[PHP-CVS] cvs: php-src(PHP_5_3) /tests/security magic_quotes_gpc.phpt
sesser Thu Dec 11 13:05:52 2008 UTC Added files: (Branch: PHP_5_3) /php-src/tests/security magic_quotes_gpc.phpt Log: Added test for magic_quotes_gpc http://cvs.php.net/viewvc.cgi/php-src/tests/security/magic_quotes_gpc.phpt?view=markuprev=1.1 Index: php-src/tests/security/magic_quotes_gpc.phpt +++ php-src/tests/security/magic_quotes_gpc.phpt -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /tests/security magic_quotes_gpc.phpt
sesser Thu Dec 11 13:06:29 2008 UTC Added files: (Branch: PHP_5_2) /php-src/tests/security magic_quotes_gpc.phpt Log: Added test for magic_quotes_gpc http://cvs.php.net/viewvc.cgi/php-src/tests/security/magic_quotes_gpc.phpt?view=markuprev=1.1 Index: php-src/tests/security/magic_quotes_gpc.phpt +++ php-src/tests/security/magic_quotes_gpc.phpt -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/session session.c
sesser Sat Jun 16 07:47:46 2007 UTC Modified files: /php-src/ext/sessionsession.c Log: Fix attribute injection security bug correctly by URL encoding session name and session value. (in future maybe encode path/domain, too) Remove backward compatibility breaking blacklist of characters. http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.472r2=1.473diff_format=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.472 php-src/ext/session/session.c:1.473 --- php-src/ext/session/session.c:1.472 Fri Jun 15 22:42:43 2007 +++ php-src/ext/session/session.c Sat Jun 16 07:47:46 2007 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.472 2007/06/15 22:42:43 stas Exp $ */ +/* $Id: session.c,v 1.473 2007/06/16 07:47:46 sesser Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -398,7 +398,7 @@ int vallen; /* check session name for invalid characters */ - if (PS(id) strpbrk(PS(id), \r\n\t '\\\()@,;:[]?={}%)) { + if (PS(id) strpbrk(PS(id), \r\n\t '\\\)) { efree(PS(id)); PS(id) = NULL; } @@ -1069,6 +1069,7 @@ { smart_str ncookie = {0}; char *date_fmt = NULL; + char *e_session_name, *e_id; if (SG(headers_sent)) { char *output_start_filename = php_output_get_start_filename(TSRMLS_C); @@ -1082,11 +1083,18 @@ } return; } + + /* URL encode session_name and id because they might be user supplied */ + e_session_name = php_url_encode(PS(session_name), strlen(PS(session_name)), NULL); + e_id = php_url_encode(PS(id), strlen(PS(id)), NULL); smart_str_appends(ncookie, COOKIE_SET_COOKIE); - smart_str_appends(ncookie, PS(session_name)); + smart_str_appends(ncookie, e_session_name); smart_str_appendc(ncookie, '='); - smart_str_appends(ncookie, PS(id)); + smart_str_appends(ncookie, e_id); + + efree(e_session_name); + efree(e_id); if (PS(cookie_lifetime) 0) { struct timeval tv; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c
sesser Sat Jun 16 07:48:07 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/sessionsession.c Log: MFH http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.36r2=1.417.2.8.2.37diff_format=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.417.2.8.2.36 php-src/ext/session/session.c:1.417.2.8.2.37 --- php-src/ext/session/session.c:1.417.2.8.2.36Fri Jun 15 22:40:00 2007 +++ php-src/ext/session/session.c Sat Jun 16 07:48:07 2007 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.417.2.8.2.36 2007/06/15 22:40:00 stas Exp $ */ +/* $Id: session.c,v 1.417.2.8.2.37 2007/06/16 07:48:07 sesser Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -807,7 +807,7 @@ int vallen; /* check session name for invalid characters */ - if (PS(id) strpbrk(PS(id), \r\n\t '\\\()@,;:[]?={}%)) { + if (PS(id) strpbrk(PS(id), \r\n\t '\\\)) { efree(PS(id)); PS(id) = NULL; } @@ -1080,6 +1080,7 @@ { smart_str ncookie = {0}; char *date_fmt = NULL; + char *e_session_name, *e_id; if (SG(headers_sent)) { char *output_start_filename = php_get_output_start_filename(TSRMLS_C); @@ -1093,11 +1094,18 @@ } return; } + + /* URL encode session_name and id because they might be user supplied */ + e_session_name = php_url_encode(PS(session_name), strlen(PS(session_name)), NULL); + e_id = php_url_encode(PS(id), strlen(PS(id)), NULL); smart_str_appends(ncookie, COOKIE_SET_COOKIE); - smart_str_appends(ncookie, PS(session_name)); + smart_str_appends(ncookie, e_session_name); smart_str_appendc(ncookie, '='); - smart_str_appends(ncookie, PS(id)); + smart_str_appends(ncookie, e_id); + + efree(e_session_name); + efree(e_id); if (PS(cookie_lifetime) 0) { struct timeval tv; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_4) /ext/session session.c
sesser Sat Jun 16 07:48:23 2007 UTC Modified files: (Branch: PHP_4_4) /php-src/ext/sessionsession.c Log: MFH http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.336.2.53.2.19r2=1.336.2.53.2.20diff_format=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.336.2.53.2.19 php-src/ext/session/session.c:1.336.2.53.2.20 --- php-src/ext/session/session.c:1.336.2.53.2.19 Fri Jun 15 22:45:25 2007 +++ php-src/ext/session/session.c Sat Jun 16 07:48:23 2007 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.336.2.53.2.19 2007/06/15 22:45:25 stas Exp $ */ +/* $Id: session.c,v 1.336.2.53.2.20 2007/06/16 07:48:23 sesser Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -666,7 +666,7 @@ int vallen; /* check session name for invalid characters */ - if (PS(id) strpbrk(PS(id), \r\n\t '\\\()@,;:[]?={}%)) { + if (PS(id) strpbrk(PS(id), \r\n\t '\\\)) { efree(PS(id)); PS(id) = NULL; } @@ -918,6 +918,7 @@ { smart_str ncookie = {0}; char *date_fmt = NULL; + char *e_session_name, *e_id; if (SG(headers_sent)) { char *output_start_filename = php_get_output_start_filename(TSRMLS_C); @@ -931,11 +932,18 @@ } return; } + + /* URL encode session_name and id because they might be user supplied */ + e_session_name = php_url_encode(PS(session_name), strlen(PS(session_name)), NULL); + e_id = php_url_encode(PS(id), strlen(PS(id)), NULL); smart_str_appends(ncookie, COOKIE_SET_COOKIE); - smart_str_appends(ncookie, PS(session_name)); + smart_str_appends(ncookie, e_session_name); smart_str_appendc(ncookie, '='); - smart_str_appends(ncookie, PS(id)); + smart_str_appends(ncookie, e_id); + + efree(e_session_name); + efree(e_id); if (PS(cookie_lifetime) 0) { struct timeval tv; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src /ext/session session.c
Stanislav Malyshev schrieb: That's nice. Could you now explain why you need these symbols in session IDs? Even Zend Platform used ':' in session IDs not long ago. Maybe recent versions of Zend Platform don't, but that is not the point. The point is YOU DON'T KNOW how many people use one of these characters in session IDs. YOU DON'T KNOW how many people use the PHP session management but use the session_id() function to provide their OWN session identifier. After all THAT is the reason for the session_id() function. Now without any warning you set a bunch of characters on a blacklist. For no real reasons, just to NOT encode them when sending them out in the cookie. Face it this will break backward compatibility and even if only one single person would be affected by this, this BC break is completely unecessary, because by encoding the ID it is possible to support all the other characters. And especially when the session id is something home generated that directly comes out of base64 encoding it is very likely that it ends in the character = which is forbidden by your blacklist. OHH yeah and your invalid reason that these characters are forbidden in cookie values is NONSENSE. First of all the Netscape Cookie 0 format (which is the one used by PHP) clearly says that everything except whitespace and semicolon is allowed and secondly just LOOK at the cookies you have in your browser. : = () ; these characters are used everywhere. A good start are your *.google.com cookies they contain nearly all of these chars. Stefan Esser Stefan Esser wrote: sesserSat Jun 16 07:47:46 2007 UTC Modified files: /php-src/ext/sessionsession.c Log: Fix attribute injection security bug correctly by URL encoding session name and session value. (in future maybe encode path/domain, too) Remove backward compatibility breaking blacklist of characters. http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.472r2=1.473diff_format=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.472 php-src/ext/session/session.c:1.473 --- php-src/ext/session/session.c:1.472Fri Jun 15 22:42:43 2007 +++ php-src/ext/session/session.cSat Jun 16 07:47:46 2007 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.472 2007/06/15 22:42:43 stas Exp $ */ +/* $Id: session.c,v 1.473 2007/06/16 07:47:46 sesser Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -398,7 +398,7 @@ int vallen; /* check session name for invalid characters */ -if (PS(id) strpbrk(PS(id), \r\n\t '\\\()@,;:[]?={}%)) { +if (PS(id) strpbrk(PS(id), \r\n\t '\\\)) { efree(PS(id)); PS(id) = NULL; } @@ -1069,6 +1069,7 @@ { smart_str ncookie = {0}; char *date_fmt = NULL; +char *e_session_name, *e_id; if (SG(headers_sent)) { char *output_start_filename = php_output_get_start_filename(TSRMLS_C); @@ -1082,11 +1083,18 @@ } return; } + +/* URL encode session_name and id because they might be user supplied */ +e_session_name = php_url_encode(PS(session_name), strlen(PS(session_name)), NULL); +e_id = php_url_encode(PS(id), strlen(PS(id)), NULL); smart_str_appends(ncookie, COOKIE_SET_COOKIE); -smart_str_appends(ncookie, PS(session_name)); +smart_str_appends(ncookie, e_session_name); smart_str_appendc(ncookie, '='); -smart_str_appends(ncookie, PS(id)); +smart_str_appends(ncookie, e_id); + +efree(e_session_name); +efree(e_id); if (PS(cookie_lifetime) 0) { struct timeval tv; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src(PHP_5_2) / NEWS /ext/filter filter.c /ext/filter/tests bug39763.phpt
php_zval_filter(tmp_new_var, IF_G(default_filter), IF_G(default_filter_flags), NULL, NULL/*charset*/, 0 TSRMLS_CC); - } else if (PG(magic_quotes_gpc)) { + } else if (PG(magic_quotes_gpc) !retval) { /* for PARSE_STRING php_register_variable_safe() will do the addslashes() */ Z_STRVAL(new_var) = php_addslashes(*val, Z_STRLEN(new_var), Z_STRLEN(new_var), 0 TSRMLS_CC); This comment is wrong. It is not php_register_variable_safe() but ext/filter that adds the magic_quotes. And Antony's previous commit never fixed anything, it just broke magic_quotes_gpc and completely disabled it, introducing possible SQL injection vulnerabilities in tons of scripts... BTW: When will ext/filter be rewritten to a) support daisy chaining b) does not register the variables itself but actually work as filters were supposed to do. c) Support Cookies correctly... Stefan Esser -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_4) /ext/standard var_unserializer.re
sesser Fri Oct 27 08:33:55 2006 UTC Modified files: (Branch: PHP_4_4) /php-src/ext/standard var_unserializer.re Log: Do not allow more than 65500 references http://cvs.php.net/viewvc.cgi/php-src/ext/standard/var_unserializer.re?r1=1.11.4.16.2.4r2=1.11.4.16.2.5diff_format=u Index: php-src/ext/standard/var_unserializer.re diff -u php-src/ext/standard/var_unserializer.re:1.11.4.16.2.4 php-src/ext/standard/var_unserializer.re:1.11.4.16.2.5 --- php-src/ext/standard/var_unserializer.re:1.11.4.16.2.4 Sun Jan 1 13:46:58 2006 +++ php-src/ext/standard/var_unserializer.reFri Oct 27 08:33:55 2006 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: var_unserializer.re,v 1.11.4.16.2.4 2006/01/01 13:46:58 sniper Exp $ */ +/* $Id: var_unserializer.re,v 1.11.4.16.2.5 2006/10/27 08:33:55 sesser Exp $ */ #include php.h #include ext/standard/php_var.h @@ -353,6 +353,10 @@ if (id == -1 || var_access(var_hash, id, rval_ref) != SUCCESS) { return 0; } + + if ((*rval_ref)-refcount 65500) { + return 0; + } if (*rval != NULL) { zval_ptr_dtor(rval); @@ -377,6 +381,10 @@ if (*rval == *rval_ref) return 0; + if ((*rval_ref)-refcount 65500) { + return 0; + } + if (*rval != NULL) { zval_ptr_dtor(rval); } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_4) /ext/standard var_unserializer.c
sesser Fri Oct 27 08:35:25 2006 UTC Modified files: (Branch: PHP_4_4) /php-src/ext/standard var_unserializer.c Log: Manual commit without invoking re2c http://cvs.php.net/viewvc.cgi/php-src/ext/standard/var_unserializer.c?r1=1.18.4.24.2.7r2=1.18.4.24.2.8diff_format=u Index: php-src/ext/standard/var_unserializer.c diff -u php-src/ext/standard/var_unserializer.c:1.18.4.24.2.7 php-src/ext/standard/var_unserializer.c:1.18.4.24.2.8 --- php-src/ext/standard/var_unserializer.c:1.18.4.24.2.7 Wed Aug 9 23:29:17 2006 +++ php-src/ext/standard/var_unserializer.c Fri Oct 27 08:35:25 2006 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: var_unserializer.c,v 1.18.4.24.2.7 2006/08/09 23:29:17 nlopess Exp $ */ +/* $Id: var_unserializer.c,v 1.18.4.24.2.8 2006/10/27 08:35:25 sesser Exp $ */ #include php.h #include ext/standard/php_var.h @@ -958,6 +958,10 @@ if (*rval == *rval_ref) return 0; + if ((*rval_ref)-refcount 65500) { + return 0; + } + if (*rval != NULL) { zval_ptr_dtor(rval); } @@ -1002,6 +1006,10 @@ return 0; } + if ((*rval_ref)-refcount 65500) { + return 0; + } + if (*rval != NULL) { zval_ptr_dtor(rval); } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /main rfc1867.c
sesser Fri Sep 29 10:05:34 2006 UTC Modified files: (Branch: PHP_5_2) /php-src/main rfc1867.c Log: If one name is disallowed don't drop all files http://cvs.php.net/viewvc.cgi/php-src/main/rfc1867.c?r1=1.173.2.1.2.4r2=1.173.2.1.2.5diff_format=u Index: php-src/main/rfc1867.c diff -u php-src/main/rfc1867.c:1.173.2.1.2.4 php-src/main/rfc1867.c:1.173.2.1.2.5 --- php-src/main/rfc1867.c:1.173.2.1.2.4Tue Sep 19 11:34:19 2006 +++ php-src/main/rfc1867.c Fri Sep 29 10:05:34 2006 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: rfc1867.c,v 1.173.2.1.2.4 2006/09/19 11:34:19 sesser Exp $ */ +/* $Id: rfc1867.c,v 1.173.2.1.2.5 2006/09/29 10:05:34 sesser Exp $ */ /* * This product includes software developed by the Apache Group @@ -1025,14 +1025,13 @@ } } - if (php_rfc1867_callback != NULL) { + if (!skip_upload php_rfc1867_callback != NULL) { multipart_event_file_start event_file_start; event_file_start.post_bytes_processed = SG(read_post_bytes); event_file_start.name = param; event_file_start.filename = filename; if (php_rfc1867_callback(MULTIPART_EVENT_FILE_START, event_file_start, event_extra_data TSRMLS_CC) == FAILURE) { - skip_upload = 1; if (temp_filename) { if (cancel_upload != UPLOAD_ERROR_E) { /* file creation failed */ close(fd); @@ -1041,6 +1040,9 @@ efree(temp_filename); } temp_filename=; + efree(param); + efree(filename); + continue; } } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /main rfc1867.c
sesser Tue Sep 19 11:34:19 2006 UTC Modified files: (Branch: PHP_5_2) /php-src/main rfc1867.c Log: Delete empty temporary files if file upload hook forbids the upload http://cvs.php.net/viewvc.cgi/php-src/main/rfc1867.c?r1=1.173.2.1.2.3r2=1.173.2.1.2.4diff_format=u Index: php-src/main/rfc1867.c diff -u php-src/main/rfc1867.c:1.173.2.1.2.3 php-src/main/rfc1867.c:1.173.2.1.2.4 --- php-src/main/rfc1867.c:1.173.2.1.2.3Sat Sep 9 22:06:27 2006 +++ php-src/main/rfc1867.c Tue Sep 19 11:34:19 2006 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: rfc1867.c,v 1.173.2.1.2.3 2006/09/09 22:06:27 rasmus Exp $ */ +/* $Id: rfc1867.c,v 1.173.2.1.2.4 2006/09/19 11:34:19 sesser Exp $ */ /* * This product includes software developed by the Apache Group @@ -1033,6 +1033,14 @@ event_file_start.filename = filename; if (php_rfc1867_callback(MULTIPART_EVENT_FILE_START, event_file_start, event_extra_data TSRMLS_CC) == FAILURE) { skip_upload = 1; + if (temp_filename) { + if (cancel_upload != UPLOAD_ERROR_E) { /* file creation failed */ + close(fd); + unlink(temp_filename); + } + efree(temp_filename); + } + temp_filename=; } } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src(PHP_5_2) /ext/standard string.c
Your imagination is just fabulous. so please think twice before optimizing means be careful and do not try to optimize this code, even though it looks like it can be optimized by moving the emalloc() call to the beginning of the function. Please try to understand what I've really said before posting your comments again. Please do not commit obvious integer overflows to the code of PHP again. It actually doesn't matter what you meant. You removed an possible overflow and replaced it with another possible overflow. So please be careful and do not try to fix code, when all you come up with is just a different kind of overflow. Stefan -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src(PHP_5_2) /ext/standard string.c
It actually doesn't matter what you meant. I'll take this as sorry, but you really need to learn to say it yourself. Antony, you are unbelievable. Do you think you are funny? Do you think it is funny to have overflows all over the code because people like you are commiting this crap code again and again? Fix the damned integer overflow and shut up. Stefan -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src(PHP_5_2) /ext/standard string.c
First of all, change your attitude NOW. I'm not your son and you're not my father to tell me what to do and how. And next time when your groundless attack fails, be so smart to apologize. Groundless attack? Ohh... Okay that obviously means, you cannot see the overflow. Okay I will fix it later. Stefan -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] Re: [PHP-DEV] Re: [PHP-CVS] cvs: php-src(PHP_5_2) / NEWS /main rfc1867.c rfc1867.h
Antony, grow up. Stefan -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src(PHP_5_2) / NEWS /main rfc1867.c rfc1867.h
Andrei Zmievski schrieb: How about patch for HEAD? HEAD is lightyears away from beeing stable. Until PHP 5.2.0 is released the fileupload hook will be tested by myself (because of the extensions I write) and when I am 100% sure that it is stable I will commit it against HEAD. I don't want to commit the code now to HEAD and later realise that there was some error and commit every fix to it to several branches. Stefan -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src(PHP_5_2) / NEWS /main rfc1867.c rfc1867.h
