[PHP-CVS] cvs: php-src(PHP_4_4) / NEWS /ext/curl curl.c
tony2001Thu Mar 15 23:19:22 2007 UTC
Modified files: (Branch: PHP_4_4)
/php-srcNEWS
/php-src/ext/curl curl.c
Log:
fix #40831 (cURL extension doesn't clean up the buffer of reused handle)
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.1247.2.920.2.209r2=1.1247.2.920.2.210diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.1247.2.920.2.209 php-src/NEWS:1.1247.2.920.2.210
--- php-src/NEWS:1.1247.2.920.2.209 Wed Mar 14 19:42:59 2007
+++ php-src/NEWSThu Mar 15 23:19:21 2007
@@ -8,6 +8,8 @@
- Fixed CVE-2007-1001, GD wbmp used with invalid image size (Pierre)
- Fixed CVE-2007-0455, Buffer overflow in gdImageStringFTEx (used by imagettf
function) (Kees Cook, Pierre)
+- Fixed bug #40831 (cURL extension doesn't clean up the buffer of reused
+ handle). (Tony)
- Fixed bug #40747 (possible crash in session when save_path is out of
open_basedir). (Tony)
- Fixed MOPB-8, XSS in phpinfo() (Joe Orton, Stas)
http://cvs.php.net/viewvc.cgi/php-src/ext/curl/curl.c?r1=1.124.2.30.2.18r2=1.124.2.30.2.19diff_format=u
Index: php-src/ext/curl/curl.c
diff -u php-src/ext/curl/curl.c:1.124.2.30.2.18
php-src/ext/curl/curl.c:1.124.2.30.2.19
--- php-src/ext/curl/curl.c:1.124.2.30.2.18 Mon Feb 26 09:14:41 2007
+++ php-src/ext/curl/curl.c Thu Mar 15 23:19:21 2007
@@ -16,7 +16,7 @@
+--+
*/
-/* $Id: curl.c,v 1.124.2.30.2.18 2007/02/26 09:14:41 tony2001 Exp $ */
+/* $Id: curl.c,v 1.124.2.30.2.19 2007/03/15 23:19:21 tony2001 Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -1262,10 +1262,6 @@
static void
cleanup_handle(php_curl *ch)
{
- if (ch-uses 1) {
- return;
- }
-
if (ch-handlers-write-buf.len 0) {
smart_str_free(ch-handlers-write-buf);
ch-handlers-write-buf.len = 0;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_4) / NEWS /ext/curl curl.c
tony2001Mon Feb 26 09:14:41 2007 UTC
Modified files: (Branch: PHP_4_4)
/php-srcNEWS
/php-src/ext/curl curl.c
Log:
fix #40635 (segfault in cURL extension)
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.1247.2.920.2.199r2=1.1247.2.920.2.200diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.1247.2.920.2.199 php-src/NEWS:1.1247.2.920.2.200
--- php-src/NEWS:1.1247.2.920.2.199 Fri Feb 23 20:53:23 2007
+++ php-src/NEWSMon Feb 26 09:14:40 2007
@@ -2,6 +2,7 @@
|||
?? Feb 2007, Version 4.4.6
+- Fixed bug #40635 (segfault in cURL extension). (Tony)
- Fixed bug #40611 (possible cURL memory error). (Tony)
22 Feb 2007, Version 4.4.6RC1
http://cvs.php.net/viewvc.cgi/php-src/ext/curl/curl.c?r1=1.124.2.30.2.17r2=1.124.2.30.2.18diff_format=u
Index: php-src/ext/curl/curl.c
diff -u php-src/ext/curl/curl.c:1.124.2.30.2.17
php-src/ext/curl/curl.c:1.124.2.30.2.18
--- php-src/ext/curl/curl.c:1.124.2.30.2.17 Fri Feb 23 20:53:24 2007
+++ php-src/ext/curl/curl.c Mon Feb 26 09:14:41 2007
@@ -16,7 +16,7 @@
+--+
*/
-/* $Id: curl.c,v 1.124.2.30.2.17 2007/02/23 20:53:24 tony2001 Exp $ */
+/* $Id: curl.c,v 1.124.2.30.2.18 2007/02/26 09:14:41 tony2001 Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -1266,8 +1266,9 @@
return;
}
- if (ch-handlers-write-buf.len) {
- memset(ch-handlers-write-buf, 0, sizeof(smart_str));
+ if (ch-handlers-write-buf.len 0) {
+ smart_str_free(ch-handlers-write-buf);
+ ch-handlers-write-buf.len = 0;
}
memset(ch-err.str, 0, CURL_ERROR_SIZE + 1);
@@ -1297,6 +1298,7 @@
if (error != CURLE_OK error != CURLE_PARTIAL_FILE) {
if (ch-handlers-write-buf.len 0) {
smart_str_free(ch-handlers-write-buf);
+ ch-handlers-write-buf.len = 0;
}
RETURN_FALSE;
@@ -1306,9 +1308,10 @@
