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=ac2146c2883299157a2a4447577f81246b9cf779 Log: ws + restore BC to apache_request_headers Changed paths: M sapi/cgi/cgi_main.c Diff: diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c index a1690b1..215a3d2 100644 --- a/sapi/cgi/cgi_main.c +++ b/sapi/cgi/cgi_main.c @@ -1614,21 +1614,21 @@ PHP_FUNCTION(apache_request_headers) /* {{{ */ p = var + 5; var = q = t; -// First char keep uppercase + // First char keep uppercase *q++ = *p++; while (*p) { if (*p == '=') { - // End of name - break; -} else if (*p == '_') { + // End of name + break; + } else if (*p == '_') { *q++ = '-'; p++; -// First char after - keep uppercase - if (*p *p!='=' *p!='_') { + // First char after - keep uppercase + if (*p *p!='=') { *q++ = *p++; } } else if (*p = 'A' *p = 'Z') { -// lowercase + // lowercase *q++ = (*p++ - 'A' + 'a'); } else { *q++ = *p++; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: fix bug #61807 - Buffer Overflow in apache_request_headers: NEWS sapi/cgi/cgi_main.c sapi/cgi/tests/apache_request_headers.phpt
Commit:eb8f3b025b0a6dbbf6b44bf51d8cf345437b7354 Author:Stanislav Malyshev s...@php.net Mon, 7 May 2012 12:24:22 -0700 Parents: fc3ba0552fd5c2d7b5870f3e2fec0a9a2d2996f4 Branches: PHP-5.4.3 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=eb8f3b025b0a6dbbf6b44bf51d8cf345437b7354 Log: fix bug #61807 - Buffer Overflow in apache_request_headers Bugs: https://bugs.php.net/61807 Changed paths: M NEWS M sapi/cgi/cgi_main.c A sapi/cgi/tests/apache_request_headers.phpt Diff: diff --git a/NEWS b/NEWS index a41a5d1..7603cfb 100644 --- a/NEWS +++ b/NEWS @@ -5,6 +5,7 @@ PHP NEWS - CGI . Re-Fix PHP-CGI query string parameter vulnerability, CVE-2012-1823. (Stas) + . Fix bug #61807 - Buffer Overflow in apache_request_headers. 03 May 2012, PHP 5.4.2 diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c index 71404a4..a1690b1 100644 --- a/sapi/cgi/cgi_main.c +++ b/sapi/cgi/cgi_main.c @@ -1614,15 +1614,21 @@ PHP_FUNCTION(apache_request_headers) /* {{{ */ p = var + 5; var = q = t; +// First char keep uppercase *q++ = *p++; while (*p) { - if (*p == '_') { + if (*p == '=') { + // End of name + break; +} else if (*p == '_') { *q++ = '-'; p++; - if (*p) { +// First char after - keep uppercase + if (*p *p!='=' *p!='_') { *q++ = *p++; } } else if (*p = 'A' *p = 'Z') { +// lowercase *q++ = (*p++ - 'A' + 'a'); } else { *q++ = *p++; diff --git a/sapi/cgi/tests/apache_request_headers.phpt b/sapi/cgi/tests/apache_request_headers.phpt new file mode 100644 index 000..37e077e --- /dev/null +++ b/sapi/cgi/tests/apache_request_headers.phpt @@ -0,0 +1,49 @@ +--TEST-- +apache_request_headers() stack overflow. +--SKIPIF-- +?php +include skipif.inc; +? +--FILE-- +?php +include include.inc; + +$php = get_cgi_path(); +reset_env_vars(); + +$file = dirname(__FILE__)./012.test.php; + +file_put_contents($file, '?php print_r(apache_request_headers()); ?'); + +passthru($php $file); + +$names = array('HTTP_X_TEST', 'HTTP_X__TEST', 'HTTP_X_'); +foreach ($names as $name) { + putenv($name.=.str_repeat(A, 256)); + passthru($php -q $file); + putenv($name); +} +unlink($file); + +echo Done\n; +? +--EXPECTF-- +X-Powered-By: PHP/%s +Content-type: text/html + +Array +( +) +Array +( +[X-Test] = +) +Array +( +[X--Test] = +) +Array +( +[X-] = +) +Done -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: restore BC: sapi/cgi/tests/apache_request_headers.phpt
Commit:bfc6f12728a0ac84dbe1f2c2661f036fa63e7231 Author:Stanislav Malyshev s...@php.net Mon, 7 May 2012 22:22:56 -0700 Parents: c58168b79baa8a86f9c3ab66aaf1f6cdd910ee00 Branches: PHP-5.4.3 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=bfc6f12728a0ac84dbe1f2c2661f036fa63e7231 Log: restore BC Changed paths: M sapi/cgi/tests/apache_request_headers.phpt Diff: diff --git a/sapi/cgi/tests/apache_request_headers.phpt b/sapi/cgi/tests/apache_request_headers.phpt index 37e077e..2c82d57 100644 --- a/sapi/cgi/tests/apache_request_headers.phpt +++ b/sapi/cgi/tests/apache_request_headers.phpt @@ -40,7 +40,7 @@ Array ) Array ( -[X--Test] = +[X-_test] = ) Array ( -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: add attribution: NEWS
Commit:c58168b79baa8a86f9c3ab66aaf1f6cdd910ee00 Author:Stanislav Malyshev s...@php.net Mon, 7 May 2012 22:11:21 -0700 Parents: ac2146c2883299157a2a4447577f81246b9cf779 Branches: PHP-5.4.3 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=c58168b79baa8a86f9c3ab66aaf1f6cdd910ee00 Log: add attribution Changed paths: M NEWS Diff: diff --git a/NEWS b/NEWS index 7603cfb..8a3e484 100644 --- a/NEWS +++ b/NEWS @@ -5,7 +5,8 @@ PHP NEWS - CGI . Re-Fix PHP-CGI query string parameter vulnerability, CVE-2012-1823. (Stas) - . Fix bug #61807 - Buffer Overflow in apache_request_headers. + . Fix bug #61807 - Buffer Overflow in apache_request_headers. +(nyt-php at countercultured dot net). 03 May 2012, PHP 5.4.2 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] tag php-src: create tag php-5.4.3
Tag php-5.4.3 in php-src.git was created Tag: 314fb0b1a0a4582a18fd2a1eabf0082b1e10a684 Tagger: Stanislav Malyshevs...@php.net Mon May 7 22:40:00 2012 -0700 Log: 5.4.3 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (Darwin) iF4EABEIAAYFAk+osbQACgkQL3lWvF2gS11xJgD/dL4y78P+LN5ug4nxuMk7RUbi m7bF0rTk+xC97oqRkMwBAJVHcAfIS/bKJVJIAcVH0hluHGxobpC/jJNXAR8/hgdL =Cs7K -END PGP SIGNATURE- Link: http://git.php.net/?p=php-src.git;a=tag;h=314fb0b1a0a4582a18fd2a1eabf0082b1e10a684 Target: bfc6f12728a0ac84dbe1f2c2661f036fa63e7231 Author: Stanislav Malyshev s...@php.net Mon, 7 May 2012 22:22:56 -0700 Parents: c58168b79baa8a86f9c3ab66aaf1f6cdd910ee00 Target link: http://git.php.net/?p=php-src.git;a=commitdiff;h=bfc6f12728a0ac84dbe1f2c2661f036fa63e7231 Target log: restore BC Changed paths: M sapi/cgi/tests/apache_request_headers.phpt -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php