Hello, well the policy is you commit to HEAD first so that HEAD and base do not get out of synch. For PDO we already have the situation and it will mos Yeah we all know how well commiting to HEAD and then merging the same untested code to the branches work. We have seen this commit policy in action with the latest PHP 5.1.3 releases. At the moment there is no point in commiting stuff to HEAD first and then merging it to branch. HEAD is completely different and needs completely differnt code. Chances are high that the fileupload code doesn't work at all in PHP6 after the unicode changes. I rather like to test new code against stable code branches instead of testing it against unstable branches that could blow up in my face. The time you waste on questioning my development decisions you better spend on fixing your own bugs, that I had to find for you in the past. (f.e. checking return values of calls to base64_decode() in 'data' URL shemes...) Stefan -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] Re: cvs: php-src(PHP_5_2) /ext/bz2 bz2_filter.c
Hi, I don't know what you're running but here size_t is unsigned int. It's probably unsigned long on 64bit boxen, so what's this fix about? The question is: what are you running? size_t usually is unsigned long. Stefan -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src / acinclude.m4
sesser Fri Jun 16 08:00:24 2006 UTC Modified files: /php-srcacinclude.m4 Log: Fixed that configure bails out on wrong flex version. Now a wrong flex version will issue a warning and when flex is needed during the make process the make process will die with an error message. http://cvs.php.net/viewcvs.cgi/php-src/acinclude.m4?r1=1.346r2=1.347diff_format=u Index: php-src/acinclude.m4 diff -u php-src/acinclude.m4:1.346 php-src/acinclude.m4:1.347 --- php-src/acinclude.m4:1.346 Thu May 11 22:05:16 2006 +++ php-src/acinclude.m4Fri Jun 16 08:00:23 2006 @@ -1,5 +1,5 @@ dnl -dnl $Id: acinclude.m4,v 1.346 2006/05/11 22:05:16 iliaa Exp $ +dnl $Id: acinclude.m4,v 1.347 2006/06/16 08:00:23 sesser Exp $ dnl dnl This file contains local autoconf functions. dnl @@ -2048,7 +2048,8 @@ case $php_cv_flex_version in |invalid[)] flex_msg=flex versions supported for regeneration of the Zend/PHP parsers: $flex_version_list (found: $flex_version). - AC_MSG_ERROR([$flex_msg]) + AC_MSG_WARN([$flex_msg]) + LEX=echo \error: $flex_msg\ 12 ; exit 1; ;; esac PHP_SUBST(LEX) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) / acinclude.m4
sesser Fri Jun 16 08:01:03 2006 UTC Modified files: (Branch: PHP_5_2) /php-srcacinclude.m4 Log: MFH: Only care about wrong flex version, when needed. http://cvs.php.net/viewcvs.cgi/php-src/acinclude.m4?r1=1.332.2.14.2.1r2=1.332.2.14.2.2diff_format=u Index: php-src/acinclude.m4 diff -u php-src/acinclude.m4:1.332.2.14.2.1 php-src/acinclude.m4:1.332.2.14.2.2 --- php-src/acinclude.m4:1.332.2.14.2.1 Thu May 11 22:04:51 2006 +++ php-src/acinclude.m4Fri Jun 16 08:01:03 2006 @@ -1,5 +1,5 @@ dnl -dnl $Id: acinclude.m4,v 1.332.2.14.2.1 2006/05/11 22:04:51 iliaa Exp $ +dnl $Id: acinclude.m4,v 1.332.2.14.2.2 2006/06/16 08:01:03 sesser Exp $ dnl dnl This file contains local autoconf functions. dnl @@ -2048,7 +2048,8 @@ case $php_cv_flex_version in |invalid[)] flex_msg=flex versions supported for regeneration of the Zend/PHP parsers: $flex_version_list (found: $flex_version). - AC_MSG_ERROR([$flex_msg]) + AC_MSG_WARN([$flex_msg]) + LEX=echo \error: $flex_msg\ 12 ; exit 1; ;; esac PHP_SUBST(LEX) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src / README.UPDATING_TO_PHP6
sesser Wed Mar 22 08:21:01 2006 UTC Modified files: /php-srcREADME.UPDATING_TO_PHP6 Log: Fix the bullshit register_globals emulation 1) S is not _SESSION but _SERVER 2) EXTR_OVERWRITE is evil http://cvs.php.net/viewcvs.cgi/php-src/README.UPDATING_TO_PHP6?r1=1.1r2=1.2diff_format=u Index: php-src/README.UPDATING_TO_PHP6 diff -u php-src/README.UPDATING_TO_PHP6:1.1 php-src/README.UPDATING_TO_PHP6:1.2 --- php-src/README.UPDATING_TO_PHP6:1.1 Tue Mar 14 16:28:35 2006 +++ php-src/README.UPDATING_TO_PHP6 Wed Mar 22 08:21:01 2006 @@ -34,30 +34,29 @@ Here is an example to emulate the session related functions and a snippet to register variables: -$_register_globals_order = ini_get(variables_order); +$_register_globals_order = strrev(ini_get(variables_order)); $_register_globals_order_len = strlen($_register_globals_order); for($_register_globals_i=0;$_register_globals_i$_register_globals_order_len;$_register_globals_i++) { switch($_register_globals_order{$_register_globals_i}) { case E: - extract($_ENV, EXTR_REFS|EXTR_OVERWRITE); + extract($_ENV, EXTR_REFS|EXTR_SKIP); + break; + case G: - continue; + extract($_GET, EXTR_REFS|EXTR_SKIP); break; case P: - extract($_POST, EXTR_REFS|EXTR_OVERWRITE); + extract($_POST, EXTR_REFS|EXTR_SKIP); break; case C: - extract($_COOKIE, EXTR_REFS|EXTR_OVERWRITE); + extract($_COOKIE, EXTR_REFS|EXTR_SKIP); break; case S: - if(!isset($_SESSION)) { - continue; - } - extract($_SESSION, EXTR_REFS|EXTR_OVERWRITE); + extract($_SERVER, EXTR_REFS|EXTR_SKIP); break; } } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src / README.UPDATING_TO_PHP6
What is bullshit? the emulation, the way it is done or both? Anyway, you were quiet during the discussions, or did not read them, please keep such comments for another place. Bullshit is an emulation that is even more insecure than register_globals=on in the first place and that doesn't even work, because the author obviously had no clue. S is not _SESSION, but _SERVER. And infact the emulation did not handle _GET variables at all. Stefan Esser -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/mysqli mysqli_api.c mysqli_nonapi.c mysqli_report.c
sesser Fri Dec 23 18:43:03 2005 EDT Modified files: /php-src/ext/mysqli mysqli_api.c mysqli_nonapi.c mysqli_report.c Log: MFB: format string fixes http://cvs.php.net/viewcvs.cgi/php-src/ext/mysqli/mysqli_api.c?r1=1.123r2=1.124diff_format=u Index: php-src/ext/mysqli/mysqli_api.c diff -u php-src/ext/mysqli/mysqli_api.c:1.123 php-src/ext/mysqli/mysqli_api.c:1.124 --- php-src/ext/mysqli/mysqli_api.c:1.123 Mon Oct 10 20:16:35 2005 +++ php-src/ext/mysqli/mysqli_api.c Fri Dec 23 18:43:03 2005 @@ -15,7 +15,7 @@ | Author: Georg Richter [EMAIL PROTECTED]| +--+ - $Id: mysqli_api.c,v 1.123 2005/10/10 20:16:35 tony2001 Exp $ + $Id: mysqli_api.c,v 1.124 2005/12/23 18:43:03 sesser Exp $ */ #ifdef HAVE_CONFIG_H @@ -1370,7 +1370,7 @@ php_mysqli_set_error(mysql_errno(mysql-mysql), (char *) mysql_error(mysql-mysql) TSRMLS_CC); php_mysqli_throw_sql_exception( mysql-mysql-net.sqlstate, mysql-mysql-net.last_errno TSRMLS_CC, - mysql-mysql-net.last_error); + %s, mysql-mysql-net.last_error); RETURN_FALSE; } http://cvs.php.net/viewcvs.cgi/php-src/ext/mysqli/mysqli_nonapi.c?r1=1.57r2=1.58diff_format=u Index: php-src/ext/mysqli/mysqli_nonapi.c diff -u php-src/ext/mysqli/mysqli_nonapi.c:1.57 php-src/ext/mysqli/mysqli_nonapi.c:1.58 --- php-src/ext/mysqli/mysqli_nonapi.c:1.57 Thu Dec 22 14:56:29 2005 +++ php-src/ext/mysqli/mysqli_nonapi.c Fri Dec 23 18:43:03 2005 @@ -15,7 +15,7 @@ | Author: Georg Richter [EMAIL PROTECTED]| +--+ - $Id: mysqli_nonapi.c,v 1.57 2005/12/22 14:56:29 zeev Exp $ + $Id: mysqli_nonapi.c,v 1.58 2005/12/23 18:43:03 sesser Exp $ */ #ifdef HAVE_CONFIG_H @@ -91,7 +91,7 @@ /* Save error messages */ php_mysqli_throw_sql_exception( mysql-mysql-net.sqlstate, mysql-mysql-net.last_errno TSRMLS_CC, - mysql-mysql-net.last_error); + %s, mysql-mysql-net.last_error); php_mysqli_set_error(mysql_errno(mysql-mysql), (char *) mysql_error(mysql-mysql) TSRMLS_CC); @@ -249,7 +249,7 @@ if (!result) { php_mysqli_throw_sql_exception(mysql-mysql-net.sqlstate, mysql-mysql-net.last_errno TSRMLS_CC, - mysql-mysql-net.last_error); + %s, mysql-mysql-net.last_error); RETURN_FALSE; } http://cvs.php.net/viewcvs.cgi/php-src/ext/mysqli/mysqli_report.c?r1=1.11r2=1.12diff_format=u Index: php-src/ext/mysqli/mysqli_report.c diff -u php-src/ext/mysqli/mysqli_report.c:1.11 php-src/ext/mysqli/mysqli_report.c:1.12 --- php-src/ext/mysqli/mysqli_report.c:1.11 Wed Aug 3 14:07:31 2005 +++ php-src/ext/mysqli/mysqli_report.c Fri Dec 23 18:43:03 2005 @@ -15,7 +15,7 @@ | Author: Georg Richter [EMAIL PROTECTED]| +--+ - $Id: mysqli_report.c,v 1.11 2005/08/03 14:07:31 sniper Exp $ + $Id: mysqli_report.c,v 1.12 2005/12/23 18:43:03 sesser Exp $ */ #ifdef HAVE_CONFIG_H @@ -46,7 +46,7 @@ /* {{{ void php_mysqli_report_error(char *sqlstate, int errorno, char *error) */ void php_mysqli_report_error(char *sqlstate, int errorno, char *error TSRMLS_DC) { - php_mysqli_throw_sql_exception(sqlstate, errorno TSRMLS_CC, error); + php_mysqli_throw_sql_exception(sqlstate, errorno TSRMLS_CC, %s, error); } /* }}} */ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src / NEWS /main php_variables.c
case PARSE_COOKIE: - separator = ;\0; + /* The , and space are needed for instances when there are multiple Cookie: headers */ + separator = ;, \0; break; } This patch breaks Backward Compatibility. Multiple COOKIE headers are uncommon. Unencoded ',' are common in cookies. F.e. all Falk AG adsites use them. We already reverted this patch when Jani commited it some weeks ago. Stefan -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src / NEWS /main php_variables.c
Ilia Alshanetsky wrote: The Cookie RFC (2109) Is irrelevant, because PHP never supported the cookie format described there. PHP only knows about the Netscape Cookie Specification. And that Specification only allows ; as separator and all other chars SHOULD be encoded, but because no encoding it is specified, it is not a must. Stefan Esser -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_0) /ext/standard ftp_fopen_wrapper.c
sesser Mon Jun 27 04:16:44 2005 EDT Modified files: (Branch: PHP_5_0) /php-src/ext/standard ftp_fopen_wrapper.c Log: MFH: also check password http://cvs.php.net/diff.php/php-src/ext/standard/ftp_fopen_wrapper.c?r1=1.74.2.6r2=1.74.2.7ty=u Index: php-src/ext/standard/ftp_fopen_wrapper.c diff -u php-src/ext/standard/ftp_fopen_wrapper.c:1.74.2.6 php-src/ext/standard/ftp_fopen_wrapper.c:1.74.2.7 --- php-src/ext/standard/ftp_fopen_wrapper.c:1.74.2.6 Sat May 7 12:07:36 2005 +++ php-src/ext/standard/ftp_fopen_wrapper.cMon Jun 27 04:16:42 2005 @@ -18,7 +18,7 @@ | Sara Golemon [EMAIL PROTECTED] | +--+ */ -/* $Id: ftp_fopen_wrapper.c,v 1.74.2.6 2005/05/07 16:07:36 iliaa Exp $ */ +/* $Id: ftp_fopen_wrapper.c,v 1.74.2.7 2005/06/27 08:16:42 sesser Exp $ */ #include php.h #include php_globals.h @@ -113,7 +113,7 @@ { php_stream *stream = NULL, *reuseid = NULL; php_url *resource = NULL; - int result, use_ssl, use_ssl_on_data = 0; + int result, use_ssl, use_ssl_on_data = 0, tmp_len; char *scratch; char tmp_line[512]; @@ -206,23 +206,24 @@ #endif } +#define PHP_FTP_CNTRL_CHK(val, val_len, err_msg) { \ + unsigned char *s = val, *e = s + val_len; \ + while (s e) { \ + if (iscntrl(*s)) { \ + php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, err_msg, val); \ + goto connect_errexit; \ + } \ + s++;\ + } \ +} + /* send the user name */ php_stream_write_string(stream, USER ); if (resource-user != NULL) { - unsigned char *s, *e; - int user_len = php_raw_url_decode(resource-user, strlen(resource-user)); - - s = resource-user; - e = s + user_len; - /* check for control characters that should not be present in the user name */ - while (s e) { - if (iscntrl(*s)) { - php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, Invalid login %s, resource-user); - goto connect_errexit; - } - s++; - } - + tmp_len = php_raw_url_decode(resource-user, strlen(resource-user)); + + PHP_FTP_CNTRL_CHK(resource-user, tmp_len, Invalid login %s) + php_stream_write_string(stream, resource-user); } else { php_stream_write_string(stream, anonymous); @@ -238,7 +239,10 @@ php_stream_write_string(stream, PASS ); if (resource-pass != NULL) { - php_raw_url_decode(resource-pass, strlen(resource-pass)); + tmp_len = php_raw_url_decode(resource-pass, strlen(resource-pass)); + + PHP_FTP_CNTRL_CHK(resource-pass, tmp_len, Invalid password %s) + php_stream_write_string(stream, resource-pass); } else { /* if the user has configured who they are, -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_4) /ext/standard ftp_fopen_wrapper.c
sesser Mon Jun 27 04:27:24 2005 EDT Modified files: (Branch: PHP_4_4) /php-src/ext/standard ftp_fopen_wrapper.c Log: MFH: Also check FTP password http://cvs.php.net/diff.php/php-src/ext/standard/ftp_fopen_wrapper.c?r1=1.38.2.8r2=1.38.2.8.2.1ty=u Index: php-src/ext/standard/ftp_fopen_wrapper.c diff -u php-src/ext/standard/ftp_fopen_wrapper.c:1.38.2.8 php-src/ext/standard/ftp_fopen_wrapper.c:1.38.2.8.2.1 --- php-src/ext/standard/ftp_fopen_wrapper.c:1.38.2.8 Sat May 7 05:25:31 2005 +++ php-src/ext/standard/ftp_fopen_wrapper.cMon Jun 27 04:27:23 2005 @@ -17,7 +17,7 @@ | Hartmut Holzgraefe [EMAIL PROTECTED] | +--+ */ -/* $Id: ftp_fopen_wrapper.c,v 1.38.2.8 2005/05/07 09:25:31 rasmus Exp $ */ +/* $Id: ftp_fopen_wrapper.c,v 1.38.2.8.2.1 2005/06/27 08:27:23 sesser Exp $ */ #include php.h #include php_globals.h @@ -142,7 +142,7 @@ unsigned short portno; char *scratch; int result; - int i, use_ssl; + int i, use_ssl, tmp_len; #ifdef HAVE_OPENSSL_EXT int use_ssl_on_data=0; php_stream *reuseid=NULL; @@ -243,22 +243,24 @@ #endif +#define PHP_FTP_CNTRL_CHK(val, val_len, err_msg) { \ + unsigned char *s = val, *e = s + val_len; \ + while (s e) { \ + if (iscntrl(*s)) { \ + php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, err_msg, val); \ + goto errexit; \ + } \ + s++;\ + } \ +} + /* send the user name */ php_stream_write_string(stream, USER ); if (resource-user != NULL) { unsigned char *s, *e; - int user_len = php_raw_url_decode(resource-user, strlen(resource-user)); + tmp_len = php_raw_url_decode(resource-user, strlen(resource-user)); - s = resource-user; - e = s + user_len; - /* check for control characters that should not be present in the user name */ - while (s e) { - if (iscntrl(*s)) { - php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, Invalid login %s, resource-user); - goto errexit; - } - s++; - } + PHP_FTP_CNTRL_CHK(resource-user, tmp_len, Invalid login %s) php_stream_write_string(stream, resource-user); } else { @@ -275,7 +277,10 @@ php_stream_write_string(stream, PASS ); if (resource-pass != NULL) { - php_raw_url_decode(resource-pass, strlen(resource-pass)); + tmp_len = php_raw_url_decode(resource-pass, strlen(resource-pass)); + + PHP_FTP_CNTRL_CHK(resource-pass, tmp_len, Invalid password %s) + php_stream_write_string(stream, resource-pass); } else { /* if the user has configured who they are, -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src /ext/bz2 bz2.c
Hi Ilia, it is me again - size = (bzs.total_out_hi32 32) + bzs.total_out_lo32; + size = (bzs.total_out_hi32 * (unsigned int) -1) + bzs.total_out_lo32; while this maybe silence the compiler I do not see how this can be mathematically the same ;) Stefan -- -- Stefan Esser [EMAIL PROTECTED] Hardened-PHP Project http://www.hardened-php.net/ GPG-Keygpg --keyserver pgp.mit.edu --recv-key 0x15ABDA78 Key fingerprint 7806 58C8 CFA8 CE4A 1C2C 57DD 4AE1 795E 15AB DA78 -- -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src /ext/standard basic_functions.c math.c php_math.h /ext/standard/tests/math math_std_dev.phpt
Why not catching division by zero? Stefan Andrey Hristov wrote: andrey Mon May 2 05:17:50 2005 EDT Added files: /php-src/ext/standard/tests/math math_std_dev.phpt Modified files: /php-src/ext/standard basic_functions.c math.c php_math.h Log: add math_std_dev() http://cvs.php.net/diff.php/php-src/ext/standard/basic_functions.c?r1=1.711r2=1.712ty=u Index: php-src/ext/standard/basic_functions.c diff -u php-src/ext/standard/basic_functions.c:1.711 php-src/ext/standard/basic_functions.c:1.712 --- php-src/ext/standard/basic_functions.c:1.711 Wed Apr 27 11:45:36 2005 +++ php-src/ext/standard/basic_functions.c Mon May 2 05:17:49 2005 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: basic_functions.c,v 1.711 2005/04/27 15:45:36 dmitry Exp $ */ +/* $Id: basic_functions.c,v 1.712 2005/05/02 09:17:49 andrey Exp $ */ #include php.h #include php_streams.h @@ -415,6 +415,7 @@ PHP_FE(base_convert, NULL) PHP_FE(number_format, NULL) PHP_FE(fmod, NULL) + PHP_FE(math_std_dev, NULL) #ifdef HAVE_INET_NTOP PHP_NAMED_FE(inet_ntop, php_inet_ntop, NULL) #endif http://cvs.php.net/diff.php/php-src/ext/standard/math.c?r1=1.119r2=1.120ty=u Index: php-src/ext/standard/math.c diff -u php-src/ext/standard/math.c:1.119 php-src/ext/standard/math.c:1.120 --- php-src/ext/standard/math.c:1.119 Mon Dec 13 19:37:19 2004 +++ php-src/ext/standard/math.c Mon May 2 05:17:49 2005 @@ -19,7 +19,7 @@ +--+ */ -/* $Id: math.c,v 1.119 2004/12/14 00:37:19 iliaa Exp $ */ +/* $Id: math.c,v 1.120 2005/05/02 09:17:49 andrey Exp $ */ #include php.h #include php_math.h @@ -1182,6 +1182,40 @@ } /* }}} */ + + +/* {{{ proto float math_std_dev(array a) + Returns the standard deviation */ +PHP_FUNCTION(math_std_dev) +{ + double mean, sum = 0.0, vr = 0.0; + zval *arr, **entry; + HashPosition pos; + + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, a, arr) == FAILURE) { + return; + } + zend_hash_internal_pointer_reset_ex(Z_ARRVAL_P(arr), pos); + while (zend_hash_get_current_data_ex(Z_ARRVAL_P(arr), (void **)entry, pos) == SUCCESS) { + convert_to_double_ex(entry); + sum += Z_DVAL_PP(entry); + zend_hash_move_forward_ex(Z_ARRVAL_P(arr), pos); + } + mean = sum / zend_hash_num_elements(Z_ARRVAL_P(arr)); + + zend_hash_internal_pointer_reset_ex(Z_ARRVAL_P(arr), pos); + while (zend_hash_get_current_data_ex(Z_ARRVAL_P(arr), (void **)entry, pos) == SUCCESS) { + double d; + convert_to_double_ex(entry); + d = Z_DVAL_PP(entry) - mean; + vr += d*d; + zend_hash_move_forward_ex(Z_ARRVAL_P(arr), pos); + } + + RETURN_DOUBLE(sqrt(vr / zend_hash_num_elements(Z_ARRVAL_P(arr; +} +/* }}} */ + /* * Local variables: * tab-width: 4 http://cvs.php.net/diff.php/php-src/ext/standard/php_math.h?r1=1.23r2=1.24ty=u Index: php-src/ext/standard/php_math.h diff -u php-src/ext/standard/php_math.h:1.23 php-src/ext/standard/php_math.h:1.24 --- php-src/ext/standard/php_math.h:1.23 Tue Sep 21 14:09:29 2004 +++ php-src/ext/standard/php_math.h Mon May 2 05:17:49 2005 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: php_math.h,v 1.23 2004/09/21 18:09:29 fmk Exp $ */ +/* $Id: php_math.h,v 1.24 2005/05/02 09:17:49 andrey Exp $ */ #ifndef PHP_MATH_H #define PHP_MATH_H @@ -59,6 +59,7 @@ PHP_FUNCTION(base_convert); PHP_FUNCTION(number_format); PHP_FUNCTION(fmod); +PHP_FUNCTION(math_std_dev); PHP_FUNCTION(deg2rad); PHP_FUNCTION(rad2deg); http://cvs.php.net/co.php/php-src/ext/standard/tests/math/math_std_dev.phpt?r=1.1p=1 Index: php-src/ext/standard/tests/math/math_std_dev.phpt +++ php-src/ext/standard/tests/math/math_std_dev.phpt --TEST-- math_std_dev() tests --FILE-- ?php $a=array(4, 1, 7); $dev=math_std_dev($a); var_dump(sprintf(%2.9f, $dev)); ? --EXPECT-- string(11) 2.449489743 -- -- Stefan Esser [EMAIL PROTECTED] Hardened-PHP Project http://www.hardened-php.net/ GPG-Keygpg --keyserver pgp.mit.edu --recv-key 0x15ABDA78 Key fingerprint 7806 58C8 CFA8 CE4A 1C2C 57DD 4AE1 795E 15AB DA78 -- -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src /main php_variables.c