if (ch-handlers-write-method == PHP_CURL_RETURN
ch-handlers-write-buf.len 0) {
--ch-uses;
- if (ch-handlers-write-type != PHP_CURL_BINARY)
+ if (ch-handlers-write-type != PHP_CURL_BINARY) {
smart_str_0(ch-handlers-write-buf);
- RETURN_STRINGL(ch-handlers-write-buf.c,
ch-handlers-write-buf.len, 0);
+ }
+ RETURN_STRINGL(ch-handlers-write-buf.c,
ch-handlers-write-buf.len, 1);
}
--ch-uses;
if (ch-handlers-write-method == PHP_CURL_RETURN) {
@@ -1533,6 +1536,10 @@
zend_llist_clean(ch-to_free.slist);
zend_llist_clean(ch-to_free.post);
+ if (ch-handlers-write-buf.len 0) {
+ smart_str_free(ch-handlers-write-buf);
+ ch-handlers-write-buf.len = 0;
+ }
if (ch-handlers-write-func) {
FREE_ZVAL(ch-handlers-write-func);
ch-handlers-read-func = NULL;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_4) / NEWS /ext/curl curl.c
tony2001Fri Feb 23 20:53:24 2007 UTC
Modified files: (Branch: PHP_4_4)
/php-srcNEWS
/php-src/ext/curl curl.c
Log:
fix #40611 (possible cURL memory error)
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.1247.2.920.2.198r2=1.1247.2.920.2.199diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.1247.2.920.2.198 php-src/NEWS:1.1247.2.920.2.199
--- php-src/NEWS:1.1247.2.920.2.198 Thu Feb 22 14:47:29 2007
+++ php-src/NEWSFri Feb 23 20:53:23 2007
@@ -2,6 +2,8 @@
|||
?? Feb 2007, Version 4.4.6
+- Fixed bug #40611 (possible cURL memory error). (Tony)
+
22 Feb 2007, Version 4.4.6RC1
- Updated PCRE to version 7.0. (Nuno)
http://cvs.php.net/viewvc.cgi/php-src/ext/curl/curl.c?r1=1.124.2.30.2.16r2=1.124.2.30.2.17diff_format=u
Index: php-src/ext/curl/curl.c
diff -u php-src/ext/curl/curl.c:1.124.2.30.2.16
php-src/ext/curl/curl.c:1.124.2.30.2.17
--- php-src/ext/curl/curl.c:1.124.2.30.2.16 Fri Jan 12 16:38:40 2007
+++ php-src/ext/curl/curl.c Fri Feb 23 20:53:24 2007
@@ -16,7 +16,7 @@
+--+
*/
-/* $Id: curl.c,v 1.124.2.30.2.16 2007/01/12 16:38:40 iliaa Exp $ */
+/* $Id: curl.c,v 1.124.2.30.2.17 2007/02/23 20:53:24 tony2001 Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -559,7 +559,9 @@
case PHP_CURL_FILE:
return fwrite(data, size, nmemb, t-fp);
case PHP_CURL_RETURN:
- smart_str_appendl(t-buf, data, (int) length);
+ if (length 0) {
+ smart_str_appendl(t-buf, data, (int) length);
+ }
break;
case PHP_CURL_USER: {
zval *argv[2];
@@ -674,10 +676,11 @@
case PHP_CURL_STDOUT:
/* Handle special case write when we're returning the
entire transfer
*/
- if (ch-handlers-write-method == PHP_CURL_RETURN)
+ if (ch-handlers-write-method == PHP_CURL_RETURN
length 0) {
smart_str_appendl(ch-handlers-write-buf,
data, (int) length);
- else
+ } else {
PHPWRITE(data, length);
+ }
break;
case PHP_CURL_FILE:
return fwrite(data, size, nmemb, t-fp);
@@ -1309,7 +1312,7 @@
}
--ch-uses;
if (ch-handlers-write-method == PHP_CURL_RETURN) {
- RETURN_STRINGL(, sizeof() - 1, 0);
+ RETURN_EMPTY_STRING();
}
RETURN_TRUE;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_4) / NEWS /ext/curl curl.c
iliaa Fri Jan 12 16:38:40 2007 UTC
Modified files: (Branch: PHP_4_4)
/php-srcNEWS
/php-src/ext/curl curl.c
Log:
Fixed bug #36248 (CURLOPT_HEADERFUNCTION, couldn't set the function in the
class).
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.1247.2.920.2.183r2=1.1247.2.920.2.184diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.1247.2.920.2.183 php-src/NEWS:1.1247.2.920.2.184
--- php-src/NEWS:1.1247.2.920.2.183 Tue Jan 9 17:06:42 2007
+++ php-src/NEWSFri Jan 12 16:38:39 2007
@@ -3,6 +3,8 @@
?? Jan 2007, Version 4.4.5
- Fixed bug #39819 (Using $this not in object context can cause segfaults).