Jani Taskinen wrote: sniper Sat Apr 23 16:33:35 2005 EDT Modified files: /php-src/main php_variables.c Log: - Fixed bug #32111 (Cookies can also be separated by colon) Could you please revert that patch, or implement the RFC correctly? Now PHP handles cookies in a completely RFC uncovered way. Either we have support for , ; or only for ; but not something in between. F.e. with your patch you just fucked modsecurity again which will fail to correctly detect evil cookie variables. No matter if you configure it to use V0 or V1 of its detection. Stefan -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/exif exif.c
sesser Wed Mar 2 13:21:46 2005 EDT Modified files: /php-src/ext/exif exif.c Log: Fixed possible bufferoverflow http://cvs.php.net/diff.php/php-src/ext/exif/exif.c?r1=1.169r2=1.170ty=u Index: php-src/ext/exif/exif.c diff -u php-src/ext/exif/exif.c:1.169 php-src/ext/exif/exif.c:1.170 --- php-src/ext/exif/exif.c:1.169 Wed Feb 16 18:47:38 2005 +++ php-src/ext/exif/exif.c Wed Mar 2 13:21:45 2005 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: exif.c,v 1.169 2005/02/16 23:47:38 sniper Exp $ */ +/* $Id: exif.c,v 1.170 2005/03/02 18:21:45 sesser Exp $ */ /* ToDos * @@ -112,7 +112,7 @@ }; /* }}} */ -#define EXIF_VERSION 1.4 $Id: exif.c,v 1.169 2005/02/16 23:47:38 sniper Exp $ +#define EXIF_VERSION 1.4 $Id: exif.c,v 1.170 2005/03/02 18:21:45 sesser Exp $ /* {{{ PHP_MINFO_FUNCTION */ @@ -2733,6 +2733,11 @@ byte_count = components * php_tiff_bytes_per_format[format]; + if ((ssize_t)byte_count 0) { + exif_error_docref(exif_read_data#error_ifd EXIFERR_CC, ImageInfo, E_WARNING, Process tag(x%04X=%s): Illegal byte_count(%ld), tag, exif_get_tagname(tag, tagname, -12, tag_table TSRMLS_CC), byte_count); + return FALSE; + } + if (byte_count 4) { offset_val = php_ifd_get32u(dir_entry+8, ImageInfo-motorola_intel); /* If its bigger than 4 bytes, the dir entry contains an offset. */ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_0) /ext/exif exif.c
sesser Wed Mar 2 13:22:41 2005 EDT Modified files: (Branch: PHP_5_0) /php-src/ext/exif exif.c Log: MFH http://cvs.php.net/diff.php/php-src/ext/exif/exif.c?r1=1.162.2.6r2=1.162.2.7ty=u Index: php-src/ext/exif/exif.c diff -u php-src/ext/exif/exif.c:1.162.2.6 php-src/ext/exif/exif.c:1.162.2.7 --- php-src/ext/exif/exif.c:1.162.2.6 Wed Feb 16 04:56:30 2005 +++ php-src/ext/exif/exif.c Wed Mar 2 13:22:40 2005 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: exif.c,v 1.162.2.6 2005/02/16 09:56:30 edink Exp $ */ +/* $Id: exif.c,v 1.162.2.7 2005/03/02 18:22:40 sesser Exp $ */ /* ToDos * @@ -112,7 +112,7 @@ }; /* }}} */ -#define EXIF_VERSION 1.4 $Id: exif.c,v 1.162.2.6 2005/02/16 09:56:30 edink Exp $ +#define EXIF_VERSION 1.4 $Id: exif.c,v 1.162.2.7 2005/03/02 18:22:40 sesser Exp $ /* {{{ PHP_MINFO_FUNCTION */ @@ -2733,6 +2733,11 @@ byte_count = components * php_tiff_bytes_per_format[format]; + if ((ssize_t)byte_count 0) { + exif_error_docref(exif_read_data#error_ifd EXIFERR_CC, ImageInfo, E_WARNING, Process tag(x%04X=%s): Illegal byte_count(%ld), tag, exif_get_tagname(tag, tagname, -12, tag_table TSRMLS_CC), byte_count); + return FALSE; + } + if (byte_count 4) { offset_val = php_ifd_get32u(dir_entry+8, ImageInfo-motorola_intel); /* If its bigger than 4 bytes, the dir entry contains an offset. */ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_3) /ext/exif exif.c
sesser Wed Mar 2 13:23:49 2005 EDT Modified files: (Branch: PHP_4_3) /php-src/ext/exif exif.c Log: MFH http://cvs.php.net/diff.php/php-src/ext/exif/exif.c?r1=1.118.2.33r2=1.118.2.34ty=u Index: php-src/ext/exif/exif.c diff -u php-src/ext/exif/exif.c:1.118.2.33 php-src/ext/exif/exif.c:1.118.2.34 --- php-src/ext/exif/exif.c:1.118.2.33 Wed Feb 16 07:23:06 2005 +++ php-src/ext/exif/exif.c Wed Mar 2 13:23:49 2005 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: exif.c,v 1.118.2.33 2005/02/16 12:23:06 edink Exp $ */ +/* $Id: exif.c,v 1.118.2.34 2005/03/02 18:23:49 sesser Exp $ */ /* ToDos * @@ -101,7 +101,7 @@ }; /* }}} */ -#define EXIF_VERSION 1.4 $Id: exif.c,v 1.118.2.33 2005/02/16 12:23:06 edink Exp $ +#define EXIF_VERSION 1.4 $Id: exif.c,v 1.118.2.34 2005/03/02 18:23:49 sesser Exp $ /* {{{ PHP_MINFO_FUNCTION */ @@ -2712,6 +2712,11 @@ byte_count = components * php_tiff_bytes_per_format[format]; + if ((ssize_t)byte_count 0) { + exif_error_docref(exif_read_data#error_ifd EXIFERR_CC, ImageInfo, E_WARNING, Process tag(x%04X=%s): Illegal byte_count(%ld), tag, exif_get_tagname(tag, tagname, -12, tag_table TSRMLS_CC), byte_count); + return FALSE; + } + if (byte_count 4) { offset_val = php_ifd_get32u(dir_entry+8, ImageInfo-motorola_intel); /* If its bigger than 4 bytes, the dir entry contains an offset. */ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/standard image.c
sesser Tue Mar 1 08:53:03 2005 EDT Modified files: /php-src/ext/standard image.c Log: Handle last or broken JP2 boxes correctly. http://cvs.php.net/diff.php/php-src/ext/standard/image.c?r1=1.109r2=1.110ty=u Index: php-src/ext/standard/image.c diff -u php-src/ext/standard/image.c:1.109 php-src/ext/standard/image.c:1.110 --- php-src/ext/standard/image.c:1.109 Tue Mar 1 05:14:18 2005 +++ php-src/ext/standard/image.cTue Mar 1 08:53:02 2005 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: image.c,v 1.109 2005/03/01 10:14:18 helly Exp $ */ +/* $Id: image.c,v 1.110 2005/03/01 13:53:02 sesser Exp $ */ #include php.h #include stdio.h @@ -708,6 +708,11 @@ break; } + /* Stop if this was the last box */ + if ((int)box_length = 0) { + break; + } + /* Skip over LBox (Which includes both TBox and LBox itself */ if (php_stream_seek(stream, box_length - 8, SEEK_CUR)) { break; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_0) /ext/standard image.c
sesser Tue Mar 1 08:53:19 2005 EDT Modified files: (Branch: PHP_5_0) /php-src/ext/standard image.c Log: MFH http://cvs.php.net/diff.php/php-src/ext/standard/image.c?r1=1.98.2.6r2=1.98.2.7ty=u Index: php-src/ext/standard/image.c diff -u php-src/ext/standard/image.c:1.98.2.6 php-src/ext/standard/image.c:1.98.2.7 --- php-src/ext/standard/image.c:1.98.2.6 Tue Mar 1 05:13:15 2005 +++ php-src/ext/standard/image.cTue Mar 1 08:53:19 2005 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: image.c,v 1.98.2.6 2005/03/01 10:13:15 helly Exp $ */ +/* $Id: image.c,v 1.98.2.7 2005/03/01 13:53:19 sesser Exp $ */ #include php.h #include stdio.h @@ -711,6 +711,11 @@ break; } + /* Stop if this was the last box */ + if ((int)box_length = 0) { + break; + } + /* Skip over LBox (Which includes both TBox and LBox itself */ if (php_stream_seek(stream, box_length - 8, SEEK_CUR)) { break; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_3) /ext/standard image.c
sesser Tue Mar 1 08:53:35 2005 EDT Modified files: (Branch: PHP_4_3) /php-src/ext/standard image.c Log: MFH http://cvs.php.net/diff.php/php-src/ext/standard/image.c?r1=1.72.2.16r2=1.72.2.17ty=u Index: php-src/ext/standard/image.c diff -u php-src/ext/standard/image.c:1.72.2.16 php-src/ext/standard/image.c:1.72.2.17 --- php-src/ext/standard/image.c:1.72.2.16 Thu Feb 24 15:54:18 2005 +++ php-src/ext/standard/image.cTue Mar 1 08:53:35 2005 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: image.c,v 1.72.2.16 2005/02/24 20:54:18 helly Exp $ */ +/* $Id: image.c,v 1.72.2.17 2005/03/01 13:53:35 sesser Exp $ */ #include php.h #include stdio.h @@ -711,6 +711,11 @@ break; } + /* Stop if this was the last box */ + if ((int)box_length = 0) { + break; + } + /* Skip over LBox (Which includes both TBox and LBox itself */ if (php_stream_seek(stream, box_length - 8, SEEK_CUR)) { break; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/standard var_unserializer.re
sesser Mon Feb 28 11:22:39 2005 EDT Modified files: /php-src/ext/standard var_unserializer.re Log: Drop invalid arrays http://cvs.php.net/diff.php/php-src/ext/standard/var_unserializer.re?r1=1.45r2=1.46ty=u Index: php-src/ext/standard/var_unserializer.re diff -u php-src/ext/standard/var_unserializer.re:1.45 php-src/ext/standard/var_unserializer.re:1.46 --- php-src/ext/standard/var_unserializer.re:1.45 Sun Feb 27 06:30:41 2005 +++ php-src/ext/standard/var_unserializer.reMon Feb 28 11:22:39 2005 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: var_unserializer.re,v 1.45 2005/02/27 11:30:41 stas Exp $ */ +/* $Id: var_unserializer.re,v 1.46 2005/02/28 16:22:39 sesser Exp $ */ #include php.h #include ext/standard/php_var.h @@ -477,6 +477,10 @@ a: uiv : { { int elements = parse_iv(start + 2); + if (elements 0) { + return 0; + } + *p = YYCURSOR; INIT_PZVAL(*rval); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/standard var_unserializer.re
sesser Mon Feb 28 11:32:50 2005 EDT Modified files: /php-src/ext/standard var_unserializer.re Log: This way around for correct error messages http://cvs.php.net/diff.php/php-src/ext/standard/var_unserializer.re?r1=1.46r2=1.47ty=u Index: php-src/ext/standard/var_unserializer.re diff -u php-src/ext/standard/var_unserializer.re:1.46 php-src/ext/standard/var_unserializer.re:1.47 --- php-src/ext/standard/var_unserializer.re:1.46 Mon Feb 28 11:22:39 2005 +++ php-src/ext/standard/var_unserializer.reMon Feb 28 11:32:49 2005 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: var_unserializer.re,v 1.46 2005/02/28 16:22:39 sesser Exp $ */ +/* $Id: var_unserializer.re,v 1.47 2005/02/28 16:32:49 sesser Exp $ */ #include php.h #include ext/standard/php_var.h @@ -477,12 +477,12 @@ a: uiv : { { int elements = parse_iv(start + 2); + *p = YYCURSOR; + if (elements 0) { return 0; } - *p = YYCURSOR; - INIT_PZVAL(*rval); Z_TYPE_PP(rval) = IS_ARRAY; ALLOC_HASHTABLE(Z_ARRVAL_PP(rval)); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_0) /ext/standard var_unserializer.re
sesser Mon Feb 28 11:33:09 2005 EDT Modified files: (Branch: PHP_5_0) /php-src/ext/standard var_unserializer.re Log: MFH http://cvs.php.net/diff.php/php-src/ext/standard/var_unserializer.re?r1=1.27.2.10r2=1.27.2.11ty=u Index: php-src/ext/standard/var_unserializer.re diff -u php-src/ext/standard/var_unserializer.re:1.27.2.10 php-src/ext/standard/var_unserializer.re:1.27.2.11 --- php-src/ext/standard/var_unserializer.re:1.27.2.10 Mon Feb 14 16:00:36 2005 +++ php-src/ext/standard/var_unserializer.reMon Feb 28 11:33:09 2005 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: var_unserializer.re,v 1.27.2.10 2005/02/14 21:00:36 helly Exp $ */ +/* $Id: var_unserializer.re,v 1.27.2.11 2005/02/28 16:33:09 sesser Exp $ */ #include php.h #include ext/standard/php_var.h @@ -451,6 +451,10 @@ *p = YYCURSOR; + if (elements 0) { + return 0; + } + INIT_PZVAL(*rval); Z_TYPE_PP(rval) = IS_ARRAY; ALLOC_HASHTABLE(Z_ARRVAL_PP(rval)); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_3) /ext/standard var_unserializer.re
sesser Mon Feb 28 11:33:23 2005 EDT Modified files: (Branch: PHP_4_3) /php-src/ext/standard var_unserializer.re Log: MFH http://cvs.php.net/diff.php/php-src/ext/standard/var_unserializer.re?r1=1.11.4.14r2=1.11.4.15ty=u Index: php-src/ext/standard/var_unserializer.re diff -u php-src/ext/standard/var_unserializer.re:1.11.4.14 php-src/ext/standard/var_unserializer.re:1.11.4.15 --- php-src/ext/standard/var_unserializer.re:1.11.4.14 Tue Feb 15 03:08:55 2005 +++ php-src/ext/standard/var_unserializer.reMon Feb 28 11:33:23 2005 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: var_unserializer.re,v 1.11.4.14 2005/02/15 08:08:55 helly Exp $ */ +/* $Id: var_unserializer.re,v 1.11.4.15 2005/02/28 16:33:23 sesser Exp $ */ #include php.h #include ext/standard/php_var.h @@ -463,6 +463,10 @@ *p = YYCURSOR; + if (elements 0) { + return 0; + } + INIT_PZVAL(*rval); Z_TYPE_PP(rval) = IS_ARRAY; ALLOC_HASHTABLE(Z_ARRVAL_PP(rval)); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/standard var_unserializer.c var_unserializer.re
sesser Wed Feb 23 13:26:40 2005 EDT Modified files: /php-src/ext/standard var_unserializer.c var_unserializer.re Log: Correcting bounds check before someone uses this code http://cvs.php.net/diff.php/php-src/ext/standard/var_unserializer.c?r1=1.54r2=1.55ty=u Index: php-src/ext/standard/var_unserializer.c diff -u php-src/ext/standard/var_unserializer.c:1.54 php-src/ext/standard/var_unserializer.c:1.55 --- php-src/ext/standard/var_unserializer.c:1.54Wed Feb 23 06:17:52 2005 +++ php-src/ext/standard/var_unserializer.c Wed Feb 23 13:26:38 2005 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: var_unserializer.c,v 1.54 2005/02/23 11:17:52 stas Exp $ */ +/* $Id: var_unserializer.c,v 1.55 2005/02/23 18:26:38 sesser Exp $ */ #include php.h #include ext/standard/php_var.h @@ -290,7 +290,7 @@ (*p) += 2; - if((*p) + datalen = max) { + if(datalen 0 || (*p) + datalen = max) { zend_error(E_WARNING, Unsifficient data for unserializing - %d required, %d present, datalen, max - (*p)); return 0; } http://cvs.php.net/diff.php/php-src/ext/standard/var_unserializer.re?r1=1.42r2=1.43ty=u Index: php-src/ext/standard/var_unserializer.re diff -u php-src/ext/standard/var_unserializer.re:1.42 php-src/ext/standard/var_unserializer.re:1.43 --- php-src/ext/standard/var_unserializer.re:1.42 Wed Feb 23 06:17:52 2005 +++ php-src/ext/standard/var_unserializer.reWed Feb 23 13:26:39 2005 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: var_unserializer.re,v 1.42 2005/02/23 11:17:52 stas Exp $ */ +/* $Id: var_unserializer.re,v 1.43 2005/02/23 18:26:39 sesser Exp $ */ #include php.h #include ext/standard/php_var.h @@ -294,7 +294,7 @@ (*p) += 2; - if((*p) + datalen = max) { + if(datalen 0 || (*p) + datalen = max) { zend_error(E_WARNING, Unsifficient data for unserializing - %d required, %d present, datalen, max - (*p)); return 0; } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/session session.c
sesser Fri Jan 21 11:03:48 2005 EDT Modified files: /php-src/ext/sessionsession.c Log: Correctly initialize ZVAL http://cvs.php.net/diff.php/php-src/ext/session/session.c?r1=1.405r2=1.406ty=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.405 php-src/ext/session/session.c:1.406 --- php-src/ext/session/session.c:1.405 Sun Jan 9 12:49:51 2005 +++ php-src/ext/session/session.c Fri Jan 21 11:03:47 2005 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.405 2005/01/09 17:49:51 tony2001 Exp $ */ +/* $Id: session.c,v 1.406 2005/01/21 16:03:47 sesser Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -425,7 +425,7 @@ p += namelen + 1; if (has_value) { - MAKE_STD_ZVAL(current); + ALLOC_INIT_ZVAL(current); if (php_var_unserialize(current, (const unsigned char **) p, endptr, var_hash TSRMLS_CC)) { php_set_session_var(name, namelen, current, var_hash TSRMLS_CC); } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_0) /ext/session session.c
sesser Fri Jan 21 11:04:25 2005 EDT Modified files: (Branch: PHP_5_0) /php-src/ext/sessionsession.c Log: MFH http://cvs.php.net/diff.php/php-src/ext/session/session.c?r1=1.391.2.7r2=1.391.2.8ty=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.391.2.7 php-src/ext/session/session.c:1.391.2.8 --- php-src/ext/session/session.c:1.391.2.7 Sun Jan 9 12:58:16 2005 +++ php-src/ext/session/session.c Fri Jan 21 11:04:25 2005 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.391.2.7 2005/01/09 17:58:16 tony2001 Exp $ */ +/* $Id: session.c,v 1.391.2.8 2005/01/21 16:04:25 sesser Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -425,7 +425,7 @@ p += namelen + 1; if (has_value) { - MAKE_STD_ZVAL(current); + ALLOC_INIT_ZVAL(current); if (php_var_unserialize(current, (const unsigned char**)p, endptr, var_hash TSRMLS_CC)) { php_set_session_var(name, namelen, current, var_hash TSRMLS_CC); } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_3) /ext/session session.c
sesser Fri Jan 21 11:04:54 2005 EDT Modified files: (Branch: PHP_4_3) /php-src/ext/sessionsession.c Log: MFH http://cvs.php.net/diff.php/php-src/ext/session/session.c?r1=1.336.2.48r2=1.336.2.49ty=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.336.2.48 php-src/ext/session/session.c:1.336.2.49 --- php-src/ext/session/session.c:1.336.2.48Sun Jan 9 12:57:50 2005 +++ php-src/ext/session/session.c Fri Jan 21 11:04:54 2005 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.336.2.48 2005/01/09 17:57:50 tony2001 Exp $ */ +/* $Id: session.c,v 1.336.2.49 2005/01/21 16:04:54 sesser Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -408,7 +408,7 @@ p += namelen + 1; if (has_value) { - MAKE_STD_ZVAL(current); + ALLOC_INIT_ZVAL(current); if (php_var_unserialize(current, (const unsigned char **)p, endptr, var_hash TSRMLS_CC)) { php_set_session_var(name, namelen, current, var_hash TSRMLS_CC); } @@ -488,7 +488,7 @@ q++; if (has_value) { - MAKE_STD_ZVAL(current); + ALLOC_INIT_ZVAL(current); if (php_var_unserialize(current, (const unsigned char **)q, endptr, var_hash TSRMLS_CC)) { php_set_session_var(name, namelen, current, var_hash TSRMLS_CC); } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/standard var_unserializer.c var_unserializer.re
sesser Mon Jan 17 06:45:09 2005 EDT Modified files: /php-src/ext/standard var_unserializer.c var_unserializer.re Log: Fix compiler warning. http://cvs.php.net/diff.php/php-src/ext/standard/var_unserializer.c?r1=1.48r2=1.49ty=u Index: php-src/ext/standard/var_unserializer.c diff -u php-src/ext/standard/var_unserializer.c:1.48 php-src/ext/standard/var_unserializer.c:1.49 --- php-src/ext/standard/var_unserializer.c:1.48Sat Jan 15 13:30:16 2005 +++ php-src/ext/standard/var_unserializer.c Mon Jan 17 06:45:09 2005 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: var_unserializer.c,v 1.48 2005/01/15 18:30:16 sesser Exp $ */ +/* $Id: var_unserializer.c,v 1.49 2005/01/17 11:45:09 sesser Exp $ */ #include php.h #include ext/standard/php_var.h @@ -213,7 +213,7 @@ static inline int process_nested_data(UNSERIALIZE_PARAMETER, HashTable *ht, int elements) { while (elements-- 0) { - zval *key, *data, *old_data; + zval *key, *data, **old_data; ALLOC_INIT_ZVAL(key); http://cvs.php.net/diff.php/php-src/ext/standard/var_unserializer.re?r1=1.37r2=1.38ty=u Index: php-src/ext/standard/var_unserializer.re diff -u php-src/ext/standard/var_unserializer.re:1.37 php-src/ext/standard/var_unserializer.re:1.38 --- php-src/ext/standard/var_unserializer.re:1.37 Sat Jan 15 13:30:16 2005 +++ php-src/ext/standard/var_unserializer.reMon Jan 17 06:45:09 2005 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: var_unserializer.re,v 1.37 2005/01/15 18:30:16 sesser Exp $ */ +/* $Id: var_unserializer.re,v 1.38 2005/01/17 11:45:09 sesser Exp $ */ #include php.h #include ext/standard/php_var.h @@ -216,7 +216,7 @@ static inline int process_nested_data(UNSERIALIZE_PARAMETER, HashTable *ht, int elements) { while (elements-- 0) { - zval *key, *data, *old_data; + zval *key, *data, **old_data; ALLOC_INIT_ZVAL(key); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_3) /ext/standard var_unserializer.c var_unserializer.re
sesser Mon Jan 17 06:46:12 2005 EDT Modified files: (Branch: PHP_4_3) /php-src/ext/standard var_unserializer.c var_unserializer.re Log: Fix compiler warning. http://cvs.php.net/diff.php/php-src/ext/standard/var_unserializer.c?r1=1.18.4.15r2=1.18.4.16ty=u Index: php-src/ext/standard/var_unserializer.c diff -u php-src/ext/standard/var_unserializer.c:1.18.4.15 php-src/ext/standard/var_unserializer.c:1.18.4.16 --- php-src/ext/standard/var_unserializer.c:1.18.4.15 Sat Jan 15 13:44:29 2005 +++ php-src/ext/standard/var_unserializer.c Mon Jan 17 06:46:11 2005 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: var_unserializer.c,v 1.18.4.15 2005/01/15 18:44:29 sesser Exp $ */ +/* $Id: var_unserializer.c,v 1.18.4.16 2005/01/17 11:46:11 sesser Exp $ */ #include php.h #include ext/standard/php_var.h @@ -152,10 +152,10 @@ -static inline int parse_iv2(const unsigned char *p, const unsigned char **q) +static inline long parse_iv2(const unsigned char *p, const unsigned char **q) { char cursor; - int result = 0; + long result = 0; int neg = 0; switch (*p) { @@ -180,7 +180,7 @@ return result; } -static inline int parse_iv(const unsigned char *p) +static inline long parse_iv(const unsigned char *p) { return parse_iv2(p, NULL); } @@ -213,7 +213,7 @@ static inline int process_nested_data(UNSERIALIZE_PARAMETER, HashTable *ht, int elements) { while (elements-- 0) { - zval *key, *data, *old_data; + zval *key, *data, **old_data; ALLOC_INIT_ZVAL(key); @@ -279,7 +279,7 @@ static inline int object_common1(UNSERIALIZE_PARAMETER, zend_class_entry *ce) { - int elements; + long elements; elements = parse_iv2((*p) + 2, p); @@ -621,7 +621,7 @@ yy37: #line 419 { - int elements = parse_iv(start + 2); + long elements = parse_iv(start + 2); *p = YYCURSOR; http://cvs.php.net/diff.php/php-src/ext/standard/var_unserializer.re?r1=1.11.4.9r2=1.11.4.10ty=u Index: php-src/ext/standard/var_unserializer.re diff -u php-src/ext/standard/var_unserializer.re:1.11.4.9 php-src/ext/standard/var_unserializer.re:1.11.4.10 --- php-src/ext/standard/var_unserializer.re:1.11.4.9 Sat Jan 15 13:44:29 2005 +++ php-src/ext/standard/var_unserializer.reMon Jan 17 06:46:11 2005 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: var_unserializer.re,v 1.11.4.9 2005/01/15 18:44:29 sesser Exp $ */ +/* $Id: var_unserializer.re,v 1.11.4.10 2005/01/17 11:46:11 sesser Exp $ */ #include php.h #include ext/standard/php_var.h @@ -216,7 +216,7 @@ static inline int process_nested_data(UNSERIALIZE_PARAMETER, HashTable *ht, int elements) { while (elements-- 0) { - zval *key, *data, *old_data; + zval *key, *data, **old_data; ALLOC_INIT_ZVAL(key); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_3) /ext/standard var_unserializer.c var_unserializer.re
sesser Mon Jan 17 07:28:11 2005 EDT Modified files: (Branch: PHP_4_3) /php-src/ext/standard var_unserializer.c var_unserializer.re Log: MFH: 64bit fixes http://cvs.php.net/diff.php/php-src/ext/standard/var_unserializer.c?r1=1.18.4.16r2=1.18.4.17ty=u Index: php-src/ext/standard/var_unserializer.c diff -u php-src/ext/standard/var_unserializer.c:1.18.4.16 php-src/ext/standard/var_unserializer.c:1.18.4.17 --- php-src/ext/standard/var_unserializer.c:1.18.4.16 Mon Jan 17 06:46:11 2005 +++ php-src/ext/standard/var_unserializer.c Mon Jan 17 07:28:08 2005 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: var_unserializer.c,v 1.18.4.16 2005/01/17 11:46:11 sesser Exp $ */ +/* $Id: var_unserializer.c,v 1.18.4.17 2005/01/17 12:28:08 sesser Exp $ */ #include php.h #include ext/standard/php_var.h @@ -279,7 +279,7 @@ static inline int object_common1(UNSERIALIZE_PARAMETER, zend_class_entry *ce) { - long elements; + int elements; elements = parse_iv2((*p) + 2, p); @@ -621,7 +621,7 @@ yy37: #line 419 { - long elements = parse_iv(start + 2); + int elements = parse_iv(start + 2); *p = YYCURSOR; http://cvs.php.net/diff.php/php-src/ext/standard/var_unserializer.re?r1=1.11.4.10r2=1.11.4.11ty=u Index: php-src/ext/standard/var_unserializer.re diff -u php-src/ext/standard/var_unserializer.re:1.11.4.10 php-src/ext/standard/var_unserializer.re:1.11.4.11 --- php-src/ext/standard/var_unserializer.re:1.11.4.10 Mon Jan 17 06:46:11 2005 +++ php-src/ext/standard/var_unserializer.reMon Jan 17 07:28:08 2005 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: var_unserializer.re,v 1.11.4.10 2005/01/17 11:46:11 sesser Exp $ */ +/* $Id: var_unserializer.re,v 1.11.4.11 2005/01/17 12:28:08 sesser Exp $ */ #include php.h #include ext/standard/php_var.h @@ -155,10 +155,10 @@ -static inline int parse_iv2(const unsigned char *p, const unsigned char **q) +static inline long parse_iv2(const unsigned char *p, const unsigned char **q) { char cursor; - int result = 0; + long result = 0; int neg = 0; switch (*p) { @@ -183,7 +183,7 @@ return result; } -static inline int parse_iv(const unsigned char *p) +static inline long parse_iv(const unsigned char *p) { return parse_iv2(p, NULL); } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_0) /ext/standard var_unserializer.c var_unserializer.re
sesser Mon Jan 17 07:13:35 2005 EDT Modified files: (Branch: PHP_5_0) /php-src/ext/standard var_unserializer.c var_unserializer.re Log: MFH: 64bit fix + compiler warning fix http://cvs.php.net/diff.php/php-src/ext/standard/var_unserializer.c?r1=1.38.2.6r2=1.38.2.7ty=u Index: php-src/ext/standard/var_unserializer.c diff -u php-src/ext/standard/var_unserializer.c:1.38.2.6 php-src/ext/standard/var_unserializer.c:1.38.2.7 --- php-src/ext/standard/var_unserializer.c:1.38.2.6Sun Jan 16 17:02:50 2005 +++ php-src/ext/standard/var_unserializer.c Mon Jan 17 07:13:32 2005 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: var_unserializer.c,v 1.38.2.6 2005/01/16 22:02:50 sesser Exp $ */ +/* $Id: var_unserializer.c,v 1.38.2.7 2005/01/17 12:13:32 sesser Exp $ */ #include php.h #include ext/standard/php_var.h @@ -152,10 +152,10 @@ -static inline int parse_iv2(const unsigned char *p, const unsigned char **q) +static inline long parse_iv2(const unsigned char *p, const unsigned char **q) { char cursor; - int result = 0; + long result = 0; int neg = 0; switch (*p) { @@ -180,7 +180,7 @@ return result; } -static inline int parse_iv(const unsigned char *p) +static inline long parse_iv(const unsigned char *p) { return parse_iv2(p, NULL); } @@ -213,7 +213,7 @@ static inline int process_nested_data(UNSERIALIZE_PARAMETER, HashTable *ht, int elements) { while (elements-- 0) { - zval *key, *data, *old_data; + zval *key, *data, **old_data; ALLOC_INIT_ZVAL(key); http://cvs.php.net/diff.php/php-src/ext/standard/var_unserializer.re?r1=1.27.2.6r2=1.27.2.7ty=u Index: php-src/ext/standard/var_unserializer.re diff -u php-src/ext/standard/var_unserializer.re:1.27.2.6 php-src/ext/standard/var_unserializer.re:1.27.2.7 --- php-src/ext/standard/var_unserializer.re:1.27.2.6 Sun Jan 16 17:02:50 2005 +++ php-src/ext/standard/var_unserializer.reMon Jan 17 07:13:33 2005 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: var_unserializer.re,v 1.27.2.6 2005/01/16 22:02:50 sesser Exp $ */ +/* $Id: var_unserializer.re,v 1.27.2.7 2005/01/17 12:13:33 sesser Exp $ */ #include php.h #include ext/standard/php_var.h @@ -155,10 +155,10 @@ -static inline int parse_iv2(const unsigned char *p, const unsigned char **q) +static inline long parse_iv2(const unsigned char *p, const unsigned char **q) { char cursor; - int result = 0; + long result = 0; int neg = 0; switch (*p) { @@ -183,7 +183,7 @@ return result; } -static inline int parse_iv(const unsigned char *p) +static inline long parse_iv(const unsigned char *p) { return parse_iv2(p, NULL); } @@ -216,7 +216,7 @@ static inline int process_nested_data(UNSERIALIZE_PARAMETER, HashTable *ht, int elements) { while (elements-- 0) { - zval *key, *data, *old_data; + zval *key, *data, **old_data; ALLOC_INIT_ZVAL(key); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/standard php_var.h var_unserializer.c var_unserializer.re
sesser Sat Jan 15 13:18:09 2005 EDT Modified files: /php-src/ext/standard php_var.h var_unserializer.c var_unserializer.re Log: Restore unserialize() speed http://cvs.php.net/diff.php/php-src/ext/standard/php_var.h?r1=1.28r2=1.29ty=u Index: php-src/ext/standard/php_var.h diff -u php-src/ext/standard/php_var.h:1.28 php-src/ext/standard/php_var.h:1.29 --- php-src/ext/standard/php_var.h:1.28 Sun Sep 5 12:29:04 2004 +++ php-src/ext/standard/php_var.h Sat Jan 15 13:18:08 2005 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: php_var.h,v 1.28 2004/09/05 16:29:04 helly Exp $ */ +/* $Id: php_var.h,v 1.29 2005/01/15 18:18:08 sesser Exp $ */ #ifndef PHP_VAR_H #define PHP_VAR_H @@ -41,6 +41,7 @@ struct php_unserialize_data { void *first; + void *first_dtor; }; typedef struct php_unserialize_data php_unserialize_data_t; @@ -54,7 +55,8 @@ zend_hash_destroy((var_hash)) #define PHP_VAR_UNSERIALIZE_INIT(var_hash) \ - (var_hash).first = 0 + (var_hash).first = 0; \ + (var_hash).first_dtor = 0 #define PHP_VAR_UNSERIALIZE_DESTROY(var_hash) \ var_destroy((var_hash)) http://cvs.php.net/diff.php/php-src/ext/standard/var_unserializer.c?r1=1.46r2=1.47ty=u Index: php-src/ext/standard/var_unserializer.c diff -u php-src/ext/standard/var_unserializer.c:1.46 php-src/ext/standard/var_unserializer.c:1.47 --- php-src/ext/standard/var_unserializer.c:1.46Fri Dec 3 11:02:48 2004 +++ php-src/ext/standard/var_unserializer.c Sat Jan 15 13:18:08 2005 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: var_unserializer.c,v 1.46 2004/12/03 16:02:48 sesser Exp $ */ +/* $Id: var_unserializer.c,v 1.47 2005/01/15 18:18:08 sesser Exp $ */ #include php.h #include ext/standard/php_var.h @@ -56,6 +56,30 @@ var_hash-data[var_hash-used_slots++] = *rval; } +static inline void var_push_dtor(php_unserialize_data_t *var_hashx, zval **rval) +{ + var_entries *var_hash = var_hashx-first_dtor, *prev = NULL; + + while (var_hash var_hash-used_slots == VAR_ENTRIES_MAX) { + prev = var_hash; + var_hash = var_hash-next; + } + + if (!var_hash) { + var_hash = emalloc(sizeof(var_entries)); + var_hash-used_slots = 0; + var_hash-next = 0; + + if (!var_hashx-first_dtor) + var_hashx-first_dtor = var_hash; + else + prev-next = var_hash; + } + + (*rval)-refcount++; + var_hash-data[var_hash-used_slots++] = *rval; +} + PHPAPI void var_replace(php_unserialize_data_t *var_hashx, zval *ozval, zval **nzval) { int i; @@ -93,6 +117,7 @@ PHPAPI void var_destroy(php_unserialize_data_t *var_hashx) { void *next; + int i; var_entries *var_hash = var_hashx-first; while (var_hash) { @@ -100,6 +125,17 @@ efree(var_hash); var_hash = next; } + + var_hash = var_hashx-first_dtor; + + while (var_hash) { + for (i = 0; i var_hash-used_slots; i++) { + zval_ptr_dtor(var_hash-data[i]); + } + next = var_hash-next; + efree(var_hash); + var_hash = next; + } } /* }}} */ http://cvs.php.net/diff.php/php-src/ext/standard/var_unserializer.re?r1=1.35r2=1.36ty=u Index: php-src/ext/standard/var_unserializer.re diff -u php-src/ext/standard/var_unserializer.re:1.35 php-src/ext/standard/var_unserializer.re:1.36 --- php-src/ext/standard/var_unserializer.re:1.35 Fri Dec 3 11:02:48 2004 +++ php-src/ext/standard/var_unserializer.reSat Jan 15 13:18:08 2005 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: var_unserializer.re,v 1.35 2004/12/03 16:02:48 sesser Exp $ */ +/* $Id: var_unserializer.re,v 1.36 2005/01/15 18:18:08 sesser Exp $ */ #include php.h #include ext/standard/php_var.h @@ -54,6 +54,30 @@ var_hash-data[var_hash-used_slots++] = *rval; } +static inline void var_push_dtor(php_unserialize_data_t *var_hashx, zval **rval) +{ + var_entries *var_hash = var_hashx-first_dtor, *prev = NULL; + + while (var_hash var_hash-used_slots == VAR_ENTRIES_MAX) { + prev = var_hash; + var_hash = var_hash-next; + } + + if (!var_hash) { + var_hash = emalloc(sizeof(var_entries)); + var_hash-used_slots = 0; + var_hash-next = 0; + + if (!var_hashx-first_dtor) + var_hashx-first_dtor = var_hash; + else + prev-next = var_hash; + } + + (*rval)-refcount++; +
[PHP-CVS] cvs: php-src(PHP_4_3) /ext/standard php_var.h var_unserializer.c var_unserializer.re
sesser Sat Jan 15 13:44:30 2005 EDT Modified files: (Branch: PHP_4_3) /php-src/ext/standard php_var.h var_unserializer.c var_unserializer.re Log: MFH http://cvs.php.net/diff.php/php-src/ext/standard/php_var.h?r1=1.21.4.4r2=1.21.4.5ty=u Index: php-src/ext/standard/php_var.h diff -u php-src/ext/standard/php_var.h:1.21.4.4 php-src/ext/standard/php_var.h:1.21.4.5 --- php-src/ext/standard/php_var.h:1.21.4.4 Fri Sep 24 17:57:18 2004 +++ php-src/ext/standard/php_var.h Sat Jan 15 13:44:29 2005 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: php_var.h,v 1.21.4.4 2004/09/24 21:57:18 helly Exp $ */ +/* $Id: php_var.h,v 1.21.4.5 2005/01/15 18:44:29 sesser Exp $ */ #ifndef PHP_VAR_H #define PHP_VAR_H @@ -41,6 +41,7 @@ struct php_unserialize_data { void *first; + void *first_dtor; }; typedef struct php_unserialize_data php_unserialize_data_t; @@ -54,7 +55,8 @@ zend_hash_destroy((var_hash)) #define PHP_VAR_UNSERIALIZE_INIT(var_hash) \ - (var_hash).first = 0 + (var_hash).first = 0; \ + (var_hash).first_dtor = 0 #define PHP_VAR_UNSERIALIZE_DESTROY(var_hash) \ var_destroy((var_hash)) http://cvs.php.net/diff.php/php-src/ext/standard/var_unserializer.c?r1=1.18.4.14r2=1.18.4.15ty=u Index: php-src/ext/standard/var_unserializer.c diff -u php-src/ext/standard/var_unserializer.c:1.18.4.14 php-src/ext/standard/var_unserializer.c:1.18.4.15 --- php-src/ext/standard/var_unserializer.c:1.18.4.14 Fri Dec 3 11:09:19 2004 +++ php-src/ext/standard/var_unserializer.c Sat Jan 15 13:44:29 2005 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: var_unserializer.c,v 1.18.4.14 2004/12/03 16:09:19 sesser Exp $ */ +/* $Id: var_unserializer.c,v 1.18.4.15 2005/01/15 18:44:29 sesser Exp $ */ #include php.h #include ext/standard/php_var.h @@ -56,6 +56,30 @@ var_hash-data[var_hash-used_slots++] = *rval; } +static inline void var_push_dtor(php_unserialize_data_t *var_hashx, zval **rval) +{ + var_entries *var_hash = var_hashx-first_dtor, *prev = NULL; + + while (var_hash var_hash-used_slots == VAR_ENTRIES_MAX) { + prev = var_hash; + var_hash = var_hash-next; + } + + if (!var_hash) { + var_hash = emalloc(sizeof(var_entries)); + var_hash-used_slots = 0; + var_hash-next = 0; + + if (!var_hashx-first_dtor) + var_hashx-first_dtor = var_hash; + else + prev-next = var_hash; + } + + (*rval)-refcount++; + var_hash-data[var_hash-used_slots++] = *rval; +} + PHPAPI void var_replace(php_unserialize_data_t *var_hashx, zval *ozval, zval **nzval) { int i; @@ -93,6 +117,7 @@ PHPAPI void var_destroy(php_unserialize_data_t *var_hashx) { void *next; + int i; var_entries *var_hash = var_hashx-first; while (var_hash) { @@ -100,6 +125,17 @@ efree(var_hash); var_hash = next; } + + var_hash = var_hashx-first_dtor; + + while (var_hash) { + for (i = 0; i var_hash-used_slots; i++) { + zval_ptr_dtor(var_hash-data[i]); + } + next = var_hash-next; + efree(var_hash); + var_hash = next; + } } /* }}} */ @@ -205,14 +241,14 @@ switch (Z_TYPE_P(key)) { case IS_LONG: - if (zend_hash_index_find(ht, Z_LVAL_P(key), (void **)old_data)) { - var_replace(var_hash, old_data, rval); + if (zend_hash_index_find(ht, Z_LVAL_P(key), (void **)old_data)==SUCCESS) { + var_push_dtor(var_hash, old_data); } zend_hash_index_update(ht, Z_LVAL_P(key), data, sizeof(data), NULL); break; case IS_STRING: - if (zend_hash_find(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, (void **)old_data)) { - var_replace(var_hash, old_data, rval); + if (zend_hash_find(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, (void **)old_data)==SUCCESS) { + var_push_dtor(var_hash, old_data); } zend_hash_update(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, data, sizeof(data), NULL); break; http://cvs.php.net/diff.php/php-src/ext/standard/var_unserializer.re?r1=1.11.4.8r2=1.11.4.9ty=u Index: php-src/ext/standard/var_unserializer.re
[PHP-CVS] cvs: php-src(PHP_5_0) /ext/standard php_var.h var_unserializer.c var_unserializer.re
sesser Sat Jan 15 13:49:26 2005 EDT Modified files: (Branch: PHP_5_0) /php-src/ext/standard php_var.h var_unserializer.c var_unserializer.re Log: MFH http://cvs.php.net/diff.php/php-src/ext/standard/php_var.h?r1=1.27.2.1r2=1.27.2.2ty=u Index: php-src/ext/standard/php_var.h diff -u php-src/ext/standard/php_var.h:1.27.2.1 php-src/ext/standard/php_var.h:1.27.2.2 --- php-src/ext/standard/php_var.h:1.27.2.1 Fri Sep 24 18:05:35 2004 +++ php-src/ext/standard/php_var.h Sat Jan 15 13:49:25 2005 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: php_var.h,v 1.27.2.1 2004/09/24 22:05:35 helly Exp $ */ +/* $Id: php_var.h,v 1.27.2.2 2005/01/15 18:49:25 sesser Exp $ */ #ifndef PHP_VAR_H #define PHP_VAR_H @@ -41,6 +41,7 @@ struct php_unserialize_data { void *first; + void *first_dtor; }; typedef struct php_unserialize_data php_unserialize_data_t; @@ -54,7 +55,8 @@ zend_hash_destroy((var_hash)) #define PHP_VAR_UNSERIALIZE_INIT(var_hash) \ - (var_hash).first = 0 + (var_hash).first = 0; \ + (var_hash).first_dtor = 0 #define PHP_VAR_UNSERIALIZE_DESTROY(var_hash) \ var_destroy((var_hash)) http://cvs.php.net/diff.php/php-src/ext/standard/var_unserializer.c?r1=1.38.2.4r2=1.38.2.5ty=u Index: php-src/ext/standard/var_unserializer.c diff -u php-src/ext/standard/var_unserializer.c:1.38.2.4 php-src/ext/standard/var_unserializer.c:1.38.2.5 --- php-src/ext/standard/var_unserializer.c:1.38.2.4Fri Dec 3 11:10:29 2004 +++ php-src/ext/standard/var_unserializer.c Sat Jan 15 13:49:25 2005 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: var_unserializer.c,v 1.38.2.4 2004/12/03 16:10:29 sesser Exp $ */ +/* $Id: var_unserializer.c,v 1.38.2.5 2005/01/15 18:49:25 sesser Exp $ */ #include php.h #include ext/standard/php_var.h @@ -56,6 +56,29 @@ var_hash-data[var_hash-used_slots++] = *rval; } +static inline void var_push(php_unserialize_data_t *var_hashx, zval **rval) +{ + var_entries *var_hash = var_hashx-first, *prev = NULL; + + while (var_hash var_hash-used_slots == VAR_ENTRIES_MAX) { + prev = var_hash; + var_hash = var_hash-next; + } + + if (!var_hash) { + var_hash = emalloc(sizeof(var_entries)); + var_hash-used_slots = 0; + var_hash-next = 0; + + if (!var_hashx-first) + var_hashx-first = var_hash; + else + prev-next = var_hash; + } + + var_hash-data[var_hash-used_slots++] = *rval; +} + PHPAPI void var_replace(php_unserialize_data_t *var_hashx, zval *ozval, zval **nzval) { int i; @@ -93,6 +116,7 @@ PHPAPI void var_destroy(php_unserialize_data_t *var_hashx) { void *next; + int i; var_entries *var_hash = var_hashx-first; while (var_hash) { @@ -100,6 +124,17 @@ efree(var_hash); var_hash = next; } + + var_hash = var_hashx-first_dtor; + + while (var_hash) { + for (i = 0; i var_hash-used_slots; i++) { + zval_ptr_dtor(var_hash-data[i]); + } + next = var_hash-next; + efree(var_hash); + var_hash = next; + } } /* }}} */ @@ -205,14 +240,14 @@ switch (Z_TYPE_P(key)) { case IS_LONG: - if (zend_hash_index_find(ht, Z_LVAL_P(key), (void **)old_data)) { - var_replace(var_hash, old_data, rval); + if (zend_hash_index_find(ht, Z_LVAL_P(key), (void **)old_data)==SUCCESS) { + var_push_dtor(var_hash, old_data); } zend_hash_index_update(ht, Z_LVAL_P(key), data, sizeof(data), NULL); break; case IS_STRING: - if (zend_hash_find(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, (void **)old_data)) { - var_replace(var_hash, old_data, rval); + if (zend_hash_find(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, (void **)old_data)==SUCCESS) { + var_push_dtor(var_hash, old_data); } zend_hash_update(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, data, sizeof(data), NULL); break; http://cvs.php.net/diff.php/php-src/ext/standard/var_unserializer.re?r1=1.27.2.4r2=1.27.2.5ty=u Index: php-src/ext/standard/var_unserializer.re diff -u php-src/ext/standard/var_unserializer.re:1.27.2.4