(Dmitry)
+- Fixed bug #36248 (CURLOPT_HEADERFUNCTION, couldn't set the function in the
+ class). (Ilia)
04 Jan 2007, Version 4.4.5RC1
- Added a meta tag to phpinfo() output to prevent search engines from
http://cvs.php.net/viewvc.cgi/php-src/ext/curl/curl.c?r1=1.124.2.30.2.15r2=1.124.2.30.2.16diff_format=u
Index: php-src/ext/curl/curl.c
diff -u php-src/ext/curl/curl.c:1.124.2.30.2.15
php-src/ext/curl/curl.c:1.124.2.30.2.16
--- php-src/ext/curl/curl.c:1.124.2.30.2.15 Mon Jan 1 09:46:40 2007
+++ php-src/ext/curl/curl.c Fri Jan 12 16:38:40 2007
@@ -16,7 +16,7 @@
+--+
*/
-/* $Id: curl.c,v 1.124.2.30.2.15 2007/01/01 09:46:40 sebastian Exp $ */
+/* $Id: curl.c,v 1.124.2.30.2.16 2007/01/12 16:38:40 iliaa Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -702,19 +702,17 @@
retval, 2, argv TSRMLS_CC);
ch-in_callback = 0;
if (error == FAILURE) {
- php_error(E_WARNING, %s(): Couldn't call the
CURLOPT_HEADERFUNCTION,
-
get_active_function_name(TSRMLS_C));
+ php_error_docref(NULL TSRMLS_CC, E_WARNING,
Could not call the CURLOPT_HEADERFUNCTION);
length = -1;
- }
- else {
+ } else {
if (Z_TYPE_P(retval) != IS_LONG) {
convert_to_long_ex(retval);
}
length = Z_LVAL_P(retval);
+ zval_ptr_dtor(retval);
}
zval_ptr_dtor(argv[0]);
zval_ptr_dtor(argv[1]);
- zval_ptr_dtor(retval);
break;
}
@@ -1075,6 +1073,7 @@
case CURLOPT_WRITEFUNCTION:
if (ch-handlers-write-func) {
zval_ptr_dtor(ch-handlers-write-func);
+ ch-handlers-write-func = NULL;
}
zval_add_ref(zvalue);
ch-handlers-write-func = *zvalue;
@@ -1083,6 +1082,7 @@
case CURLOPT_READFUNCTION:
if (ch-handlers-read-func) {
zval_ptr_dtor(ch-handlers-read-func);
+ ch-handlers-read-func = NULL;
}
zval_add_ref(zvalue);
ch-handlers-read-func = *zvalue;
@@ -1091,6 +1091,7 @@
case CURLOPT_HEADERFUNCTION:
if (ch-handlers-write_header-func) {
zval_ptr_dtor(ch-handlers-write_header-func);
+ ch-handlers-write_header-func = NULL;
}
zval_add_ref(zvalue);
ch-handlers-write_header-func = *zvalue;
@@ -1100,6 +1101,7 @@
case CURLOPT_PASSWDFUNCTION:
if (ch-handlers-passwd) {
zval_ptr_dtor(ch-handlers-passwd);
+ ch-handlers-passwd = NULL;
}
zval_add_ref(zvalue);
ch-handlers-passwd = *zvalue;
@@ -1300,10 +1302,13 @@
ch-uses++;
if (ch-handlers-write-method == PHP_CURL_RETURN
ch-handlers-write-buf.len 0) {
+ --ch-uses;
if (ch-handlers-write-type != PHP_CURL_BINARY)
smart_str_0(ch-handlers-write-buf);
RETURN_STRINGL(ch-handlers-write-buf.c,
ch-handlers-write-buf.len, 0);
- } else if (ch-handlers-write-method == PHP_CURL_RETURN) {
+ }
+ --ch-uses;
+ if (ch-handlers-write-method == PHP_CURL_RETURN) {
RETURN_STRINGL(, sizeof() - 1, 0);
}
@@ -1506,7 +1511,11 @@
php_error_docref(NULL TSRMLS_CC, E_WARNING, Attempt to close
CURL handle from a callback);
return;
[PHP-CVS] cvs: php-src(PHP_4_4) / NEWS /ext/curl curl.c
iliaa Fri Nov 3 14:55:59 2006 UTC Modified files: (Branch: PHP_4_4) /php-src/ext/curl curl.c /php-srcNEWS Log: MFH: Fixed bug #39354 (Allow building of curl extension against libcurl 7.16.0) http://cvs.php.net/viewvc.cgi/php-src/ext/curl/curl.c?r1=1.124.2.30.2.13r2=1.124.2.30.2.14diff_format=u Index: php-src/ext/curl/curl.c diff -u php-src/ext/curl/curl.c:1.124.2.30.2.13 php-src/ext/curl/curl.c:1.124.2.30.2.14 --- php-src/ext/curl/curl.c:1.124.2.30.2.13 Tue Oct 10 23:17:05 2006 +++ php-src/ext/curl/curl.c Fri Nov 3 14:55:59 2006 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: curl.c,v 1.124.2.30.2.13 2006/10/10 23:17:05 iliaa Exp $ */ +/* $Id: curl.c,v 1.124.2.30.2.14 2006/11/03 14:55:59 iliaa Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -258,7 +258,9 @@ REGISTER_CURL_CONSTANT(CURLOPT_FTPAPPEND); REGISTER_CURL_CONSTANT(CURLOPT_NETRC); REGISTER_CURL_CONSTANT(CURLOPT_FOLLOWLOCATION); +#if CURLOPT_FTPASCII != 0 REGISTER_CURL_CONSTANT(CURLOPT_FTPASCII); +#endif REGISTER_CURL_CONSTANT(CURLOPT_PUT); #if CURLOPT_MUTE != 0 REGISTER_CURL_CONSTANT(CURLOPT_MUTE); @@ -296,7 +298,9 @@ REGISTER_CURL_CONSTANT(CURLOPT_FILETIME); REGISTER_CURL_CONSTANT(CURLOPT_WRITEFUNCTION); REGISTER_CURL_CONSTANT(CURLOPT_READFUNCTION); +#if CURLOPT_PASSWDFUNCTION != 0 REGISTER_CURL_CONSTANT(CURLOPT_PASSWDFUNCTION); +#endif REGISTER_CURL_CONSTANT(CURLOPT_HEADERFUNCTION); REGISTER_CURL_CONSTANT(CURLOPT_MAXREDIRS); REGISTER_CURL_CONSTANT(CURLOPT_MAXCONNECTS); http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.1247.2.920.2.170r2=1.1247.2.920.2.171diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.1247.2.920.2.170 php-src/NEWS:1.1247.2.920.2.171 --- php-src/NEWS:1.1247.2.920.2.170 Thu Oct 19 11:27:36 2006 +++ php-src/NEWSFri Nov 3 14:55:59 2006 @@ -3,6 +3,8 @@ ?? ??? 2006, Version 4.4.5 - Updated PCRE to version 6.7. (Ilia) - Fixed missing open_basedir check inside chdir() function. (Ilia) +- Fixed bug #39354 (Allow building of curl extension against libcurl + 7.16.0). (Ilia) - Fixed bug #39129 (avoid creation of a dummy constructor. (Ilia) - Fixed bug #39034 (curl_exec() with return transfer returns TRUE on empty files). (Ilia) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_4) / NEWS /ext/curl curl.c
iliaa Tue Oct 10 23:17:05 2006 UTC
Modified files: (Branch: PHP_4_4)
/php-srcNEWS
/php-src/ext/curl curl.c
Log:
MFH: Fixed bug #39034 (curl_exec() with return transfer returns TRUE on
empty files).
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.1247.2.920.2.166r2=1.1247.2.920.2.167diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.1247.2.920.2.166 php-src/NEWS:1.1247.2.920.2.167
--- php-src/NEWS:1.1247.2.920.2.166 Wed Oct 4 23:20:02 2006
+++ php-src/NEWSTue Oct 10 23:17:04 2006
@@ -3,6 +3,8 @@
?? ??? 2006, Version 4.4.5
- Updated PCRE to version 6.7. (Ilia)
- Fixed missing open_basedir check inside chdir() function. (Ilia)
+- Fixed bug #39034 (curl_exec() with return transfer returns TRUE on empty
+ files). (Ilia)
- Fixed bug #38963 (Fixed a possible open_basedir bypass in tempnam()). (Ilia)
- Fixed bug #38859 (parse_url() fails if passing '@' in passwd). (Tony,Ilia)
- Fixed bug #38534 (segfault when calling setlocale() in userspace session
http://cvs.php.net/viewvc.cgi/php-src/ext/curl/curl.c?r1=1.124.2.30.2.12r2=1.124.2.30.2.13diff_format=u
Index: php-src/ext/curl/curl.c
diff -u php-src/ext/curl/curl.c:1.124.2.30.2.12
php-src/ext/curl/curl.c:1.124.2.30.2.13
--- php-src/ext/curl/curl.c:1.124.2.30.2.12 Thu Aug 10 17:27:11 2006
+++ php-src/ext/curl/curl.c Tue Oct 10 23:17:05 2006
@@ -16,7 +16,7 @@
+--+
*/
-/* $Id: curl.c,v 1.124.2.30.2.12 2006/08/10 17:27:11 iliaa Exp $ */
+/* $Id: curl.c,v 1.124.2.30.2.13 2006/10/10 23:17:05 iliaa Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -1299,6 +1299,8 @@
if (ch-handlers-write-type != PHP_CURL_BINARY)
smart_str_0(ch-handlers-write-buf);
RETURN_STRINGL(ch-handlers-write-buf.c,
ch-handlers-write-buf.len, 0);
+ } else if (ch-handlers-write-method == PHP_CURL_RETURN) {
+ RETURN_STRINGL(, sizeof() - 1, 0);
}
RETURN_TRUE;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_4) / NEWS /ext/curl curl.c curlstreams.c /ext/standard string.c Zend zend_alloc.c
iliaa Thu Aug 10 17:27:12 2006 UTC
Modified files: (Branch: PHP_4_4)
/php-srcNEWS
/php-src/ext/curl curl.c curlstreams.c
/Zend zend_alloc.c
/php-src/ext/standard string.c
Log:
MFH: Various security fixes
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.1247.2.920.2.150r2=1.1247.2.920.2.151diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.1247.2.920.2.150 php-src/NEWS:1.1247.2.920.2.151
--- php-src/NEWS:1.1247.2.920.2.150 Tue Aug 8 14:57:04 2006
+++ php-src/NEWSThu Aug 10 17:27:11 2006
@@ -1,6 +1,10 @@
PHP 4 NEWS
|||
?? ??? 2006, Version 4.4.4
+- Fixed memory_limit on 64bit systems. (Stefan E.)
+- Fixed overflow on 64bit systems in str_repeat() and wordwrap(). (Stefan E.)