Re: [PHP-CVS] cvs: php-src /ext/standard var_unserializer.c var_unserializer.re
Marcus Boerger wrote: Hello Stefan, reading the patch twice and checking the code again. Why not simply replace the index type 'iv' with 'uiv' ? R: iv ; - R: uiv ; r: iv ; - r: uiv ; Because that would not fix anything. Both functions do not check for integer overflows when generating the number. So any positive number above 2^31 will be negative when casted to int. Stefan -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/standard var_unserializer.c var_unserializer.re
sesser Fri Dec 3 11:02:48 2004 EDT Modified files: /php-src/ext/standard var_unserializer.c var_unserializer.re Log: Handle already existing elements correctly http://cvs.php.net/diff.php/php-src/ext/standard/var_unserializer.c?r1=1.45r2=1.46ty=u Index: php-src/ext/standard/var_unserializer.c diff -u php-src/ext/standard/var_unserializer.c:1.45 php-src/ext/standard/var_unserializer.c:1.46 --- php-src/ext/standard/var_unserializer.c:1.45Wed Dec 1 17:42:00 2004 +++ php-src/ext/standard/var_unserializer.c Fri Dec 3 11:02:48 2004 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: var_unserializer.c,v 1.45 2004/12/01 22:42:00 sesser Exp $ */ +/* $Id: var_unserializer.c,v 1.46 2004/12/03 16:02:48 sesser Exp $ */ #include php.h #include ext/standard/php_var.h @@ -65,7 +65,7 @@ for (i = 0; i var_hash-used_slots; i++) { if (var_hash-data[i] == ozval) { var_hash-data[i] = *nzval; - return; + /* do not break here */ } } var_hash = var_hash-next; @@ -177,7 +177,7 @@ static inline int process_nested_data(UNSERIALIZE_PARAMETER, HashTable *ht, int elements) { while (elements-- 0) { - zval *key, *data; + zval *key, *data, *old_data; ALLOC_INIT_ZVAL(key); @@ -205,9 +205,15 @@ switch (Z_TYPE_P(key)) { case IS_LONG: + if (zend_hash_index_find(ht, Z_LVAL_P(key), (void **)old_data)) { + var_replace(var_hash, old_data, rval); + } zend_hash_index_update(ht, Z_LVAL_P(key), data, sizeof(data), NULL); break; case IS_STRING: + if (zend_hash_find(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, (void **)old_data)) { + var_replace(var_hash, old_data, rval); + } zend_hash_update(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, data, sizeof(data), NULL); break; } @@ -947,6 +953,8 @@ if (id == -1 || var_access(var_hash, id, rval_ref) != SUCCESS) { return 0; } + + if (*rval == *rval_ref) return 0; if (*rval != NULL) { zval_ptr_dtor(rval); http://cvs.php.net/diff.php/php-src/ext/standard/var_unserializer.re?r1=1.34r2=1.35ty=u Index: php-src/ext/standard/var_unserializer.re diff -u php-src/ext/standard/var_unserializer.re:1.34 php-src/ext/standard/var_unserializer.re:1.35 --- php-src/ext/standard/var_unserializer.re:1.34 Wed Dec 1 17:42:00 2004 +++ php-src/ext/standard/var_unserializer.reFri Dec 3 11:02:48 2004 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: var_unserializer.re,v 1.34 2004/12/01 22:42:00 sesser Exp $ */ +/* $Id: var_unserializer.re,v 1.35 2004/12/03 16:02:48 sesser Exp $ */ #include php.h #include ext/standard/php_var.h @@ -63,7 +63,7 @@ for (i = 0; i var_hash-used_slots; i++) { if (var_hash-data[i] == ozval) { var_hash-data[i] = *nzval; - return; + /* do not break here */ } } var_hash = var_hash-next; @@ -180,7 +180,7 @@ static inline int process_nested_data(UNSERIALIZE_PARAMETER, HashTable *ht, int elements) { while (elements-- 0) { - zval *key, *data; + zval *key, *data, *old_data; ALLOC_INIT_ZVAL(key); @@ -208,9 +208,15 @@ switch (Z_TYPE_P(key)) { case IS_LONG: + if (zend_hash_index_find(ht, Z_LVAL_P(key), (void **)old_data)) { + var_replace(var_hash, old_data, rval); + } zend_hash_index_update(ht, Z_LVAL_P(key), data, sizeof(data), NULL); break; case IS_STRING: + if (zend_hash_find(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, (void **)old_data)) { + var_replace(var_hash, old_data, rval); + } zend_hash_update(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, data, sizeof(data), NULL); break; } @@ -321,6 +327,8 @@ return 0; } + if (*rval ==
[PHP-CVS] cvs: php-src(PHP_5_0) /ext/standard var_unserializer.c var_unserializer.re
sesser Fri Dec 3 11:04:10 2004 EDT Modified files: (Branch: PHP_5_0) /php-src/ext/standard var_unserializer.c var_unserializer.re Log: MFH http://cvs.php.net/diff.php/php-src/ext/standard/var_unserializer.c?r1=1.38.2.2r2=1.38.2.3ty=u Index: php-src/ext/standard/var_unserializer.c diff -u php-src/ext/standard/var_unserializer.c:1.38.2.2 php-src/ext/standard/var_unserializer.c:1.38.2.3 --- php-src/ext/standard/var_unserializer.c:1.38.2.2Wed Dec 1 17:42:14 2004 +++ php-src/ext/standard/var_unserializer.c Fri Dec 3 11:04:10 2004 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: var_unserializer.c,v 1.38.2.2 2004/12/01 22:42:14 sesser Exp $ */ +/* $Id: var_unserializer.c,v 1.38.2.3 2004/12/03 16:04:10 sesser Exp $ */ #include php.h #include ext/standard/php_var.h @@ -205,9 +205,15 @@ switch (Z_TYPE_P(key)) { case IS_LONG: + if (zend_hash_index_find(ht, Z_LVAL_P(key), (void **)old_data)) { + var_replace(var_hash, old_data, rval); + } zend_hash_index_update(ht, Z_LVAL_P(key), data, sizeof(data), NULL); break; case IS_STRING: + if (zend_hash_find(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, (void **)old_data)) { + var_replace(var_hash, old_data, rval); + } zend_hash_update(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, data, sizeof(data), NULL); break; } @@ -947,6 +953,8 @@ if (id == -1 || var_access(var_hash, id, rval_ref) != SUCCESS) { return 0; } + + if (*rval == *rval_ref) return 0; if (*rval != NULL) { zval_ptr_dtor(rval); http://cvs.php.net/diff.php/php-src/ext/standard/var_unserializer.re?r1=1.27.2.2r2=1.27.2.3ty=u Index: php-src/ext/standard/var_unserializer.re diff -u php-src/ext/standard/var_unserializer.re:1.27.2.2 php-src/ext/standard/var_unserializer.re:1.27.2.3 --- php-src/ext/standard/var_unserializer.re:1.27.2.2 Wed Dec 1 17:42:14 2004 +++ php-src/ext/standard/var_unserializer.reFri Dec 3 11:04:10 2004 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: var_unserializer.re,v 1.27.2.2 2004/12/01 22:42:14 sesser Exp $ */ +/* $Id: var_unserializer.re,v 1.27.2.3 2004/12/03 16:04:10 sesser Exp $ */ #include php.h #include ext/standard/php_var.h @@ -208,9 +208,15 @@ switch (Z_TYPE_P(key)) { case IS_LONG: + if (zend_hash_index_find(ht, Z_LVAL_P(key), (void **)old_data)) { + var_replace(var_hash, old_data, rval); + } zend_hash_index_update(ht, Z_LVAL_P(key), data, sizeof(data), NULL); break; case IS_STRING: + if (zend_hash_find(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, (void **)old_data)) { + var_replace(var_hash, old_data, rval); + } zend_hash_update(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, data, sizeof(data), NULL); break; } @@ -320,6 +326,8 @@ if (id == -1 || var_access(var_hash, id, rval_ref) != SUCCESS) { return 0; } + + if (*rval == *rval_ref) return 0; if (*rval != NULL) { zval_ptr_dtor(rval); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_3) /ext/standard var_unserializer.c var_unserializer.re
sesser Fri Dec 3 11:09:20 2004 EDT Modified files: (Branch: PHP_4_3) /php-src/ext/standard var_unserializer.c var_unserializer.re Log: fix compile http://cvs.php.net/diff.php/php-src/ext/standard/var_unserializer.c?r1=1.18.4.13r2=1.18.4.14ty=u Index: php-src/ext/standard/var_unserializer.c diff -u php-src/ext/standard/var_unserializer.c:1.18.4.13 php-src/ext/standard/var_unserializer.c:1.18.4.14 --- php-src/ext/standard/var_unserializer.c:1.18.4.13 Fri Dec 3 11:04:26 2004 +++ php-src/ext/standard/var_unserializer.c Fri Dec 3 11:09:19 2004 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: var_unserializer.c,v 1.18.4.13 2004/12/03 16:04:26 sesser Exp $ */ +/* $Id: var_unserializer.c,v 1.18.4.14 2004/12/03 16:09:19 sesser Exp $ */ #include php.h #include ext/standard/php_var.h @@ -177,7 +177,7 @@ static inline int process_nested_data(UNSERIALIZE_PARAMETER, HashTable *ht, int elements) { while (elements-- 0) { - zval *key, *data; + zval *key, *data, *old_data; ALLOC_INIT_ZVAL(key); http://cvs.php.net/diff.php/php-src/ext/standard/var_unserializer.re?r1=1.11.4.7r2=1.11.4.8ty=u Index: php-src/ext/standard/var_unserializer.re diff -u php-src/ext/standard/var_unserializer.re:1.11.4.7 php-src/ext/standard/var_unserializer.re:1.11.4.8 --- php-src/ext/standard/var_unserializer.re:1.11.4.7 Fri Dec 3 11:04:26 2004 +++ php-src/ext/standard/var_unserializer.reFri Dec 3 11:09:19 2004 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: var_unserializer.re,v 1.11.4.7 2004/12/03 16:04:26 sesser Exp $ */ +/* $Id: var_unserializer.re,v 1.11.4.8 2004/12/03 16:09:19 sesser Exp $ */ #include php.h #include ext/standard/php_var.h @@ -180,7 +180,7 @@ static inline int process_nested_data(UNSERIALIZE_PARAMETER, HashTable *ht, int elements) { while (elements-- 0) { - zval *key, *data; + zval *key, *data, *old_data; ALLOC_INIT_ZVAL(key); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_0) /ext/standard var_unserializer.c var_unserializer.re
sesser Fri Dec 3 11:10:29 2004 EDT Modified files: (Branch: PHP_5_0) /php-src/ext/standard var_unserializer.c var_unserializer.re Log: fix compile http://cvs.php.net/diff.php/php-src/ext/standard/var_unserializer.c?r1=1.38.2.3r2=1.38.2.4ty=u Index: php-src/ext/standard/var_unserializer.c diff -u php-src/ext/standard/var_unserializer.c:1.38.2.3 php-src/ext/standard/var_unserializer.c:1.38.2.4 --- php-src/ext/standard/var_unserializer.c:1.38.2.3Fri Dec 3 11:04:10 2004 +++ php-src/ext/standard/var_unserializer.c Fri Dec 3 11:10:29 2004 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: var_unserializer.c,v 1.38.2.3 2004/12/03 16:04:10 sesser Exp $ */ +/* $Id: var_unserializer.c,v 1.38.2.4 2004/12/03 16:10:29 sesser Exp $ */ #include php.h #include ext/standard/php_var.h @@ -177,7 +177,7 @@ static inline int process_nested_data(UNSERIALIZE_PARAMETER, HashTable *ht, int elements) { while (elements-- 0) { - zval *key, *data; + zval *key, *data, *old_data; ALLOC_INIT_ZVAL(key); http://cvs.php.net/diff.php/php-src/ext/standard/var_unserializer.re?r1=1.27.2.3r2=1.27.2.4ty=u Index: php-src/ext/standard/var_unserializer.re diff -u php-src/ext/standard/var_unserializer.re:1.27.2.3 php-src/ext/standard/var_unserializer.re:1.27.2.4 --- php-src/ext/standard/var_unserializer.re:1.27.2.3 Fri Dec 3 11:04:10 2004 +++ php-src/ext/standard/var_unserializer.reFri Dec 3 11:10:29 2004 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: var_unserializer.re,v 1.27.2.3 2004/12/03 16:04:10 sesser Exp $ */ +/* $Id: var_unserializer.re,v 1.27.2.4 2004/12/03 16:10:29 sesser Exp $ */ #include php.h #include ext/standard/php_var.h @@ -180,7 +180,7 @@ static inline int process_nested_data(UNSERIALIZE_PARAMETER, HashTable *ht, int elements) { while (elements-- 0) { - zval *key, *data; + zval *key, *data, *old_data; ALLOC_INIT_ZVAL(key); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main safe_mode.c
sesser Wed Dec 1 17:37:33 2004 EDT Modified files: /php-src/main safe_mode.c Log: Do not silently truncate http://cvs.php.net/diff.php/php-src/main/safe_mode.c?r1=1.60r2=1.61ty=u Index: php-src/main/safe_mode.c diff -u php-src/main/safe_mode.c:1.60 php-src/main/safe_mode.c:1.61 --- php-src/main/safe_mode.c:1.60 Wed Sep 29 08:35:13 2004 +++ php-src/main/safe_mode.cWed Dec 1 17:37:33 2004 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: safe_mode.c,v 1.60 2004/09/29 12:35:13 hyanantha Exp $ */ +/* $Id: safe_mode.c,v 1.61 2004/12/01 22:37:33 sesser Exp $ */ #include php.h @@ -55,13 +55,15 @@ php_stream_wrapper *wrapper = NULL; TSRMLS_FETCH(); - strlcpy(filenamecopy, filename, MAXPATHLEN); - filename=(char *)filenamecopy; - if (!filename) { return 0; /* path must be provided */ } + if (strlcpy(filenamecopy, filename, MAXPATHLEN)=MAXPATHLEN) { + return 0; + } + filename=(char *)filenamecopy; + if (fopen_mode) { if (fopen_mode[0] == 'r') { mode = CHECKUID_DISALLOW_FILE_NOT_EXISTS; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_0) /main safe_mode.c
sesser Wed Dec 1 17:37:47 2004 EDT Modified files: (Branch: PHP_5_0) /php-src/main safe_mode.c Log: MFH http://cvs.php.net/diff.php/php-src/main/safe_mode.c?r1=1.58r2=1.58.2.1ty=u Index: php-src/main/safe_mode.c diff -u php-src/main/safe_mode.c:1.58 php-src/main/safe_mode.c:1.58.2.1 --- php-src/main/safe_mode.c:1.58 Thu Jan 8 03:17:54 2004 +++ php-src/main/safe_mode.cWed Dec 1 17:37:47 2004 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: safe_mode.c,v 1.58 2004/01/08 08:17:54 andi Exp $ */ +/* $Id: safe_mode.c,v 1.58.2.1 2004/12/01 22:37:47 sesser Exp $ */ #include php.h @@ -55,13 +55,16 @@ php_stream_wrapper *wrapper = NULL; TSRMLS_FETCH(); - strlcpy(filenamecopy, filename, MAXPATHLEN); - filename=(char *)filenamecopy; - if (!filename) { return 0; /* path must be provided */ } + if (strlcpy(filenamecopy, filename, MAXPATHLEN)=MAXPATHLEN) { + return 0; + } + filename=(char *)filenamecopy; + + if (fopen_mode) { if (fopen_mode[0] == 'r') { mode = CHECKUID_DISALLOW_FILE_NOT_EXISTS; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_3) /main safe_mode.c
sesser Wed Dec 1 17:37:59 2004 EDT Modified files: (Branch: PHP_4_3) /php-src/main safe_mode.c Log: MFH http://cvs.php.net/diff.php/php-src/main/safe_mode.c?r1=1.51.2.4r2=1.51.2.5ty=u Index: php-src/main/safe_mode.c diff -u php-src/main/safe_mode.c:1.51.2.4 php-src/main/safe_mode.c:1.51.2.5 --- php-src/main/safe_mode.c:1.51.2.4 Mon Mar 17 08:50:23 2003 +++ php-src/main/safe_mode.cWed Dec 1 17:37:59 2004 @@ -15,7 +15,7 @@ | Author: Rasmus Lerdorf [EMAIL PROTECTED]| +--+ */ -/* $Id: safe_mode.c,v 1.51.2.4 2003/03/17 13:50:23 wez Exp $ */ +/* $Id: safe_mode.c,v 1.51.2.5 2004/12/01 22:37:59 sesser Exp $ */ #include php.h @@ -54,13 +54,15 @@ php_stream_wrapper *wrapper = NULL; TSRMLS_FETCH(); - strlcpy(filenamecopy, filename, MAXPATHLEN); - filename=(char *)filenamecopy; - if (!filename) { return 0; /* path must be provided */ } + if (strlcpy(filenamecopy, filename, MAXPATHLEN)=MAXPATHLEN) { + return 0; + } + filename=(char *)filenamecopy; + if (fopen_mode) { if (fopen_mode[0] == 'r') { mode = CHECKUID_DISALLOW_FILE_NOT_EXISTS; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/standard var_unserializer.c var_unserializer.re
sesser Wed Dec 1 17:42:00 2004 EDT Modified files: /php-src/ext/standard var_unserializer.c var_unserializer.re Log: Beware of negative indices http://cvs.php.net/diff.php/php-src/ext/standard/var_unserializer.c?r1=1.44r2=1.45ty=u Index: php-src/ext/standard/var_unserializer.c diff -u php-src/ext/standard/var_unserializer.c:1.44 php-src/ext/standard/var_unserializer.c:1.45 --- php-src/ext/standard/var_unserializer.c:1.44Sun Sep 26 17:49:16 2004 +++ php-src/ext/standard/var_unserializer.c Wed Dec 1 17:42:00 2004 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: var_unserializer.c,v 1.44 2004/09/26 21:49:16 helly Exp $ */ +/* $Id: var_unserializer.c,v 1.45 2004/12/01 22:42:00 sesser Exp $ */ #include php.h #include ext/standard/php_var.h @@ -83,7 +83,7 @@ if (!var_hash) return !SUCCESS; - if (id = var_hash-used_slots) return !SUCCESS; + if (id 0 || id = var_hash-used_slots) return !SUCCESS; *store = var_hash-data[id]; http://cvs.php.net/diff.php/php-src/ext/standard/var_unserializer.re?r1=1.33r2=1.34ty=u Index: php-src/ext/standard/var_unserializer.re diff -u php-src/ext/standard/var_unserializer.re:1.33 php-src/ext/standard/var_unserializer.re:1.34 --- php-src/ext/standard/var_unserializer.re:1.33 Sun Sep 26 17:47:27 2004 +++ php-src/ext/standard/var_unserializer.reWed Dec 1 17:42:00 2004 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: var_unserializer.re,v 1.33 2004/09/26 21:47:27 helly Exp $ */ +/* $Id: var_unserializer.re,v 1.34 2004/12/01 22:42:00 sesser Exp $ */ #include php.h #include ext/standard/php_var.h @@ -81,7 +81,7 @@ if (!var_hash) return !SUCCESS; - if (id = var_hash-used_slots) return !SUCCESS; + if (id 0 || id = var_hash-used_slots) return !SUCCESS; *store = var_hash-data[id]; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_3) /ext/standard var_unserializer.c var_unserializer.re
sesser Wed Dec 1 17:42:26 2004 EDT Modified files: (Branch: PHP_4_3) /php-src/ext/standard var_unserializer.c var_unserializer.re Log: MFH http://cvs.php.net/diff.php/php-src/ext/standard/var_unserializer.c?r1=1.18.4.11r2=1.18.4.12ty=u Index: php-src/ext/standard/var_unserializer.c diff -u php-src/ext/standard/var_unserializer.c:1.18.4.11 php-src/ext/standard/var_unserializer.c:1.18.4.12 --- php-src/ext/standard/var_unserializer.c:1.18.4.11 Thu Nov 18 17:14:42 2004 +++ php-src/ext/standard/var_unserializer.c Wed Dec 1 17:42:26 2004 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: var_unserializer.c,v 1.18.4.11 2004/11/18 22:14:42 iliaa Exp $ */ +/* $Id: var_unserializer.c,v 1.18.4.12 2004/12/01 22:42:26 sesser Exp $ */ #include php.h #include ext/standard/php_var.h @@ -83,7 +83,7 @@ if (!var_hash) return !SUCCESS; - if (id = var_hash-used_slots) return !SUCCESS; + if (id 0 || id = var_hash-used_slots) return !SUCCESS; *store = var_hash-data[id]; http://cvs.php.net/diff.php/php-src/ext/standard/var_unserializer.re?r1=1.11.4.5r2=1.11.4.6ty=u Index: php-src/ext/standard/var_unserializer.re diff -u php-src/ext/standard/var_unserializer.re:1.11.4.5 php-src/ext/standard/var_unserializer.re:1.11.4.6 --- php-src/ext/standard/var_unserializer.re:1.11.4.5 Thu Nov 18 17:14:42 2004 +++ php-src/ext/standard/var_unserializer.reWed Dec 1 17:42:26 2004 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: var_unserializer.re,v 1.11.4.5 2004/11/18 22:14:42 iliaa Exp $ */ +/* $Id: var_unserializer.re,v 1.11.4.6 2004/12/01 22:42:26 sesser Exp $ */ #include php.h #include ext/standard/php_var.h @@ -81,7 +81,7 @@ if (!var_hash) return !SUCCESS; - if (id = var_hash-used_slots) return !SUCCESS; + if (id 0 || id = var_hash-used_slots) return !SUCCESS; *store = var_hash-data[id]; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/standard pack.c /main php.h