+- Disabled CURLOPT_FOLLOWLOCATION in curl when open_basedir or safe_mode are
+ enabled. (Stefan E.)
- Fixed bug #38377 (session_destroy() gives warning after
session_regenerate_id()). (Ilia)
- Fixed bug #38322 (reading past array in sscanf() leads to arbitary code
http://cvs.php.net/viewvc.cgi/php-src/ext/curl/curl.c?r1=1.124.2.30.2.11r2=1.124.2.30.2.12diff_format=u
Index: php-src/ext/curl/curl.c
diff -u php-src/ext/curl/curl.c:1.124.2.30.2.11
php-src/ext/curl/curl.c:1.124.2.30.2.12
--- php-src/ext/curl/curl.c:1.124.2.30.2.11 Sun May 21 18:48:50 2006
+++ php-src/ext/curl/curl.c Thu Aug 10 17:27:11 2006
@@ -16,7 +16,7 @@
+--+
*/
-/* $Id: curl.c,v 1.124.2.30.2.11 2006/05/21 18:48:50 helly Exp $ */
+/* $Id: curl.c,v 1.124.2.30.2.12 2006/08/10 17:27:11 iliaa Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -924,7 +924,6 @@
case CURLOPT_FTPLISTONLY:
case CURLOPT_FTPAPPEND:
case CURLOPT_NETRC:
- case CURLOPT_FOLLOWLOCATION:
case CURLOPT_PUT:
#if CURLOPT_MUTE != 0
case CURLOPT_MUTE:
@@ -961,6 +960,16 @@
convert_to_long_ex(zvalue);
error = curl_easy_setopt(ch-cp, option,
Z_LVAL_PP(zvalue));
break;
+ case CURLOPT_FOLLOWLOCATION:
+ convert_to_long_ex(zvalue);
+ if ((PG(open_basedir) *PG(open_basedir)) ||
PG(safe_mode)) {
+ if (Z_LVAL_PP(zvalue) != 0) {
+ php_error_docref(NULL TSRMLS_CC,
E_WARNING, CURLOPT_FOLLOWLOCATION cannot be activated when in safe_mode or an
open_basedir is set);
+ RETURN_FALSE;
+ }
+ }
+ error = curl_easy_setopt(ch-cp, option,
Z_LVAL_PP(zvalue));
+ break;
case CURLOPT_URL:
case CURLOPT_PROXY:
case CURLOPT_USERPWD:
http://cvs.php.net/viewvc.cgi/php-src/ext/curl/curlstreams.c?r1=1.2.2.3.2.1r2=1.2.2.3.2.2diff_format=u
Index: php-src/ext/curl/curlstreams.c
diff -u php-src/ext/curl/curlstreams.c:1.2.2.3.2.1
php-src/ext/curl/curlstreams.c:1.2.2.3.2.2
--- php-src/ext/curl/curlstreams.c:1.2.2.3.2.1 Sun Jan 1 13:46:50 2006
+++ php-src/ext/curl/curlstreams.c Thu Aug 10 17:27:11 2006
@@ -16,7 +16,7 @@
+--+
*/
-/* $Id: curlstreams.c,v 1.2.2.3.2.1 2006/01/01 13:46:50 sniper Exp $ */
+/* $Id: curlstreams.c,v 1.2.2.3.2.2 2006/08/10 17:27:11 iliaa Exp $ */
/* This file implements cURL based wrappers.
* NOTE: If you are implementing your own streams that are intended to
@@ -297,7 +297,11 @@
curl_easy_setopt(curlstream-curl, CURLOPT_WRITEHEADER, stream);
/* currently buggy (bug is in curl) */
- curl_easy_setopt(curlstream-curl, CURLOPT_FOLLOWLOCATION, 1);
+ if ((PG(open_basedir) *PG(open_basedir)) || PG(safe_mode)) {
+ curl_easy_setopt(curlstream-curl, CURLOPT_FOLLOWLOCATION, 0);
+ } else {
+ curl_easy_setopt(curlstream-curl, CURLOPT_FOLLOWLOCATION, 1);
+ }
curl_easy_setopt(curlstream-curl, CURLOPT_ERRORBUFFER,
curlstream-errstr);
curl_easy_setopt(curlstream-curl, CURLOPT_VERBOSE, 0);
http://cvs.php.net/viewvc.cgi/Zend/zend_alloc.c?r1=1.105.4.9.2.3r2=1.105.4.9.2.4diff_format=u
Index: Zend/zend_alloc.c
diff -u Zend/zend_alloc.c:1.105.4.9.2.3 Zend/zend_alloc.c:1.105.4.9.2.4
--- Zend/zend_alloc.c:1.105.4.9.2.3 Sun Jan 1 13:46:49 2006
+++ Zend/zend_alloc.c Thu Aug 10 17:27:12 2006
@@ -64,7 +64,15 @@
#define CHECK_MEMORY_LIMIT(s, rs) _CHECK_MEMORY_LIMIT(s, rs, NULL, 0)
# endif
-#define _CHECK_MEMORY_LIMIT(s, rs, file, lineno) { AG(allocated_memory) += rs;\
+#define _CHECK_MEMORY_LIMIT(s, rs, file, lineno) { if ((ssize_t)(rs)
(ssize_t)(INT_MAX -
[PHP-CVS] cvs: php-src(PHP_4_4) / NEWS /ext/curl curl.c
iliaa Sun May 21 16:32:51 2006 UTC
Modified files: (Branch: PHP_4_4)
/php-src/ext/curl curl.c
/php-srcNEWS
Log:
MFH: Added control character checks for cURL extension's
open_basedir/safe_mode checks.