sesser Sun Nov 28 07:44:28 2004 EDT Modified files: /php-src/ext/standard pack.c /php-src/main php.h Log: Fixed: removed possible integer over-/underflows http://cvs.php.net/diff.php/php-src/ext/standard/pack.c?r1=1.53r2=1.54ty=u Index: php-src/ext/standard/pack.c diff -u php-src/ext/standard/pack.c:1.53 php-src/ext/standard/pack.c:1.54 --- php-src/ext/standard/pack.c:1.53Sat Sep 25 11:36:47 2004 +++ php-src/ext/standard/pack.c Sun Nov 28 07:44:28 2004 @@ -15,7 +15,7 @@ | Author: Chris Schneider [EMAIL PROTECTED] | +--+ */ -/* $Id: pack.c,v 1.53 2004/09/25 15:36:47 hyanantha Exp $ */ +/* $Id: pack.c,v 1.54 2004/11/28 12:44:28 sesser Exp $ */ #include php.h @@ -60,6 +60,13 @@ #include netinet/in.h #endif +#define INC_OUTPUTPOS(a,b) \ + if ((a) 0 || ((INT_MAX - outputpos)/(b)) (a)) { \ + php_error_docref(NULL TSRMLS_CC, E_WARNING, Type %c: integer overflow in format string, code); \ + RETURN_FALSE; \ + } \ + outputpos += (a)*(b); + /* Whether machine is little endian */ char machine_little_endian; @@ -243,7 +250,7 @@ switch ((int) code) { case 'h': case 'H': - outputpos += (arg + 1) / 2; /* 4 bit per arg */ + INC_OUTPUTPOS((arg + 1) / 2,1) /* 4 bit per arg */ break; case 'a': @@ -251,34 +258,34 @@ case 'c': case 'C': case 'x': - outputpos += arg; /* 8 bit per arg */ + INC_OUTPUTPOS(arg,1)/* 8 bit per arg */ break; case 's': case 'S': case 'n': case 'v': - outputpos += arg * 2; /* 16 bit per arg */ + INC_OUTPUTPOS(arg,2)/* 16 bit per arg */ break; case 'i': case 'I': - outputpos += arg * sizeof(int); + INC_OUTPUTPOS(arg,sizeof(int)) break; case 'l': case 'L': case 'N': case 'V': - outputpos += arg * 4; /* 32 bit per arg */ + INC_OUTPUTPOS(arg,4)/* 32 bit per arg */ break; case 'f': - outputpos += arg * sizeof(float); + INC_OUTPUTPOS(arg,sizeof(float)) break; case 'd': - outputpos += arg * sizeof(double); + INC_OUTPUTPOS(arg,sizeof(double)) break; case 'X': @@ -647,6 +654,11 @@ sprintf(n, %.*s, namelen, name); } + if (size != 0 size != -1 INT_MAX - size + 1 inputpos) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, Type %c: integer overflow, type); + inputpos = 0; + } + if ((inputpos + size) = inputlen) { switch ((int) type) { case 'a': @@ -817,6 +829,10 @@ } inputpos += size; + if (inputpos 0) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, Type %c: outside of string, type); + inputpos = 0; + } } else if (arg 0) { /* Reached end of input for '*' repeater */ break; http://cvs.php.net/diff.php/php-src/main/php.h?r1=1.208r2=1.209ty=u Index: php-src/main/php.h diff -u php-src/main/php.h:1.208 php-src/main/php.h:1.209 --- php-src/main/php.h:1.208Mon Nov 15 16:04:08 2004 +++ php-src/main/php.h Sun Nov 28 07:44:28 2004 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: php.h,v 1.208 2004/11/15 21:04:08 fmk Exp $ */ +/* $Id: php.h,v 1.209 2004/11/28 12:44:28 sesser Exp $ */ #ifndef PHP_H #define PHP_H @@ -222,6 +222,14 @@ #define LONG_MIN (- LONG_MAX - 1) #endif +#ifndef INT_MAX
[PHP-CVS] cvs: php-src(PHP_5_0) /ext/standard pack.c /main php.h
sesser Sun Nov 28 07:44:42 2004 EDT Modified files: (Branch: PHP_5_0) /php-src/ext/standard pack.c /php-src/main php.h Log: MFH http://cvs.php.net/diff.php/php-src/ext/standard/pack.c?r1=1.52r2=1.52.2.1ty=u Index: php-src/ext/standard/pack.c diff -u php-src/ext/standard/pack.c:1.52 php-src/ext/standard/pack.c:1.52.2.1 --- php-src/ext/standard/pack.c:1.52Tue Feb 24 16:49:28 2004 +++ php-src/ext/standard/pack.c Sun Nov 28 07:44:42 2004 @@ -15,7 +15,7 @@ | Author: Chris Schneider [EMAIL PROTECTED] | +--+ */ -/* $Id: pack.c,v 1.52 2004/02/24 21:49:28 gschlossnagle Exp $ */ +/* $Id: pack.c,v 1.52.2.1 2004/11/28 12:44:42 sesser Exp $ */ #include php.h @@ -61,6 +61,13 @@ #include netinet/in.h #endif +#define INC_OUTPUTPOS(a,b) \ + if ((a) 0 || ((INT_MAX - outputpos)/(b)) (a)) { \ + php_error_docref(NULL TSRMLS_CC, E_WARNING, Type %c: integer overflow in format string, code); \ + RETURN_FALSE; \ + } \ + outputpos += (a)*(b); + /* Whether machine is little endian */ char machine_little_endian; @@ -244,7 +251,7 @@ switch ((int) code) { case 'h': case 'H': - outputpos += (arg + 1) / 2; /* 4 bit per arg */ + INC_OUTPUTPOS((arg + 1) / 2,1) /* 4 bit per arg */ break; case 'a': @@ -252,34 +259,34 @@ case 'c': case 'C': case 'x': - outputpos += arg; /* 8 bit per arg */ + INC_OUTPUTPOS(arg,1)/* 8 bit per arg */ break; case 's': case 'S': case 'n': case 'v': - outputpos += arg * 2; /* 16 bit per arg */ + INC_OUTPUTPOS(arg,2)/* 16 bit per arg */ break; case 'i': case 'I': - outputpos += arg * sizeof(int); + INC_OUTPUTPOS(arg,sizeof(int)) break; case 'l': case 'L': case 'N': case 'V': - outputpos += arg * 4; /* 32 bit per arg */ + INC_OUTPUTPOS(arg,4)/* 32 bit per arg */ break; case 'f': - outputpos += arg * sizeof(float); + INC_OUTPUTPOS(arg,sizeof(float)) break; case 'd': - outputpos += arg * sizeof(double); + INC_OUTPUTPOS(arg,sizeof(double)) break; case 'X': @@ -648,6 +655,11 @@ sprintf(n, %.*s, namelen, name); } + if (size != 0 size != -1 INT_MAX - size + 1 inputpos) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, Type %c: integer overflow, type); + inputpos = 0; + } + if ((inputpos + size) = inputlen) { switch ((int) type) { case 'a': @@ -818,6 +830,10 @@ } inputpos += size; + if (inputpos 0) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, Type %c: outside of string, type); + inputpos = 0; + } } else if (arg 0) { /* Reached end of input for '*' repeater */ break; http://cvs.php.net/diff.php/php-src/main/php.h?r1=1.203.2.3r2=1.203.2.4ty=u Index: php-src/main/php.h diff -u php-src/main/php.h:1.203.2.3 php-src/main/php.h:1.203.2.4 --- php-src/main/php.h:1.203.2.3Mon Nov 15 18:14:39 2004 +++ php-src/main/php.h Sun Nov 28 07:44:42 2004 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: php.h,v 1.203.2.3 2004/11/15 23:14:39 fmk Exp $ */ +/* $Id: php.h,v 1.203.2.4 2004/11/28 12:44:42 sesser Exp $ */ #ifndef PHP_H #define PHP_H @@ -230,6 +230,14 @@ #define LONG_MIN (- LONG_MAX - 1) #endif
[PHP-CVS] cvs: php-src(PHP_4_3) /ext/standard pack.c /main php.h
sesser Sun Nov 28 07:44:56 2004 EDT Modified files: (Branch: PHP_4_3) /php-src/ext/standard pack.c /php-src/main php.h Log: MFH http://cvs.php.net/diff.php/php-src/ext/standard/pack.c?r1=1.40.2.5r2=1.40.2.6ty=u Index: php-src/ext/standard/pack.c diff -u php-src/ext/standard/pack.c:1.40.2.5 php-src/ext/standard/pack.c:1.40.2.6 --- php-src/ext/standard/pack.c:1.40.2.5Wed Feb 25 07:36:24 2004 +++ php-src/ext/standard/pack.c Sun Nov 28 07:44:56 2004 @@ -15,7 +15,7 @@ | Author: Chris Schneider [EMAIL PROTECTED] | +--+ */ -/* $Id: pack.c,v 1.40.2.5 2004/02/25 12:36:24 sniper Exp $ */ +/* $Id: pack.c,v 1.40.2.6 2004/11/28 12:44:56 sesser Exp $ */ #include php.h @@ -63,6 +63,13 @@ #include netinet/in.h #endif +#define INC_OUTPUTPOS(a,b) \ + if ((a) 0 || ((INT_MAX - outputpos)/(b)) (a)) { \ + php_error_docref(NULL TSRMLS_CC, E_WARNING, Type %c: integer overflow in format string, code); \ + RETURN_FALSE; \ + } \ + outputpos += (a)*(b); + /* Whether machine is little endian */ char machine_little_endian; @@ -246,7 +253,7 @@ switch ((int) code) { case 'h': case 'H': - outputpos += (arg + 1) / 2; /* 4 bit per arg */ + INC_OUTPUTPOS((arg + 1) / 2,1) /* 4 bit per arg */ break; case 'a': @@ -254,34 +261,34 @@ case 'c': case 'C': case 'x': - outputpos += arg; /* 8 bit per arg */ + INC_OUTPUTPOS(arg,1)/* 8 bit per arg */ break; case 's': case 'S': case 'n': case 'v': - outputpos += arg * 2; /* 16 bit per arg */ + INC_OUTPUTPOS(arg,2)/* 16 bit per arg */ break; case 'i': case 'I': - outputpos += arg * sizeof(int); + INC_OUTPUTPOS(arg,sizeof(int)) break; case 'l': case 'L': case 'N': case 'V': - outputpos += arg * 4; /* 32 bit per arg */ + INC_OUTPUTPOS(arg,4)/* 32 bit per arg */ break; case 'f': - outputpos += arg * sizeof(float); + INC_OUTPUTPOS(arg,sizeof(float)) break; case 'd': - outputpos += arg * sizeof(double); + INC_OUTPUTPOS(arg,sizeof(double)) break; case 'X': @@ -650,6 +657,11 @@ sprintf(n, %.*s, namelen, name); } + if (size != 0 size != -1 INT_MAX - size + 1 inputpos) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, Type %c: integer overflow, type); + inputpos = 0; + } + if ((inputpos + size) = inputlen) { switch ((int) type) { case 'a': @@ -820,6 +832,10 @@ } inputpos += size; + if (inputpos 0) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, Type %c: outside of string, type); + inputpos = 0; + } } else if (arg 0) { /* Reached end of input for '*' repeater */ break; http://cvs.php.net/diff.php/php-src/main/php.h?r1=1.178.2.9r2=1.178.2.10ty=u Index: php-src/main/php.h diff -u php-src/main/php.h:1.178.2.9 php-src/main/php.h:1.178.2.10 --- php-src/main/php.h:1.178.2.9Mon Nov 15 08:40:31 2004 +++ php-src/main/php.h Sun Nov 28 07:44:56 2004 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: php.h,v 1.178.2.9 2004/11/15 13:40:31 derick Exp $ */ +/* $Id: php.h,v 1.178.2.10 2004/11/28 12:44:56 sesser Exp $ */ #ifndef PHP_H #define PHP_H @@ -224,6 +224,14 @@ #define LONG_MIN (- LONG_MAX
[PHP-CVS] cvs: php-src /main SAPI.c
sesser Sun Nov 28 08:32:29 2004 EDT Modified files: /php-src/main SAPI.c Log: Fixed: Correctly Initialize fields http://cvs.php.net/diff.php/php-src/main/SAPI.c?r1=1.191r2=1.192ty=u Index: php-src/main/SAPI.c diff -u php-src/main/SAPI.c:1.191 php-src/main/SAPI.c:1.192 --- php-src/main/SAPI.c:1.191 Mon Oct 4 20:42:25 2004 +++ php-src/main/SAPI.c Sun Nov 28 08:32:29 2004 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: SAPI.c,v 1.191 2004/10/05 00:42:25 andi Exp $ */ +/* $Id: SAPI.c,v 1.192 2004/11/28 13:32:29 sesser Exp $ */ #include ctype.h #include sys/stat.h @@ -290,10 +290,14 @@ /* SG(sapi_headers).http_response_code = 200; */ SG(sapi_headers).http_status_line = NULL; + SG(read_post_bytes) = 0; + SG(request_info).post_data = NULL; + SG(request_info).raw_post_data = NULL; SG(request_info).current_user = NULL; SG(request_info).current_user_length = 0; SG(request_info).no_headers = 0; SG(request_info).post_entry = NULL; + SG(global_request_time) = 0; /* * It's possible to override this general case in the activate() callback, @@ -332,6 +336,7 @@ SG(request_info).current_user = NULL; SG(request_info).current_user_length = 0; SG(request_info).no_headers = 0; + SG(request_info).post_entry = NULL; SG(global_request_time) = 0; /* It's possible to override this general case in the activate() callback, if -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_0) /main SAPI.c
sesser Sun Nov 28 08:34:01 2004 EDT Modified files: (Branch: PHP_5_0) /php-src/main SAPI.c Log: MFH http://cvs.php.net/diff.php/php-src/main/SAPI.c?r1=1.187.2.1r2=1.187.2.2ty=u Index: php-src/main/SAPI.c diff -u php-src/main/SAPI.c:1.187.2.1 php-src/main/SAPI.c:1.187.2.2 --- php-src/main/SAPI.c:1.187.2.1 Thu Aug 19 16:34:04 2004 +++ php-src/main/SAPI.c Sun Nov 28 08:34:01 2004 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: SAPI.c,v 1.187.2.1 2004/08/19 20:34:04 bfrance Exp $ */ +/* $Id: SAPI.c,v 1.187.2.2 2004/11/28 13:34:01 sesser Exp $ */ #include ctype.h #include sys/stat.h @@ -290,9 +290,13 @@ /* SG(sapi_headers).http_response_code = 200; */ SG(sapi_headers).http_status_line = NULL; + SG(read_post_bytes) = 0; + SG(request_info).post_data = NULL; + SG(request_info).raw_post_data = NULL; SG(request_info).current_user = NULL; SG(request_info).current_user_length = 0; SG(request_info).no_headers = 0; + SG(request_info).post_entry = NULL; /* * It's possible to override this general case in the activate() callback, -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main rfc1867.c
sesser Sat Nov 20 13:49:37 2004 EDT Modified files: /php-src/main rfc1867.c Log: Fixed: strip quotes from filename http://cvs.php.net/diff.php/php-src/main/rfc1867.c?r1=1.164r2=1.165ty=u Index: php-src/main/rfc1867.c diff -u php-src/main/rfc1867.c:1.164 php-src/main/rfc1867.c:1.165 --- php-src/main/rfc1867.c:1.164Wed Nov 10 19:38:04 2004 +++ php-src/main/rfc1867.c Sat Nov 20 13:49:36 2004 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: rfc1867.c,v 1.164 2004/11/11 00:38:04 iliaa Exp $ */ +/* $Id: rfc1867.c,v 1.165 2004/11/20 18:49:36 sesser Exp $ */ /* * This product includes software developed by the Apache Group @@ -1094,7 +1094,15 @@ s = tmp; } #endif + if (!is_anonymous) { + if (PG(magic_quotes_gpc)) { + s = s ? s : filename; + tmp = strrchr(s, '\''); + s = tmp s ? tmp : s; + tmp = strrchr(s, ''); + s = tmp s ? tmp : s; + } if (s s filename) { safe_php_register_variable(lbuf, s+1, NULL, 0 TSRMLS_CC); } else { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_0) /main rfc1867.c
sesser Sat Nov 20 15:16:28 2004 EDT Modified files: (Branch: PHP_5_0) /php-src/main rfc1867.c Log: MFH http://cvs.php.net/diff.php/php-src/main/rfc1867.c?r1=1.159.2.5r2=1.159.2.6ty=u Index: php-src/main/rfc1867.c diff -u php-src/main/rfc1867.c:1.159.2.5 php-src/main/rfc1867.c:1.159.2.6 --- php-src/main/rfc1867.c:1.159.2.5Wed Nov 10 19:38:44 2004 +++ php-src/main/rfc1867.c Sat Nov 20 15:16:27 2004 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: rfc1867.c,v 1.159.2.5 2004/11/11 00:38:44 iliaa Exp $ */ +/* $Id: rfc1867.c,v 1.159.2.6 2004/11/20 20:16:27 sesser Exp $ */ /* * This product includes software developed by the Apache Group @@ -1095,6 +1095,13 @@ } #endif if (!is_anonymous) { + if (PG(magic_quotes_gpc)) { + s = s ? s : filename; + tmp = strrchr(s, '\''); + s = tmp s ? tmp : s; + tmp = strrchr(s, ''); + s = tmp s ? tmp : s; + } if (s s filename) { safe_php_register_variable(lbuf, s+1, NULL, 0 TSRMLS_CC); } else { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_3) /main rfc1867.c
sesser Sat Nov 20 15:16:44 2004 EDT Modified files: (Branch: PHP_4_3) /php-src/main rfc1867.c Log: MFH http://cvs.php.net/diff.php/php-src/main/rfc1867.c?r1=1.122.2.27r2=1.122.2.28ty=u Index: php-src/main/rfc1867.c diff -u php-src/main/rfc1867.c:1.122.2.27 php-src/main/rfc1867.c:1.122.2.28 --- php-src/main/rfc1867.c:1.122.2.27 Wed Nov 10 19:40:18 2004 +++ php-src/main/rfc1867.c Sat Nov 20 15:16:44 2004 @@ -16,7 +16,7 @@ | Jani Taskinen [EMAIL PROTECTED] | +--+ */ -/* $Id: rfc1867.c,v 1.122.2.27 2004/11/11 00:40:18 iliaa Exp $ */ +/* $Id: rfc1867.c,v 1.122.2.28 2004/11/20 20:16:44 sesser Exp $ */ /* * This product includes software developed by the Apache Group @@ -1081,6 +1081,14 @@ s = tmp; } #endif + if (PG(magic_quotes_gpc)) { + s = s ? s : filename; + tmp = strrchr(s, '\''); + s = tmp s ? tmp : s; + tmp = strrchr(s, ''); + s = tmp s ? tmp : s; + } + if (s s filename) { safe_php_register_variable(lbuf, s+1, NULL, 0 TSRMLS_CC); } else { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main rfc1867.c
sesser Mon Sep 13 12:00:23 2004 EDT Modified files: /php-src/main rfc1867.c Log: only allow valid arrays at this point http://cvs.php.net/diff.php/php-src/main/rfc1867.c?r1=1.162r2=1.163ty=u Index: php-src/main/rfc1867.c diff -u php-src/main/rfc1867.c:1.162 php-src/main/rfc1867.c:1.163 --- php-src/main/rfc1867.c:1.162Sun Sep 12 06:45:14 2004 +++ php-src/main/rfc1867.c Mon Sep 13 12:00:23 2004 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: rfc1867.c,v 1.162 2004/09/12 10:45:14 sesser Exp $ */ +/* $Id: rfc1867.c,v 1.163 2004/09/13 16:00:23 sesser Exp $ */ /* * This product includes software developed by the Apache Group @@ -950,6 +950,10 @@ c++; } else if (*tmp == ']') { c--; + if (tmp[1] tmp[1] != '[') { + skip_upload = 1; + break; + } } if (c 0) { skip_upload = 1; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_0) /main rfc1867.c
sesser Mon Sep 13 12:00:37 2004 EDT Modified files: (Branch: PHP_5_0) /php-src/main rfc1867.c Log: MFH http://cvs.php.net/diff.php/php-src/main/rfc1867.c?r1=1.159.2.3r2=1.159.2.4ty=u Index: php-src/main/rfc1867.c diff -u php-src/main/rfc1867.c:1.159.2.3 php-src/main/rfc1867.c:1.159.2.4 --- php-src/main/rfc1867.c:1.159.2.3Sun Sep 12 06:46:27 2004 +++ php-src/main/rfc1867.c Mon Sep 13 12:00:37 2004 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: rfc1867.c,v 1.159.2.3 2004/09/12 10:46:27 sesser Exp $ */ +/* $Id: rfc1867.c,v 1.159.2.4 2004/09/13 16:00:37 sesser Exp $ */ /* * This product includes software developed by the Apache Group @@ -950,6 +950,10 @@ c++; } else if (*tmp == ']') { c--; + if (tmp[1] tmp[1] != '[') { + skip_upload = 1; + break; + } } if (c 0) { skip_upload = 1; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_3) /main rfc1867.c
sesser Mon Sep 13 12:00:50 2004 EDT Modified files: (Branch: PHP_4_3) /php-src/main rfc1867.c Log: MFH http://cvs.php.net/diff.php/php-src/main/rfc1867.c?r1=1.122.2.25r2=1.122.2.26ty=u Index: php-src/main/rfc1867.c diff -u php-src/main/rfc1867.c:1.122.2.25 php-src/main/rfc1867.c:1.122.2.26 --- php-src/main/rfc1867.c:1.122.2.25 Sun Sep 12 06:46:49 2004 +++ php-src/main/rfc1867.c Mon Sep 13 12:00:50 2004 @@ -16,7 +16,7 @@ | Jani Taskinen [EMAIL PROTECTED] | +--+ */ -/* $Id: rfc1867.c,v 1.122.2.25 2004/09/12 10:46:49 sesser Exp $ */ +/* $Id: rfc1867.c,v 1.122.2.26 2004/09/13 16:00:50 sesser Exp $ */ /* * This product includes software developed by the Apache Group @@ -943,6 +943,10 @@ c++; } else if (*tmp == ']') { c--; + if (tmp[1] tmp[1] != '[') { + skip_upload = 1; + break; + } } if (c 0) { skip_upload = 1; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main rfc1867.c