http://cvs.php.net/viewcvs.cgi/php-src/ext/curl/curl.c?r1=1.124.2.30.2.9r2=1.124.2.30.2.10diff_format=u
Index: php-src/ext/curl/curl.c
diff -u php-src/ext/curl/curl.c:1.124.2.30.2.9
php-src/ext/curl/curl.c:1.124.2.30.2.10
--- php-src/ext/curl/curl.c:1.124.2.30.2.9 Tue Jan 31 10:57:52 2006
+++ php-src/ext/curl/curl.c Sun May 21 16:32:51 2006
@@ -16,7 +16,7 @@
+--+
*/
-/* $Id: curl.c,v 1.124.2.30.2.9 2006/01/31 10:57:52 tony2001 Exp $ */
+/* $Id: curl.c,v 1.124.2.30.2.10 2006/05/21 16:32:51 iliaa Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -162,11 +162,16 @@
strncasecmp(str, file:, sizeof(file:) - 1) == 0)
\
{
\
php_url *tmp_url;
\
-
\
+
\
if (!(tmp_url = php_url_parse_ex(str, len))) {
\
php_error_docref(NULL TSRMLS_CC, E_WARNING, Invalid
url '%s', str); \
RETURN_FALSE;
\
}
\
+
\
+ if (php_memnstr(str, tmp_url-path, strlen(tmp_url-path), str
+ len)) {\
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, Url '%s'
contains unencoded control characters., str);\
+ RETURN_FALSE;
\
+ }
\
\
if (tmp_url-query || tmp_url-fragment ||
php_check_open_basedir(tmp_url-path TSRMLS_CC) ||
\
(PG(safe_mode) !php_checkuid(tmp_url-path, rb+,
CHECKUID_CHECK_MODE_PARAM)) \
http://cvs.php.net/viewcvs.cgi/php-src/NEWS?r1=1.1247.2.920.2.130r2=1.1247.2.920.2.131diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.1247.2.920.2.130 php-src/NEWS:1.1247.2.920.2.131
--- php-src/NEWS:1.1247.2.920.2.130 Sun May 21 16:10:28 2006
+++ php-src/NEWSSun May 21 16:32:51 2006
@@ -1,6 +1,8 @@
PHP 4 NEWS
|||
?? ??? 2006, Version 4.4.3
+- Added control character checks for cURL extension's open_basedir/safe_mode
+ checks. (Ilia)
- Fixed a possible buffer overflow inside create_named_pipe() for Win32 systems
in libmysql.c. (Ilia)
- Updated PCRE to version 6.6. (Andrei)
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_4) / NEWS /ext/curl curl.c
tony2001Tue Jan 31 10:57:52 2006 UTC
Modified files: (Branch: PHP_4_4)
/php-srcNEWS
/php-src/ext/curl curl.c
Log:
fix #36223 (curl bypasses open_basedir restrictions)
http://cvs.php.net/viewcvs.cgi/php-src/NEWS?r1=1.1247.2.920.2.113r2=1.1247.2.920.2.114diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.1247.2.920.2.113 php-src/NEWS:1.1247.2.920.2.114
--- php-src/NEWS:1.1247.2.920.2.113 Thu Jan 26 15:47:31 2006
+++ php-src/NEWSTue Jan 31 10:57:52 2006
@@ -2,6 +2,7 @@
|||
?? ??? 2006, Version 4.4.3
- Added a check for special characters in the session name. (Ilia)
+- Fixed bug #36223 (curl bypasses open_basedir restrictions). (Tony)
- Fixed bug #36148 (unpack(H*hex, $data) is adding an extra character to the
end of the string). (Ilia)
- Fixed bug #36017 (fopen() crashes PHP when opening a URL). (Tony)
http://cvs.php.net/viewcvs.cgi/php-src/ext/curl/curl.c?r1=1.124.2.30.2.8r2=1.124.2.30.2.9diff_format=u
Index: php-src/ext/curl/curl.c
diff -u php-src/ext/curl/curl.c:1.124.2.30.2.8
php-src/ext/curl/curl.c:1.124.2.30.2.9
--- php-src/ext/curl/curl.c:1.124.2.30.2.8 Thu Jan 26 13:23:50 2006
+++ php-src/ext/curl/curl.c Tue Jan 31 10:57:52 2006
@@ -16,7 +16,7 @@
+--+
*/
-/* $Id: curl.c,v 1.124.2.30.2.8 2006/01/26 13:23:50 mike Exp $ */
+/* $Id: curl.c,v 1.124.2.30.2.9 2006/01/31 10:57:52 tony2001 Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -159,7 +159,7 @@
#define PHP_CURL_CHECK_OPEN_BASEDIR(str, len)
\
if (((PG(open_basedir) *PG(open_basedir)) || PG(safe_mode))
\
- strncasecmp(str, file://, sizeof(file://) - 1) == 0)
\
+ strncasecmp(str, file:, sizeof(file:) - 1) == 0)
\
{
\
php_url *tmp_url;
\
\
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_4) / NEWS /ext/curl curl.c
iliaa Mon Oct 31 18:47:27 2005 EDT
Modified files: (Branch: PHP_4_4)
/php-src/ext/curl curl.c
/php-srcNEWS
Log:
MFH: Additional open_basedir/safe_mode checks.