sesser Sun Sep 12 06:45:15 2004 EDT Modified files: /php-src/main rfc1867.c Log: New Rule: Never try to repair potential malicious user input http://cvs.php.net/diff.php/php-src/main/rfc1867.c?r1=1.161r2=1.162ty=u Index: php-src/main/rfc1867.c diff -u php-src/main/rfc1867.c:1.161 php-src/main/rfc1867.c:1.162 --- php-src/main/rfc1867.c:1.161Wed Aug 11 00:27:01 2004 +++ php-src/main/rfc1867.c Sun Sep 12 06:45:14 2004 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: rfc1867.c,v 1.161 2004/08/11 04:27:01 pollita Exp $ */ +/* $Id: rfc1867.c,v 1.162 2004/09/12 10:45:14 sesser Exp $ */ /* * This product includes software developed by the Apache Group @@ -939,6 +939,25 @@ } else { is_anonymous = 0; } + + /* New Rule: never repair potential malicious user input */ + if (!skip_upload) { + char *tmp = param; + long c = 0; + + while (*tmp) { + if (*tmp == '[') { + c++; + } else if (*tmp == ']') { + c--; + } + if (c 0) { + skip_upload = 1; + break; + } + tmp++; + } + } if (!skip_upload) { /* Handle file */ @@ -1013,10 +1032,6 @@ * start_arr is set to point to 1st [ */ is_arr_upload = (start_arr = strchr(param,'[')) (param[strlen(param)-1] == ']'); - /* handle unterminated [ */ - if (!is_arr_upload start_arr) { - *start_arr = '_'; - } if (is_arr_upload) { array_len = strlen(start_arr); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_0) /main rfc1867.c
sesser Sun Sep 12 06:46:27 2004 EDT Modified files: (Branch: PHP_5_0) /php-src/main rfc1867.c Log: MFH http://cvs.php.net/diff.php/php-src/main/rfc1867.c?r1=1.159.2.2r2=1.159.2.3ty=u Index: php-src/main/rfc1867.c diff -u php-src/main/rfc1867.c:1.159.2.2 php-src/main/rfc1867.c:1.159.2.3 --- php-src/main/rfc1867.c:1.159.2.2Wed Aug 11 00:29:26 2004 +++ php-src/main/rfc1867.c Sun Sep 12 06:46:27 2004 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: rfc1867.c,v 1.159.2.2 2004/08/11 04:29:26 pollita Exp $ */ +/* $Id: rfc1867.c,v 1.159.2.3 2004/09/12 10:46:27 sesser Exp $ */ /* * This product includes software developed by the Apache Group @@ -939,6 +939,25 @@ } else { is_anonymous = 0; } + + /* New Rule: never repair potential malicious user input */ + if (!skip_upload) { + char *tmp = param; + long c = 0; + + while (*tmp) { + if (*tmp == '[') { + c++; + } else if (*tmp == ']') { + c--; + } + if (c 0) { + skip_upload = 1; + break; + } + tmp++; + } + } if (!skip_upload) { /* Handle file */ @@ -1013,10 +1032,6 @@ * start_arr is set to point to 1st [ */ is_arr_upload = (start_arr = strchr(param,'[')) (param[strlen(param)-1] == ']'); - /* handle unterminated [ */ - if (!is_arr_upload start_arr) { - *start_arr = '_'; - } if (is_arr_upload) { array_len = strlen(start_arr); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_3) /main rfc1867.c
sesser Sun Sep 12 06:46:49 2004 EDT Modified files: (Branch: PHP_4_3) /php-src/main rfc1867.c Log: MFH http://cvs.php.net/diff.php/php-src/main/rfc1867.c?r1=1.122.2.24r2=1.122.2.25ty=u Index: php-src/main/rfc1867.c diff -u php-src/main/rfc1867.c:1.122.2.24 php-src/main/rfc1867.c:1.122.2.25 --- php-src/main/rfc1867.c:1.122.2.24 Wed Aug 11 00:31:03 2004 +++ php-src/main/rfc1867.c Sun Sep 12 06:46:49 2004 @@ -16,7 +16,7 @@ | Jani Taskinen [EMAIL PROTECTED] | +--+ */ -/* $Id: rfc1867.c,v 1.122.2.24 2004/08/11 04:31:03 pollita Exp $ */ +/* $Id: rfc1867.c,v 1.122.2.25 2004/09/12 10:46:49 sesser Exp $ */ /* * This product includes software developed by the Apache Group @@ -932,6 +932,25 @@ } SAFE_RETURN; } + + /* New Rule: never repair potential malicious user input */ + if (!skip_upload) { + char *tmp = param; + long c = 0; + + while (*tmp) { + if (*tmp == '[') { + c++; + } else if (*tmp == ']') { + c--; + } + if (c 0) { + skip_upload = 1; + break; + } + tmp++; + } + } if (!skip_upload) { /* Handle file */ @@ -1000,10 +1019,6 @@ * start_arr is set to point to 1st [ */ is_arr_upload = (start_arr = strchr(param,'[')) (param[strlen(param)-1] == ']'); - /* handle unterminated [ */ - if (!is_arr_upload start_arr) { - *start_arr = '_'; - } if (is_arr_upload) { array_len = strlen(start_arr); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src(PHP_4_3) /ext/gd gd.dsp
Hi, from config.m4 you also need to drop: AC_DEFINE(HAVE_GD_GIF_CREATE, 1, []) why should he drop that line? Otherwise the build system does not know that bundled GD has GIF create support. Stefan -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/gd gd.dsp
sesser Thu Jul 22 18:42:35 2004 EDT Modified files: /php-src/ext/gd gd.dsp Log: Fix .dsp http://cvs.php.net/diff.php/php-src/ext/gd/gd.dsp?r1=1.17r2=1.18ty=u Index: php-src/ext/gd/gd.dsp diff -u php-src/ext/gd/gd.dsp:1.17 php-src/ext/gd/gd.dsp:1.18 --- php-src/ext/gd/gd.dsp:1.17 Thu Jul 22 18:38:59 2004 +++ php-src/ext/gd/gd.dsp Thu Jul 22 18:42:35 2004 @@ -43,8 +43,8 @@ # PROP Intermediate_Dir Release_TS # PROP Ignore_Export_Lib 0 # PROP Target_Dir -# ADD BASE CPP /nologo /MD /W3 /GX /O2 /I ..\.. /I ..\..\main /I ..\..\Zend /I ..\..\..\bindlib_w32 /I ..\..\..\zlib /I ..\..\TSRM /D ZEND_DEBUG=0 /D WIN32 /D NDEBUG /D _WINDOWS /D COMPILE_DL_GD /D ZTS=1 /D ZEND_WIN32 /D PHP_WIN32 /D HAVE_GD_GIF_READ=1 /D HAVE_GDIMAGECOLORRESOLVE=1 /D HAVE_GD_PNG /D HAVE_GD_JPG /D HAVE_GD_WBMP /D HAVE_GD_XBM /D HAVE_LIBGD13=1 /D HAVE_LIBGD=1 /D HAVE_LIBGD15=1 /D HAVE_LIBGD204=1 /FR /YX /FD /c -# ADD CPP /nologo /MD /W3 /GX /O2 /I ..\.. /I ..\..\main /I ..\..\Zend /I ..\..\..\bindlib_w32 /I ..\..\..\zlib /I ..\..\TSRM /I libgd /D ZEND_DEBUG=0 /D HAVE_LIBGD15=1 /D HAVE_LIBGD204=1 /D WIN32 /D NDEBUG /D _WINDOWS /D COMPILE_DL_GD /D ZTS=1 /D ZEND_WIN32 /D PHP_WIN32 /D HAVE_GD_GIF_READ=1 /D HAVE_GDIMAGECOLORRESOLVE=1 /D HAVE_GD_PNG /D HAVE_GD_JPG /D HAVE_GD_WBMP /D HAVE_GD_XBM /D HAVE_LIBGD=1 /D HAVE_LIBGD13=1 /D HAVE_LIBGD20=1 /D USE_GD_IOCTX /D HAVE_LIBFREETYPE=1 /D USE_GD_IMGSTRTTF /D HAVE_GD_STRINGTTF=1 /D HAVE_GD_BUNDLED=1 /D MSWIN32 /D HAVE_LIBPNG /D HAVE_LIBJPEG /D HAVE_GD_GD2 /D HAVE_GD_STRINGFTEX=1 /D HAVE_GD_IMAGESETBRUSH=1 /D HAVE_GD_IMAGESETTILE=1 /FR /FD /c +# ADD BASE CPP /nologo /MD /W3 /GX /O2 /I ..\.. /I ..\..\main /I ..\..\Zend /I ..\..\..\bindlib_w32 /I ..\..\..\zlib /I ..\..\TSRM /D ZEND_DEBUG=0 /D WIN32 /D NDEBUG /D _WINDOWS /D COMPILE_DL_GD /D ZTS=1 /D ZEND_WIN32 /D PHP_WIN32 /D HAVE_GD_GIF_READ=1 /D HAVE_GD_GIF_CREATE=1 /D HAVE_GDIMAGECOLORRESOLVE=1 /D HAVE_GD_PNG /D HAVE_GD_JPG /D HAVE_GD_WBMP /D HAVE_GD_XBM /D HAVE_LIBGD13=1 /D HAVE_LIBGD=1 /D HAVE_LIBGD15=1 /D HAVE_LIBGD204=1 /FR /YX /FD /c +# ADD CPP /nologo /MD /W3 /GX /O2 /I ..\.. /I ..\..\main /I ..\..\Zend /I ..\..\..\bindlib_w32 /I ..\..\..\zlib /I ..\..\TSRM /I libgd /D ZEND_DEBUG=0 /D HAVE_LIBGD15=1 /D HAVE_LIBGD204=1 /D WIN32 /D NDEBUG /D _WINDOWS /D COMPILE_DL_GD /D ZTS=1 /D ZEND_WIN32 /D PHP_WIN32 /D HAVE_GD_GIF_READ=1 /D HAVE_GD_GIF_CREATE=1 /D HAVE_GDIMAGECOLORRESOLVE=1 /D HAVE_GD_PNG /D HAVE_GD_JPG /D HAVE_GD_WBMP /D HAVE_GD_XBM /D HAVE_LIBGD=1 /D HAVE_LIBGD13=1 /D HAVE_LIBGD20=1 /D USE_GD_IOCTX /D HAVE_LIBFREETYPE=1 /D USE_GD_IMGSTRTTF /D HAVE_GD_STRINGTTF=1 /D HAVE_GD_BUNDLED=1 /D MSWIN32 /D HAVE_LIBPNG /D HAVE_LIBJPEG /D HAVE_GD_GD2 /D HAVE_GD_STRINGFTEX=1 /D HAVE_GD_IMAGESETBRUSH=1 /D HAVE_GD_IMAGESETTILE=1 /FR /FD /c # SUBTRACT CPP /YX # ADD BASE MTL /nologo /D NDEBUG /mktyplib203 /win32 # ADD MTL /nologo /D NDEBUG /mktyplib203 /win32 @@ -73,8 +73,8 @@ # PROP Intermediate_Dir Debug_TS # PROP Ignore_Export_Lib 0 # PROP Target_Dir -# ADD BASE CPP /nologo /MDd /W3 /GX /ZI /Od /I ..\.. /I ..\..\main /I ..\..\Zend /I ..\..\..\bindlib_w32 /I ..\..\..\zlib /I ..\..\TSRM /D ZEND_DEBUG=1 /D WIN32 /D NDEBUG /D _WINDOWS /D COMPILE_DL_GD /D ZTS=1 /D ZEND_WIN32 /D PHP_WIN32 /D HAVE_GD_GIF_READ=1 /D HAVE_GDIMAGECOLORRESOLVE=1 /D HAVE_GD_PNG /D HAVE_GD_JPG /D HAVE_GD_WBMP /D HAVE_LIBGD13=1 /D HAVE_LIBGD=1 /D HAVE_LIBGD15=1 /D HAVE_LIBGD204=1 /FR /YX /FD /c -# ADD CPP /nologo /MDd /W3 /GX /ZI /Od /I ..\.. /I ..\..\main /I ..\..\Zend /I ..\..\..\bindlib_w32 /I ..\..\..\zlib /I ..\..\TSRM /I libgd /D ZEND_DEBUG=1 /D HAVE_LIBGD15 /D HAVE_LIBGD204=1 /D WIN32 /D NDEBUG /D _WINDOWS /D COMPILE_DL_GD /D ZTS=1 /D ZEND_WIN32 /D PHP_WIN32 /D HAVE_GD_GIF_READ=1 /D HAVE_GDIMAGECOLORRESOLVE=1 /D HAVE_GD_PNG /D HAVE_GD_JPG /D HAVE_GD_WBMP /D HAVE_LIBGD=1 /D HAVE_LIBGD13=1 /D HAVE_LIBGD20=1 /D USE_GD_IOCTX /D HAVE_LIBFREETYPE=1 /D USE_GD_IMGSTRTTF /D HAVE_GD_STRINGTTF=1 /D HAVE_GD_BUNDLED=1 /D MSWIN32 /D HAVE_LIBPNG /D HAVE_LIBJPEG /D HAVE_GD_GD2 /D HAVE_GD_STRINGFTEX=1 /D HAVE_GD_IMAGESETBRUSH=1 /D HAVE_GD_IMAGESETTILE=1 /FR /FD /c +# ADD BASE CPP /nologo /MDd /W3 /GX /ZI /Od /I ..\.. /I ..\..\main /I ..\..\Zend /I ..\..\..\bindlib_w32 /I ..\..\..\zlib /I ..\..\TSRM /D ZEND_DEBUG=1 /D WIN32 /D NDEBUG /D _WINDOWS /D COMPILE_DL_GD /D ZTS=1 /D ZEND_WIN32 /D PHP_WIN32 /D HAVE_GD_GIF_READ=1 /D HAVE_GD_GIF_CREATE=1 /D HAVE_GDIMAGECOLORRESOLVE=1 /D HAVE_GD_PNG /D HAVE_GD_JPG /D HAVE_GD_WBMP /D HAVE_LIBGD13=1 /D HAVE_LIBGD=1 /D HAVE_LIBGD15=1 /D HAVE_LIBGD204=1 /FR /YX /FD /c +# ADD CPP /nologo /MDd /W3 /GX /ZI /Od /I ..\.. /I ..\..\main /I ..\..\Zend /I ..\..\..\bindlib_w32 /I ..\..\..\zlib /I ..\..\TSRM /I libgd /D ZEND_DEBUG=1 /D HAVE_LIBGD15 /D HAVE_LIBGD204=1 /D WIN32 /D NDEBUG /D _WINDOWS /D COMPILE_DL_GD /D ZTS=1 /D ZEND_WIN32 /D PHP_WIN32 /D HAVE_GD_GIF_READ=1 /D HAVE_GD_GIF_CREATE=1 /D HAVE_GDIMAGECOLORRESOLVE=1 /D HAVE_GD_PNG /D HAVE_GD_JPG /D
[PHP-CVS] cvs: php-src(PHP_4_3) /ext/mssql php_mssql.c /ext/session session.c /ext/sybase php_sybase_db.c /ext/sybase_ct php_sybase_ct.c /ext/w32api w32api.c /main main.c rfc1867.c /sapi/apache mod_php4.c
sesser Wed Jul 21 12:25:28 2004 EDT Modified files: (Branch: PHP_4_3) /php-src/ext/mssql php_mssql.c /php-src/ext/sessionsession.c /php-src/ext/sybase php_sybase_db.c /php-src/ext/sybase_ct php_sybase_ct.c /php-src/ext/w32api w32api.c /php-src/main main.c rfc1867.c /php-src/sapi/apachemod_php4.c Log: Merge all not yet merged security fixes into the 4_3 branch http://cvs.php.net/diff.php/php-src/ext/mssql/php_mssql.c?r1=1.86.2.34r2=1.86.2.35ty=u Index: php-src/ext/mssql/php_mssql.c diff -u php-src/ext/mssql/php_mssql.c:1.86.2.34 php-src/ext/mssql/php_mssql.c:1.86.2.35 --- php-src/ext/mssql/php_mssql.c:1.86.2.34 Wed Jun 30 15:47:18 2004 +++ php-src/ext/mssql/php_mssql.c Wed Jul 21 12:25:27 2004 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: php_mssql.c,v 1.86.2.34 2004/06/30 19:47:18 fmk Exp $ */ +/* $Id: php_mssql.c,v 1.86.2.35 2004/07/21 16:25:27 sesser Exp $ */ #ifdef COMPILE_DL_MSSQL #define HAVE_MSSQL 1 @@ -344,6 +344,7 @@ PHP_RSHUTDOWN_FUNCTION(mssql) { STR_FREE(MS_SQL_G(appname)); + MS_SQL_G(appname) = NULL; if (MS_SQL_G(server_message)) { STR_FREE(MS_SQL_G(server_message)); MS_SQL_G(server_message) = NULL; http://cvs.php.net/diff.php/php-src/ext/session/session.c?r1=1.336.2.40r2=1.336.2.41ty=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.336.2.40 php-src/ext/session/session.c:1.336.2.41 --- php-src/ext/session/session.c:1.336.2.40Wed Jun 23 12:29:16 2004 +++ php-src/ext/session/session.c Wed Jul 21 12:25:27 2004 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.336.2.40 2004/06/23 16:29:16 sas Exp $ */ +/* $Id: session.c,v 1.336.2.41 2004/07/21 16:25:27 sesser Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -503,13 +503,16 @@ static void php_session_track_init(TSRMLS_D) { + zval *session_vars = NULL; + /* Unconditionally destroy existing arrays -- possible dirty data */ zend_hash_del(EG(symbol_table), HTTP_SESSION_VARS, sizeof(HTTP_SESSION_VARS)); zend_hash_del(EG(symbol_table), _SESSION, sizeof(_SESSION)); - MAKE_STD_ZVAL(PS(http_session_vars)); - array_init(PS(http_session_vars)); + MAKE_STD_ZVAL(session_vars); + array_init(session_vars); + PS(http_session_vars) = session_vars; ZEND_SET_GLOBAL_VAR_WITH_LENGTH(HTTP_SESSION_VARS, sizeof(HTTP_SESSION_VARS), PS(http_session_vars), 2, 1); ZEND_SET_GLOBAL_VAR_WITH_LENGTH(_SESSION, sizeof(_SESSION), PS(http_session_vars), 2, 1); http://cvs.php.net/diff.php/php-src/ext/sybase/php_sybase_db.c?r1=1.38.2.16r2=1.38.2.17ty=u Index: php-src/ext/sybase/php_sybase_db.c diff -u php-src/ext/sybase/php_sybase_db.c:1.38.2.16 php-src/ext/sybase/php_sybase_db.c:1.38.2.17 --- php-src/ext/sybase/php_sybase_db.c:1.38.2.16Fri Apr 16 12:27:57 2004 +++ php-src/ext/sybase/php_sybase_db.c Wed Jul 21 12:25:27 2004 @@ -20,7 +20,7 @@ +--+ */ -/* $Id: php_sybase_db.c,v 1.38.2.16 2004/04/16 16:27:57 thetaphi Exp $ */ +/* $Id: php_sybase_db.c,v 1.38.2.17 2004/07/21 16:25:27 sesser Exp $ */ #ifdef HAVE_CONFIG_H @@ -297,7 +297,9 @@ PHP_RSHUTDOWN_FUNCTION(sybase) { efree(php_sybase_module.appname); + php_sybase_module.appname = NULL; STR_FREE(php_sybase_module.server_message); + php_sybase_module.server_message = NULL; return SUCCESS; } http://cvs.php.net/diff.php/php-src/ext/sybase_ct/php_sybase_ct.c?r1=1.73.2.17r2=1.73.2.18ty=u Index: php-src/ext/sybase_ct/php_sybase_ct.c diff -u php-src/ext/sybase_ct/php_sybase_ct.c:1.73.2.17 php-src/ext/sybase_ct/php_sybase_ct.c:1.73.2.18 --- php-src/ext/sybase_ct/php_sybase_ct.c:1.73.2.17 Mon Jul 12 17:07:21 2004 +++ php-src/ext/sybase_ct/php_sybase_ct.c Wed Jul 21 12:25:27 2004 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: php_sybase_ct.c,v 1.73.2.17 2004/07/12 21:07:21 thekid Exp $ */ +/* $Id: php_sybase_ct.c,v 1.73.2.18 2004/07/21 16:25:27 sesser Exp $ */ #ifdef HAVE_CONFIG_H @@ -458,11 +458,13 @@ PHP_RSHUTDOWN_FUNCTION(sybase) { efree(SybCtG(appname)); + SybCtG(appname) = NULL; if (SybCtG(callback_name)) { zval_ptr_dtor(SybCtG(callback_name)); SybCtG(callback_name)= NULL; } STR_FREE(SybCtG(server_message)); + SybCtG(server_message) = NULL; return SUCCESS; } http://cvs.php.net/diff.php/php-src/ext/w32api/w32api.c?r1=1.5.2.3r2=1.5.2.4ty=u Index: php-src/ext/w32api/w32api.c diff -u php-src/ext/w32api/w32api.c:1.5.2.3 php-src/ext/w32api/w32api.c:1.5.2.4 ---
[PHP-CVS] cvs: php-src /sapi/apache mod_php5.c
sesser Wed Jul 14 05:43:26 2004 EDT Modified files: /php-src/sapi/apachemod_php5.c Log: Security Fix broken! Destroyed Basic auth. Blame: me 4.3.x not affected http://cvs.php.net/diff.php/php-src/sapi/apache/mod_php5.c?r1=1.9r2=1.10ty=u Index: php-src/sapi/apache/mod_php5.c diff -u php-src/sapi/apache/mod_php5.c:1.9 php-src/sapi/apache/mod_php5.c:1.10 --- php-src/sapi/apache/mod_php5.c:1.9 Sat Jul 10 03:46:09 2004 +++ php-src/sapi/apache/mod_php5.c Wed Jul 14 05:43:26 2004 @@ -17,7 +17,7 @@ | PHP 4.0 patches by Zeev Suraski [EMAIL PROTECTED] | +--+ */ -/* $Id: mod_php5.c,v 1.9 2004/07/10 07:46:09 andi Exp $ */ +/* $Id: mod_php5.c,v 1.10 2004/07/14 09:43:26 sesser Exp $ */ #include php_apache_http.h #include http_conf_globals.h @@ -485,7 +485,7 @@ tmp = uudecode(r-pool, authorization); SG(request_info).auth_user = NULL; tmp_user = getword_nulls_nc(r-pool, tmp, ':'); - if (SG(request_info).auth_user) { + if (tmp_user) { r-connection-user = pstrdup(r-connection-pool, tmp_user); r-connection-ap_auth_type = Basic; SG(request_info).auth_user = estrdup(tmp_user); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /sapi/apache_hooks mod_php5.c
sesser Wed Jul 14 05:55:25 2004 EDT Modified files: /php-src/sapi/apache_hooks mod_php5.c Log: same bug. http://cvs.php.net/diff.php/php-src/sapi/apache_hooks/mod_php5.c?r1=1.3r2=1.4ty=u Index: php-src/sapi/apache_hooks/mod_php5.c diff -u php-src/sapi/apache_hooks/mod_php5.c:1.3 php-src/sapi/apache_hooks/mod_php5.c:1.4 --- php-src/sapi/apache_hooks/mod_php5.c:1.3Sat Jul 10 03:46:09 2004 +++ php-src/sapi/apache_hooks/mod_php5.cWed Jul 14 05:55:24 2004 @@ -17,7 +17,7 @@ | PHP 4.0 patches by Zeev Suraski [EMAIL PROTECTED] | +--+ */ -/* $Id: mod_php5.c,v 1.3 2004/07/10 07:46:09 andi Exp $ */ +/* $Id: mod_php5.c,v 1.4 2004/07/14 09:55:24 sesser Exp $ */ #include php_apache_http.h @@ -583,7 +583,7 @@ tmp = uudecode(r-pool, authorization); SG(request_info).auth_user = NULL; tmp_user = getword_nulls_nc(r-pool, tmp, ':'); - if (SG(request_info).auth_user) { + if (tmp_user) { r-connection-user = pstrdup(r-connection-pool, tmp_user); r-connection-ap_auth_type = Basic; SG(request_info).auth_user = estrdup(tmp_user); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_3_7) /ext/standard/tests/strings strip_tags.phpt
sesser Wed Jul 14 07:24:12 2004 EDT Modified files: (Branch: PHP_4_3_7) /php-src/ext/standard/tests/strings strip_tags.phpt Log: Add CAN-2004-0595 regression test. (modified from Joe Ortons version) http://cvs.php.net/diff.php/php-src/ext/standard/tests/strings/strip_tags.phpt?r1=1.1.2.1r2=1.1.2.1.2.1ty=u Index: php-src/ext/standard/tests/strings/strip_tags.phpt diff -u php-src/ext/standard/tests/strings/strip_tags.phpt:1.1.2.1 php-src/ext/standard/tests/strings/strip_tags.phpt:1.1.2.1.2.1 --- php-src/ext/standard/tests/strings/strip_tags.phpt:1.1.2.1 Wed Nov 27 01:20:37 2002 +++ php-src/ext/standard/tests/strings/strip_tags.phpt Wed Jul 14 07:24:12 2004 @@ -18,6 +18,7 @@ echo \n; echo strip_tags('TESTS ?!!?!?!!!?!!'); echo \n; + echo strip_tags('iCAN-2004-'.chr(0).'b0595/i', 'i'); ? --EXPECT-- NEAT STUFF @@ -27,3 +28,4 @@ NEAT STUFF NEAT STUFF TESTS ?!!?!?!!!?!! +iCAN-2004-0595/i -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_3) /ext/standard/tests/strings strip_tags.phpt
sesser Wed Jul 14 07:32:47 2004 EDT Modified files: (Branch: PHP_4_3) /php-src/ext/standard/tests/strings strip_tags.phpt Log: Ups... CAN-2004-0595 regression test went into wrong branch... http://cvs.php.net/diff.php/php-src/ext/standard/tests/strings/strip_tags.phpt?r1=1.1.2.1r2=1.1.2.2ty=u Index: php-src/ext/standard/tests/strings/strip_tags.phpt diff -u php-src/ext/standard/tests/strings/strip_tags.phpt:1.1.2.1 php-src/ext/standard/tests/strings/strip_tags.phpt:1.1.2.2 --- php-src/ext/standard/tests/strings/strip_tags.phpt:1.1.2.1 Wed Nov 27 01:20:37 2002 +++ php-src/ext/standard/tests/strings/strip_tags.phpt Wed Jul 14 07:32:47 2004 @@ -18,6 +18,7 @@ echo \n; echo strip_tags('TESTS ?!!?!?!!!?!!'); echo \n; + echo strip_tags('iCAN-2004-'.chr(0).'b0595/i', 'i'); ? --EXPECT-- NEAT STUFF @@ -27,3 +28,4 @@ NEAT STUFF NEAT STUFF TESTS ?!!?!?!!!?!! +iCAN-2004-0595/i -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main php_variables.c
sesser Sun Jul 11 16:13:39 2004 EDT Modified files: /php-src/main php_variables.c Log: Fixed: PARSE_TYPE parameter to input_filter Fixed: input_filter should also be able to filter empty variables by name http://cvs.php.net/diff.php/php-src/main/php_variables.c?r1=1.79r2=1.80ty=u Index: php-src/main/php_variables.c diff -u php-src/main/php_variables.c:1.79 php-src/main/php_variables.c:1.80 --- php-src/main/php_variables.c:1.79 Sat Jul 10 03:46:09 2004 +++ php-src/main/php_variables.cSun Jul 11 16:13:39 2004 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: php_variables.c,v 1.79 2004/07/10 07:46:09 andi Exp $ */ +/* $Id: php_variables.c,v 1.80 2004/07/11 20:13:39 sesser Exp $ */ #include stdio.h #include php.h @@ -313,13 +313,18 @@ php_url_decode(var, strlen(var)); val_len = php_url_decode(val, strlen(val)); val = estrndup(val, val_len); - if (sapi_module.input_filter(PARSE_POST, var, val, val_len, new_val_len TSRMLS_CC)) { + if (sapi_module.input_filter(arg, var, val, val_len, new_val_len TSRMLS_CC)) { php_register_variable_safe(var, val, new_val_len, array_ptr TSRMLS_CC); } efree(val); } else { php_url_decode(var, strlen(var)); - php_register_variable_safe(var, , 0, array_ptr TSRMLS_CC); + val_len = 0; + val = estrndup(, val_len); + if (sapi_module.input_filter(arg, var, val, val_len, new_val_len TSRMLS_CC)) { + php_register_variable_safe(var, val, new_val_len, array_ptr TSRMLS_CC); + } + efree(val); } var = php_strtok_r(NULL, separator, strtok_buf); } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_3) /ext/standard string.c
sesser Sat Jun 26 03:44:13 2004 EDT Modified files: (Branch: PHP_4_3) /php-src/ext/standard string.c Log: MFH http://cvs.php.net/diff.php/php-src/ext/standard/string.c?r1=1.333.2.41r2=1.333.2.42ty=u Index: php-src/ext/standard/string.c diff -u php-src/ext/standard/string.c:1.333.2.41 php-src/ext/standard/string.c:1.333.2.42 --- php-src/ext/standard/string.c:1.333.2.41Tue Jun 15 21:53:59 2004 +++ php-src/ext/standard/string.c Sat Jun 26 03:44:12 2004 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: string.c,v 1.333.2.41 2004/06/16 01:53:59 iliaa Exp $ */ +/* $Id: string.c,v 1.333.2.42 2004/06/26 07:44:12 sesser Exp $ */ /* Synced with php 3.0 revision 1.193 1999-06-16 [ssb] */ @@ -3308,6 +3308,8 @@ while (i len) { switch (c) { + case '\0': + break; case '': if (isspace(*(p + 1))) { goto reg_char; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src / NEWS
sesser Sat Jun 26 03:46:08 2004 EDT Modified files: /php-srcNEWS Log: strip_tags() news http://cvs.php.net/diff.php/php-src/NEWS?r1=1.1745r2=1.1746ty=u Index: php-src/NEWS diff -u php-src/NEWS:1.1745 php-src/NEWS:1.1746 --- php-src/NEWS:1.1745 Sat Jun 26 01:41:14 2004 +++ php-src/NEWSSat Jun 26 03:46:08 2004 @@ -17,6 +17,7 @@ - Fixed bug #28694 (ReflectionExtension::getFunctions() crashes PHP). (Marcus) - Fixed bug #28466 (mbstring_convert_variables() array separation problem). (Moriyoshi) +- Fixed strip_tags() to correctly handle '\0' characters. (Stefan) 7 Jun 2004, PHP 5 Release Candidate 3 - Moved the PDFLib extension to PECL. (Wez) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_3) / NEWS
sesser Sat Jun 26 03:47:30 2004 EDT Modified files: (Branch: PHP_4_3) /php-srcNEWS Log: MFH http://cvs.php.net/diff.php/php-src/NEWS?r1=1.1247.2.688r2=1.1247.2.689ty=u Index: php-src/NEWS diff -u php-src/NEWS:1.1247.2.688 php-src/NEWS:1.1247.2.689 --- php-src/NEWS:1.1247.2.688 Wed Jun 23 19:31:18 2004 +++ php-src/NEWSSat Jun 26 03:47:30 2004 @@ -27,6 +27,7 @@ represented as a string). (pickett at sumu dot org, Ilia) - Fixed bug #28175 (Allow bundled GD to compile against freetype 2.1.2). (Elf, Ilia) +- Fixed strip_tags() to correctly handle '\0' characters. (Stefan) 03 Jun 2004, Version 4.3.7 - Upgraded bundled GD library to 2.0.23. (Ilia) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/mbstring mb_gpc.c
sesser Sat Jun 26 03:57:37 2004 EDT Modified files: /php-src/ext/mbstring mb_gpc.c Log: Fixed input_filter functions need emalloc()ed values. http://cvs.php.net/diff.php/php-src/ext/mbstring/mb_gpc.c?r1=1.10r2=1.11ty=u Index: php-src/ext/mbstring/mb_gpc.c diff -u php-src/ext/mbstring/mb_gpc.c:1.10 php-src/ext/mbstring/mb_gpc.c:1.11 --- php-src/ext/mbstring/mb_gpc.c:1.10 Thu Jan 8 03:15:59 2004 +++ php-src/ext/mbstring/mb_gpc.c Sat Jun 26 03:57:37 2004 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: mb_gpc.c,v 1.10 2004/01/08 08:15:59 andi Exp $ */ +/* $Id: mb_gpc.c,v 1.11 2004/06/26 07:57:37 sesser Exp $ */ /* {{{ includes */ #ifdef HAVE_CONFIG_H @@ -343,10 +343,14 @@ val_len = len_list[n]; } n++; + /* we need val to be emalloc()ed */ + val = estrndup(val, val_len); if (sapi_module.input_filter(data_type, var, val, val_len, new_val_len TSRMLS_CC)) { /* add variable to symbol table */ php_register_variable_safe(var, val, new_val_len, array_ptr TSRMLS_CC); } + efree(val); + if (convd != NULL){ mbfl_string_clear(resvar); mbfl_string_clear(resval); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main php_variables.c
sesser Sat Jun 26 04:09:29 2004 EDT Modified files: /php-src/main php_variables.c Log: As long we pass values by reference this is needed. Ugly! http://cvs.php.net/diff.php/php-src/main/php_variables.c?r1=1.77r2=1.78ty=u Index: php-src/main/php_variables.c diff -u php-src/main/php_variables.c:1.77 php-src/main/php_variables.c:1.78 --- php-src/main/php_variables.c:1.77 Tue Mar 16 14:49:19 2004 +++ php-src/main/php_variables.cSat Jun 26 04:09:28 2004 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: php_variables.c,v 1.77 2004/03/16 19:49:19 zeev Exp $ */ +/* $Id: php_variables.c,v 1.78 2004/06/26 08:09:28 sesser Exp $ */ #include stdio.h #include php.h @@ -212,9 +212,11 @@ *val++ = '\0'; php_url_decode(var, strlen(var)); val_len = php_url_decode(val, strlen(val)); + val = estrndup(val, val_len); if (sapi_module.input_filter(PARSE_POST, var, val, val_len, new_val_len TSRMLS_CC)) { php_register_variable_safe(var, val, new_val_len, array_ptr TSRMLS_CC); } + efree(val); } var = php_strtok_r(NULL, , strtok_buf); } @@ -310,9 +312,11 @@ *val++ = '\0'; php_url_decode(var, strlen(var)); val_len = php_url_decode(val, strlen(val)); + val = estrndup(val, val_len); if (sapi_module.input_filter(PARSE_POST, var, val, val_len, new_val_len TSRMLS_CC)) { php_register_variable_safe(var, val, new_val_len, array_ptr TSRMLS_CC); } + efree(val); } else { php_url_decode(var, strlen(var)); php_register_variable_safe(var, , 0, array_ptr TSRMLS_CC); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src / README.input_filter
sesser Thu Jun 24 04:49:00 2004 EDT Modified files: /php-srcREADME.input_filter Log: Fixed zend_parse_parameters arguments... http://cvs.php.net/diff.php/php-src/README.input_filter?r1=1.6r2=1.7ty=u Index: php-src/README.input_filter diff -u php-src/README.input_filter:1.6 php-src/README.input_filter:1.7 --- php-src/README.input_filter:1.6 Sun Feb 8 17:49:47 2004 +++ php-src/README.input_filter Thu Jun 24 04:49:00 2004 @@ -85,7 +85,7 @@ { php_info_print_table_start(); php_info_print_table_row( 2, My Input Filter Support, enabled ); -php_info_print_table_row( 2, Revision, $Revision: 1.6 $); +php_info_print_table_row( 2, Revision, $Revision: 1.7 $); php_info_print_table_end(); } @@ -155,7 +155,7 @@ HashTable *hash_ptr; char *raw_var; -if(zend_parse_parameters(2 TSRMLS_CC, ls|l, arg, var, var_len) == FAILURE) { +if(zend_parse_parameters(2 TSRMLS_CC, ls, arg, var, var_len) == FAILURE) { return; } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/standard url.c
sesser Fri May 28 07:33:24 2004 EDT Modified files: /php-src/ext/standard url.c Log: Fixed off-by-one in php_parse_url. http://cvs.php.net/diff.php/php-src/ext/standard/url.c?r1=1.79r2=1.80ty=u Index: php-src/ext/standard/url.c diff -u php-src/ext/standard/url.c:1.79 php-src/ext/standard/url.c:1.80 --- php-src/ext/standard/url.c:1.79 Tue Apr 27 15:28:11 2004 +++ php-src/ext/standard/url.c Fri May 28 07:33:23 2004 @@ -15,7 +15,7 @@ | Author: Jim Winstead [EMAIL PROTECTED] | +--+ */ -/* $Id: url.c,v 1.79 2004/04/27 19:28:11 pollita Exp $ */ +/* $Id: url.c,v 1.80 2004/05/28 11:33:23 sesser Exp $ */ #include stdlib.h #include string.h @@ -86,7 +86,7 @@ PHPAPI php_url *php_url_parse(char const *str) { int length = strlen(str); - char port_buf[5]; + char port_buf[6]; php_url *ret = ecalloc(1, sizeof(php_url)); char const *s, *e, *p, *pp, *ue; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_3) /ext/standard url.c
sesser Fri May 28 07:33:43 2004 EDT Modified files: (Branch: PHP_4_3) /php-src/ext/standard url.c Log: MFH http://cvs.php.net/diff.php/php-src/ext/standard/url.c?r1=1.58.2.14r2=1.58.2.15ty=u Index: php-src/ext/standard/url.c diff -u php-src/ext/standard/url.c:1.58.2.14 php-src/ext/standard/url.c:1.58.2.15 --- php-src/ext/standard/url.c:1.58.2.14Tue Apr 27 15:28:21 2004 +++ php-src/ext/standard/url.c Fri May 28 07:33:42 2004 @@ -15,7 +15,7 @@ | Author: Jim Winstead [EMAIL PROTECTED] | +--+ */ -/* $Id: url.c,v 1.58.2.14 2004/04/27 19:28:21 pollita Exp $ */ +/* $Id: url.c,v 1.58.2.15 2004/05/28 11:33:42 sesser Exp $ */ #include stdlib.h #include string.h @@ -86,7 +86,7 @@ PHPAPI php_url *php_url_parse(char *str) { int length = strlen(str); - char port_buf[5]; + char port_buf[6]; php_url *ret = ecalloc(1, sizeof(php_url)); char *s, *e, *p, *pp, *ue; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main SAPI.c
sesser Tue May 25 18:12:40 2004 EDT Modified files: /php-src/main SAPI.c Log: break is better http://cvs.php.net/diff.php/php-src/main/SAPI.c?r1=1.184r2=1.185ty=u Index: php-src/main/SAPI.c diff -u php-src/main/SAPI.c:1.184 php-src/main/SAPI.c:1.185 --- php-src/main/SAPI.c:1.184 Thu Mar 25 03:41:59 2004 +++ php-src/main/SAPI.c Tue May 25 18:12:40 2004 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: SAPI.c,v 1.184 2004/03/25 08:41:59 helly Exp $ */ +/* $Id: SAPI.c,v 1.185 2004/05/25 22:12:40 sesser Exp $ */ #include ctype.h #include sys/stat.h @@ -201,7 +201,7 @@ SG(read_post_bytes) += read_bytes; if (SG(read_post_bytes) SG(post_max_size)) { php_error_docref(NULL TSRMLS_CC, E_WARNING, Actual POST length does not match Content-Length, and exceeds %ld bytes, SG(post_max_size)); - return; + break; } if (read_bytes SAPI_POST_BLOCK_SIZE) { break; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_3) /main SAPI.c
sesser Tue May 25 18:13:11 2004 EDT Modified files: (Branch: PHP_4_3) /php-src/main SAPI.c Log: MFH http://cvs.php.net/diff.php/php-src/main/SAPI.c?r1=1.155.2.18r2=1.155.2.19ty=u Index: php-src/main/SAPI.c diff -u php-src/main/SAPI.c:1.155.2.18 php-src/main/SAPI.c:1.155.2.19 --- php-src/main/SAPI.c:1.155.2.18 Fri Mar 26 20:45:44 2004 +++ php-src/main/SAPI.c Tue May 25 18:13:10 2004 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: SAPI.c,v 1.155.2.18 2004/03/27 01:45:44 helly Exp $ */ +/* $Id: SAPI.c,v 1.155.2.19 2004/05/25 22:13:10 sesser Exp $ */ #include ctype.h #include sys/stat.h @@ -201,7 +201,7 @@ SG(read_post_bytes) += read_bytes; if (SG(read_post_bytes) SG(post_max_size)) { php_error_docref(NULL TSRMLS_CC, E_WARNING, Actual POST length does not match Content-Length, and exceeds %ld bytes, SG(post_max_size)); - return; + break; } if (read_bytes SAPI_POST_BLOCK_SIZE) { break; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main rfc1867.c
sesser Sun May 23 06:00:59 2004 EDT Modified files: /php-src/main rfc1867.c Log: This is more correct. http://cvs.php.net/diff.php/php-src/main/rfc1867.c?r1=1.157r2=1.158ty=u Index: php-src/main/rfc1867.c diff -u php-src/main/rfc1867.c:1.157 php-src/main/rfc1867.c:1.158 --- php-src/main/rfc1867.c:1.157Fri May 21 04:16:13 2004 +++ php-src/main/rfc1867.c Sun May 23 06:00:59 2004 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: rfc1867.c,v 1.157 2004/05/21 08:16:13 derick Exp $ */ +/* $Id: rfc1867.c,v 1.158 2004/05/23 10:00:59 sesser Exp $ */ /* * This product includes software developed by the Apache Group @@ -1044,19 +1044,19 @@ php_mb_gpc_encoding_converter(filename, str_len, 1, NULL, NULL TSRMLS_CC); } s = php_mb_strrchr(filename, '\\' TSRMLS_CC); - if (tmp = php_mb_strrchr(filename, '/' TSRMLS_CC)) { + if ((tmp = php_mb_strrchr(filename, '/' TSRMLS_CC)) s) { s = tmp; } num_vars--; } else { s = strrchr(filename, '\\'); - if (tmp = strrchr(filename, '/')) { + if ((tmp = strrchr(filename, '/')) s) { s = tmp; } } #else s = strrchr(filename, '\\'); - if (tmp = strrchr(filename, '/')) { + if ((tmp = strrchr(filename, '/')) s) { s = tmp; } #endif -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_3) /main rfc1867.c
sesser Sun May 23 06:15:24 2004 EDT Modified files: (Branch: PHP_4_3) /php-src/main rfc1867.c Log: MFH. http://cvs.php.net/diff.php/php-src/main/rfc1867.c?r1=1.122.2.20r2=1.122.2.21ty=u Index: php-src/main/rfc1867.c diff -u php-src/main/rfc1867.c:1.122.2.20 php-src/main/rfc1867.c:1.122.2.21 --- php-src/main/rfc1867.c:1.122.2.20 Fri May 21 04:16:26 2004 +++ php-src/main/rfc1867.c Sun May 23 06:15:24 2004 @@ -16,7 +16,7 @@ | Jani Taskinen [EMAIL PROTECTED] | +--+ */ -/* $Id: rfc1867.c,v 1.122.2.20 2004/05/21 08:16:26 derick Exp $ */ +/* $Id: rfc1867.c,v 1.122.2.21 2004/05/23 10:15:24 sesser Exp $ */ /* * This product includes software developed by the Apache Group @@ -1031,19 +1031,19 @@ php_mb_gpc_encoding_converter(filename, str_len, 1, NULL, NULL TSRMLS_CC); } s = php_mb_strrchr(filename, '\\' TSRMLS_CC); - if (tmp = php_mb_strrchr(filename, '/' TSRMLS_CC)) { + if ((tmp = php_mb_strrchr(filename, '/' TSRMLS_CC)) s) { s = tmp; } num_vars--; } else { s = strrchr(filename, '\\'); - if (tmp = strrchr(filename, '/')) { + if ((tmp = strrchr(filename, '/')) s) { s = tmp; } } #else s = strrchr(filename, '\\'); - if (tmp = strrchr(filename, '/')) { + if ((tmp = strrchr(filename, '/')) s) { s = tmp; } #endif -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_3) /main rfc1867.c
sesser Sun May 2 06:17:36 2004 EDT Modified files: (Branch: PHP_4_3) /php-src/main rfc1867.c Log: MFH http://cvs.php.net/diff.php/php-src/main/rfc1867.c?r1=1.122.2.17r2=1.122.2.18ty=u Index: php-src/main/rfc1867.c diff -u php-src/main/rfc1867.c:1.122.2.17 php-src/main/rfc1867.c:1.122.2.18 --- php-src/main/rfc1867.c:1.122.2.17 Thu Feb 12 13:36:57 2004 +++ php-src/main/rfc1867.c Sun May 2 06:17:36 2004 @@ -16,7 +16,7 @@ | Jani Taskinen [EMAIL PROTECTED] | +--+ */ -/* $Id: rfc1867.c,v 1.122.2.17 2004/02/12 18:36:57 sesser Exp $ */ +/* $Id: rfc1867.c,v 1.122.2.18 2004/05/02 10:17:36 sesser Exp $ */ /* * This product includes software developed by the Apache Group @@ -147,7 +147,7 @@ /* and remove it */ if (s != varname) { - memcpy(varname, s, strlen(s)+1); + memmove(varname, s, strlen(s)+1); } for (p=varname; *p *p != '['; p++) { @@ -178,7 +178,7 @@ indexend = indexend ? indexend + 1 : index + strlen(index); if (s != index) { - memcpy(s, index, strlen(s)+1); + memmove(s, index, strlen(index)+1); s += indexend-index; } else { s = indexend; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/soap php_http.c
sesser Thu Apr 8 10:58:04 2004 EDT Modified files: /php-src/ext/soap php_http.c Log: Fixed: possible remote overflow and possible efree(NULL) crash http://cvs.php.net/diff.php/php-src/ext/soap/php_http.c?r1=1.49r2=1.50ty=u Index: php-src/ext/soap/php_http.c diff -u php-src/ext/soap/php_http.c:1.49 php-src/ext/soap/php_http.c:1.50 --- php-src/ext/soap/php_http.c:1.49Fri Apr 2 10:43:41 2004 +++ php-src/ext/soap/php_http.c Thu Apr 8 10:58:04 2004 @@ -17,7 +17,7 @@ | Dmitry Stogov [EMAIL PROTECTED] | +--+ */ -/* $Id: php_http.c,v 1.49 2004/04/02 15:43:41 dmitry Exp $ */ +/* $Id: php_http.c,v 1.50 2004/04/08 14:58:04 sesser Exp $ */ #include php_soap.h #include ext/standard/base64.h @@ -869,6 +869,10 @@ if (buf_size 0) { int len_size = 0; + if (http_buf_size + buf_size + 1 0) { + efree(http_buf); + return FALSE; + } http_buf = erealloc(http_buf, http_buf_size + buf_size + 1); while (len_size buf_size) { @@ -888,7 +892,9 @@ php_stream_getc(stream); } else { /* Somthing wrong in chunked encoding */ - efree(http_buf); + if (http_buf) { + efree(http_buf); + } return FALSE; } if (buf_size == 0) { @@ -901,14 +907,25 @@ } } else if (header_length) { + if (header_length 0) { + return FALSE; + } http_buf = emalloc(header_length + 1); while (http_buf_size header_length) { - http_buf_size += php_stream_read(stream, http_buf + http_buf_size, header_length - http_buf_size); + int len_read = php_stream_read(stream, http_buf + http_buf_size, header_length - http_buf_size); + if (len_read = 0) { + break; + } + http_buf_size += len_read; } } else if (header_close) { do { + int len_read; http_buf = erealloc(http_buf, http_buf_size + 4096 + 1); - http_buf_size += php_stream_read(stream, http_buf + http_buf_size, 4096); + len_read = php_stream_read(stream, http_buf + http_buf_size, 4096); + if (len_read 0) { + http_buf_size += len_read; + } } while(!php_stream_eof(stream)); } else { return FALSE; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main rfc1867.c
sesser Thu Feb 12 13:27:34 2004 EDT Modified files: /php-src/main rfc1867.c Log: better write into the correct buffer http://cvs.php.net/diff.php/php-src/main/rfc1867.c?r1=1.150r2=1.151ty=u Index: php-src/main/rfc1867.c diff -u php-src/main/rfc1867.c:1.150 php-src/main/rfc1867.c:1.151 --- php-src/main/rfc1867.c:1.150Thu Jan 8 03:17:54 2004 +++ php-src/main/rfc1867.c Thu Feb 12 13:27:33 2004 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: rfc1867.c,v 1.150 2004/01/08 08:17:54 andi Exp $ */ +/* $Id: rfc1867.c,v 1.151 2004/02/12 18:27:33 sesser Exp $ */ /* * This product includes software developed by the Apache Group @@ -90,6 +90,9 @@ if (*num_vars=*num_vars_max){ php_mb_gpc_realloc_buffer(pval_list, plen_list, num_vars_max, 16 TSRMLS_CC); + /* in case realloc relocated the buffer */ + val_list = *pval_list; + len_list = *plen_list; } val_list[*num_vars] = (char *)estrdup(param); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_3) /main rfc1867.c
sesser Thu Feb 12 13:36:58 2004 EDT Modified files: (Branch: PHP_4_3) /php-src/main rfc1867.c Log: MFH http://cvs.php.net/diff.php/php-src/main/rfc1867.c?r1=1.122.2.16r2=1.122.2.17ty=u Index: php-src/main/rfc1867.c diff -u php-src/main/rfc1867.c:1.122.2.16 php-src/main/rfc1867.c:1.122.2.17 --- php-src/main/rfc1867.c:1.122.2.16 Wed Nov 12 17:34:34 2003 +++ php-src/main/rfc1867.c Thu Feb 12 13:36:57 2004 @@ -16,7 +16,7 @@ | Jani Taskinen [EMAIL PROTECTED] | +--+ */ -/* $Id: rfc1867.c,v 1.122.2.16 2003/11/12 22:34:34 sesser Exp $ */ +/* $Id: rfc1867.c,v 1.122.2.17 2004/02/12 18:36:57 sesser Exp $ */ /* * This product includes software developed by the Apache Group @@ -89,6 +89,9 @@ if (*num_vars=*num_vars_max){ php_mb_gpc_realloc_buffer(pval_list, plen_list, num_vars_max, 16 TSRMLS_CC); + /* in case realloc relocated the buffer */ + val_list = *pval_list; + len_list = *plen_list; } val_list[*num_vars] = (char *)estrdup(param); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main SAPI.c
sesser Sat Nov 22 16:10:48 2003 EDT Modified files: /php-src/main SAPI.c Log: On error do not leave content_type_dup unitialised. Index: php-src/main/SAPI.c diff -u php-src/main/SAPI.c:1.179 php-src/main/SAPI.c:1.180 --- php-src/main/SAPI.c:1.179 Sat Sep 13 11:27:04 2003 +++ php-src/main/SAPI.c Sat Nov 22 16:10:47 2003 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: SAPI.c,v 1.179 2003/09/13 15:27:04 abies Exp $ */ +/* $Id: SAPI.c,v 1.180 2003/11/22 21:10:47 sesser Exp $ */ #include ctype.h #include sys/stat.h @@ -160,6 +160,7 @@ SG(request_info).post_entry = NULL; if (!sapi_module.default_post_reader) { /* no default reader ? */ + SG(request_info).content_type_dup = NULL; sapi_module.sapi_error(E_WARNING, Unsupported content type: '%s', content_type); return; } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php