http://cvs.php.net/diff.php/php-src/ext/curl/curl.c?r1=1.124.2.30.2.3r2=1.124.2.30.2.4ty=u
Index: php-src/ext/curl/curl.c
diff -u php-src/ext/curl/curl.c:1.124.2.30.2.3
php-src/ext/curl/curl.c:1.124.2.30.2.4
--- php-src/ext/curl/curl.c:1.124.2.30.2.3 Sun Oct 16 22:42:51 2005
+++ php-src/ext/curl/curl.c Mon Oct 31 18:47:21 2005
@@ -16,7 +16,7 @@
+--+
*/
-/* $Id: curl.c,v 1.124.2.30.2.3 2005/10/17 02:42:51 iliaa Exp $ */
+/* $Id: curl.c,v 1.124.2.30.2.4 2005/10/31 23:47:21 iliaa Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -76,7 +76,7 @@
RETURN_FALSE;
\
}
\
\
- if (tmp_url-query || php_check_open_basedir(tmp_url-path
TSRMLS_CC) ||
\
+ if (tmp_url-query || tmp_url-fragment ||
php_check_open_basedir(tmp_url-path TSRMLS_CC) ||
\
(PG(safe_mode) !php_checkuid(tmp_url-path, rb+,
CHECKUID_CHECK_MODE_PARAM)) \
) {
\
php_url_free(tmp_url);
\
http://cvs.php.net/diff.php/php-src/NEWS?r1=1.1247.2.920.2.63r2=1.1247.2.920.2.64ty=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.1247.2.920.2.63 php-src/NEWS:1.1247.2.920.2.64
--- php-src/NEWS:1.1247.2.920.2.63 Sun Oct 30 05:55:20 2005
+++ php-src/NEWSMon Oct 31 18:47:24 2005
@@ -1,6 +1,7 @@
PHP 4 NEWS
|||
?? ??? 2006, Version 4.4.2
+- Missing safe_mode/open_basedir check in cURL extension. (Ilia)
- Fixed bug #34996 (ImageTrueColorToPalette() crashes when ncolors is
zero). (Tony)
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_4) / NEWS /ext/curl curl.c /ext/gd gd.c gd_ctx.c
iliaa Thu Oct 6 16:44:58 2005 EDT
Modified files: (Branch: PHP_4_4)
/php-src/ext/gd gd_ctx.c gd.c
/php-src/ext/curl curl.c
/php-srcNEWS
Log:
MFH: Added missing safe_mode checks.
http://cvs.php.net/diff.php/php-src/ext/gd/gd_ctx.c?r1=1.15.2.2r2=1.15.2.2.4.1ty=u
Index: php-src/ext/gd/gd_ctx.c
diff -u php-src/ext/gd/gd_ctx.c:1.15.2.2 php-src/ext/gd/gd_ctx.c:1.15.2.2.4.1
--- php-src/ext/gd/gd_ctx.c:1.15.2.2Wed Jan 28 11:27:42 2004
+++ php-src/ext/gd/gd_ctx.c Thu Oct 6 16:44:52 2005
@@ -73,7 +73,7 @@
}
if ((argc == 2) || (argc 2 Z_STRLEN_PP(file))) {
- if (!fn || fn == empty_string || php_check_open_basedir(fn
TSRMLS_CC)) {
+ if (!fn || fn == empty_string || php_check_open_basedir(fn
TSRMLS_CC) || (PG(safe_mode) !php_checkuid(fn, rb+,
CHECKUID_CHECK_FILE_AND_DIR))) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, Invalid
filename '%s', fn);
RETURN_FALSE;
}
http://cvs.php.net/diff.php/php-src/ext/gd/gd.c?r1=1.221.2.56r2=1.221.2.56.2.1ty=u
Index: php-src/ext/gd/gd.c
diff -u php-src/ext/gd/gd.c:1.221.2.56 php-src/ext/gd/gd.c:1.221.2.56.2.1
--- php-src/ext/gd/gd.c:1.221.2.56 Fri May 6 12:51:54 2005
+++ php-src/ext/gd/gd.c Thu Oct 6 16:44:52 2005
@@ -18,7 +18,7 @@
+--+
*/
-/* $Id: gd.c,v 1.221.2.56 2005/05/06 16:51:54 tony2001 Exp $ */
+/* $Id: gd.c,v 1.221.2.56.2.1 2005/10/06 20:44:52 iliaa Exp $ */
/* gd 1.2 is copyright 1994, 1995, Quest Protein Database Center,
Cold Spring Harbor Labs. */
@@ -1644,7 +1644,7 @@
}
if ((argc == 2) || (argc 2 Z_STRLEN_PP(file))) {
- if (!fn || fn == empty_string || php_check_open_basedir(fn
TSRMLS_CC)) {
+ if (!fn || fn == empty_string || php_check_open_basedir(fn
TSRMLS_CC) || (PG(safe_mode) !php_checkuid(fn, rb+,
CHECKUID_CHECK_FILE_AND_DIR))) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, Invalid
filename '%s', fn);
RETURN_FALSE;
}
http://cvs.php.net/diff.php/php-src/ext/curl/curl.c?r1=1.124.2.30.2.1r2=1.124.2.30.2.2ty=u
Index: php-src/ext/curl/curl.c
diff -u php-src/ext/curl/curl.c:1.124.2.30.2.1
php-src/ext/curl/curl.c:1.124.2.30.2.2
--- php-src/ext/curl/curl.c:1.124.2.30.2.1 Wed Oct 5 10:34:36 2005
+++ php-src/ext/curl/curl.c Thu Oct 6 16:44:55 2005
@@ -16,7 +16,7 @@
+--+
*/
-/* $Id: curl.c,v 1.124.2.30.2.1 2005/10/05 14:34:36 iliaa Exp $ */
+/* $Id: curl.c,v 1.124.2.30.2.2 2005/10/06 20:44:55 iliaa Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -66,7 +66,7 @@
#define CAAZ(s, v) add_assoc_zval_ex(return_value, s, sizeof(s), (zval *) v);
#define PHP_CURL_CHECK_OPEN_BASEDIR(str, len)
\
- if (PG(open_basedir) *PG(open_basedir)
\
+ if (((PG(open_basedir) *PG(open_basedir)) || PG(safe_mode))
\
strncasecmp(str, file://, sizeof(file://) - 1) == 0)
\
{
\
php_url *tmp_url;
\
http://cvs.php.net/diff.php/php-src/NEWS?r1=1.1247.2.920.2.48r2=1.1247.2.920.2.49ty=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.1247.2.920.2.48 php-src/NEWS:1.1247.2.920.2.49
--- php-src/NEWS:1.1247.2.920.2.48 Thu Oct 6 16:39:24 2005
+++ php-src/NEWSThu Oct 6 16:44:56 2005
@@ -1,6 +1,7 @@
PHP 4 NEWS
|||
?? ??? 2005, Version 4.4.1
+- Added missing safe_mode checks for image* functions and cURL. (Ilia)
- Added missing safe_mode/open_basedir checks for file uploads. (Ilia)
- Fixed possible INI setting leak via virtual() in Apache 2 sapi. (Ilia)
- Fixed possible crash and/or memory corruption in import_request_variables().
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_4) / NEWS /ext/curl curl.c
iliaa Wed Oct 5 10:34:41 2005 EDT
Modified files: (Branch: PHP_4_4)
/php-src/ext/curl curl.c
/php-srcNEWS
Log:
MFH: Missing safe_mode/open_basedir checks for file uploads.
http://cvs.php.net/diff.php/php-src/ext/curl/curl.c?r1=1.124.2.30r2=1.124.2.30.2.1ty=u
Index: php-src/ext/curl/curl.c
diff -u php-src/ext/curl/curl.c:1.124.2.30
php-src/ext/curl/curl.c:1.124.2.30.2.1
--- php-src/ext/curl/curl.c:1.124.2.30 Thu Jun 2 17:05:06 2005
+++ php-src/ext/curl/curl.c Wed Oct 5 10:34:36 2005
@@ -16,7 +16,7 @@
+--+
*/
-/* $Id: curl.c,v 1.124.2.30 2005/06/02 21:05:06 tony2001 Exp $ */
+/* $Id: curl.c,v 1.124.2.30.2.1 2005/10/05 14:34:36 iliaa Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -992,10 +992,15 @@
postval = Z_STRVAL_PP(current);
if (*postval == '@') {
+ ++postval;
+ /* safe_mode / open_basedir
check */
+ if
(php_check_open_basedir(postval TSRMLS_CC) || (PG(safe_mode)
!php_checkuid(postval, rb+, CHECKUID_CHECK_MODE_PARAM))) {
+ RETURN_FALSE;
+ }
error = curl_formadd(first,
last,
CURLFORM_COPYNAME, string_key,
CURLFORM_NAMELENGTH, (long)string_key_len - 1,
-
CURLFORM_FILE, ++postval,
+
CURLFORM_FILE, postval,
CURLFORM_END);
}
else {
http://cvs.php.net/diff.php/php-src/NEWS?r1=1.1247.2.920.2.46r2=1.1247.2.920.2.47ty=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.1247.2.920.2.46 php-src/NEWS:1.1247.2.920.2.47
--- php-src/NEWS:1.1247.2.920.2.46 Tue Oct 4 20:50:13 2005
+++ php-src/NEWSWed Oct 5 10:34:38 2005
@@ -1,6 +1,7 @@
PHP 4 NEWS
|||
?? ??? 2005, Version 4.4.1
+- Added missing safe_mode/open_basedir checks for file uploads. (Ilia)
- Fixed possible INI setting leak via virtual() in Apache 2 sapi. (Ilia)
- Fixed possible crash and/or memory corruption in import_request_variables().
(Ilia)
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
