[PHP-CVS] cvs: php-src(PHP_4_4) / NEWS /ext/curl curl.c
tony2001Thu Mar 15 23:19:22 2007 UTC Modified files: (Branch: PHP_4_4) /php-srcNEWS /php-src/ext/curl curl.c Log: fix #40831 (cURL extension doesn't clean up the buffer of reused handle) http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.1247.2.920.2.209r2=1.1247.2.920.2.210diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.1247.2.920.2.209 php-src/NEWS:1.1247.2.920.2.210 --- php-src/NEWS:1.1247.2.920.2.209 Wed Mar 14 19:42:59 2007 +++ php-src/NEWSThu Mar 15 23:19:21 2007 @@ -8,6 +8,8 @@ - Fixed CVE-2007-1001, GD wbmp used with invalid image size (Pierre) - Fixed CVE-2007-0455, Buffer overflow in gdImageStringFTEx (used by imagettf function) (Kees Cook, Pierre) +- Fixed bug #40831 (cURL extension doesn't clean up the buffer of reused + handle). (Tony) - Fixed bug #40747 (possible crash in session when save_path is out of open_basedir). (Tony) - Fixed MOPB-8, XSS in phpinfo() (Joe Orton, Stas) http://cvs.php.net/viewvc.cgi/php-src/ext/curl/curl.c?r1=1.124.2.30.2.18r2=1.124.2.30.2.19diff_format=u Index: php-src/ext/curl/curl.c diff -u php-src/ext/curl/curl.c:1.124.2.30.2.18 php-src/ext/curl/curl.c:1.124.2.30.2.19 --- php-src/ext/curl/curl.c:1.124.2.30.2.18 Mon Feb 26 09:14:41 2007 +++ php-src/ext/curl/curl.c Thu Mar 15 23:19:21 2007 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: curl.c,v 1.124.2.30.2.18 2007/02/26 09:14:41 tony2001 Exp $ */ +/* $Id: curl.c,v 1.124.2.30.2.19 2007/03/15 23:19:21 tony2001 Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -1262,10 +1262,6 @@ static void cleanup_handle(php_curl *ch) { - if (ch-uses 1) { - return; - } - if (ch-handlers-write-buf.len 0) { smart_str_free(ch-handlers-write-buf); ch-handlers-write-buf.len = 0; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_4) / NEWS /ext/curl curl.c
tony2001Mon Feb 26 09:14:41 2007 UTC Modified files: (Branch: PHP_4_4) /php-srcNEWS /php-src/ext/curl curl.c Log: fix #40635 (segfault in cURL extension) http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.1247.2.920.2.199r2=1.1247.2.920.2.200diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.1247.2.920.2.199 php-src/NEWS:1.1247.2.920.2.200 --- php-src/NEWS:1.1247.2.920.2.199 Fri Feb 23 20:53:23 2007 +++ php-src/NEWSMon Feb 26 09:14:40 2007 @@ -2,6 +2,7 @@ ||| ?? Feb 2007, Version 4.4.6 +- Fixed bug #40635 (segfault in cURL extension). (Tony) - Fixed bug #40611 (possible cURL memory error). (Tony) 22 Feb 2007, Version 4.4.6RC1 http://cvs.php.net/viewvc.cgi/php-src/ext/curl/curl.c?r1=1.124.2.30.2.17r2=1.124.2.30.2.18diff_format=u Index: php-src/ext/curl/curl.c diff -u php-src/ext/curl/curl.c:1.124.2.30.2.17 php-src/ext/curl/curl.c:1.124.2.30.2.18 --- php-src/ext/curl/curl.c:1.124.2.30.2.17 Fri Feb 23 20:53:24 2007 +++ php-src/ext/curl/curl.c Mon Feb 26 09:14:41 2007 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: curl.c,v 1.124.2.30.2.17 2007/02/23 20:53:24 tony2001 Exp $ */ +/* $Id: curl.c,v 1.124.2.30.2.18 2007/02/26 09:14:41 tony2001 Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -1266,8 +1266,9 @@ return; } - if (ch-handlers-write-buf.len) { - memset(ch-handlers-write-buf, 0, sizeof(smart_str)); + if (ch-handlers-write-buf.len 0) { + smart_str_free(ch-handlers-write-buf); + ch-handlers-write-buf.len = 0; } memset(ch-err.str, 0, CURL_ERROR_SIZE + 1); @@ -1297,6 +1298,7 @@ if (error != CURLE_OK error != CURLE_PARTIAL_FILE) { if (ch-handlers-write-buf.len 0) { smart_str_free(ch-handlers-write-buf); + ch-handlers-write-buf.len = 0; } RETURN_FALSE; @@ -1306,9 +1308,10 @@ if (ch-handlers-write-method == PHP_CURL_RETURN ch-handlers-write-buf.len 0) { --ch-uses; - if (ch-handlers-write-type != PHP_CURL_BINARY) + if (ch-handlers-write-type != PHP_CURL_BINARY) { smart_str_0(ch-handlers-write-buf); - RETURN_STRINGL(ch-handlers-write-buf.c, ch-handlers-write-buf.len, 0); + } + RETURN_STRINGL(ch-handlers-write-buf.c, ch-handlers-write-buf.len, 1); } --ch-uses; if (ch-handlers-write-method == PHP_CURL_RETURN) { @@ -1533,6 +1536,10 @@ zend_llist_clean(ch-to_free.slist); zend_llist_clean(ch-to_free.post); + if (ch-handlers-write-buf.len 0) { + smart_str_free(ch-handlers-write-buf); + ch-handlers-write-buf.len = 0; + } if (ch-handlers-write-func) { FREE_ZVAL(ch-handlers-write-func); ch-handlers-read-func = NULL; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_4) / NEWS /ext/curl curl.c
tony2001Fri Feb 23 20:53:24 2007 UTC Modified files: (Branch: PHP_4_4) /php-srcNEWS /php-src/ext/curl curl.c Log: fix #40611 (possible cURL memory error) http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.1247.2.920.2.198r2=1.1247.2.920.2.199diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.1247.2.920.2.198 php-src/NEWS:1.1247.2.920.2.199 --- php-src/NEWS:1.1247.2.920.2.198 Thu Feb 22 14:47:29 2007 +++ php-src/NEWSFri Feb 23 20:53:23 2007 @@ -2,6 +2,8 @@ ||| ?? Feb 2007, Version 4.4.6 +- Fixed bug #40611 (possible cURL memory error). (Tony) + 22 Feb 2007, Version 4.4.6RC1 - Updated PCRE to version 7.0. (Nuno) http://cvs.php.net/viewvc.cgi/php-src/ext/curl/curl.c?r1=1.124.2.30.2.16r2=1.124.2.30.2.17diff_format=u Index: php-src/ext/curl/curl.c diff -u php-src/ext/curl/curl.c:1.124.2.30.2.16 php-src/ext/curl/curl.c:1.124.2.30.2.17 --- php-src/ext/curl/curl.c:1.124.2.30.2.16 Fri Jan 12 16:38:40 2007 +++ php-src/ext/curl/curl.c Fri Feb 23 20:53:24 2007 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: curl.c,v 1.124.2.30.2.16 2007/01/12 16:38:40 iliaa Exp $ */ +/* $Id: curl.c,v 1.124.2.30.2.17 2007/02/23 20:53:24 tony2001 Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -559,7 +559,9 @@ case PHP_CURL_FILE: return fwrite(data, size, nmemb, t-fp); case PHP_CURL_RETURN: - smart_str_appendl(t-buf, data, (int) length); + if (length 0) { + smart_str_appendl(t-buf, data, (int) length); + } break; case PHP_CURL_USER: { zval *argv[2]; @@ -674,10 +676,11 @@ case PHP_CURL_STDOUT: /* Handle special case write when we're returning the entire transfer */ - if (ch-handlers-write-method == PHP_CURL_RETURN) + if (ch-handlers-write-method == PHP_CURL_RETURN length 0) { smart_str_appendl(ch-handlers-write-buf, data, (int) length); - else + } else { PHPWRITE(data, length); + } break; case PHP_CURL_FILE: return fwrite(data, size, nmemb, t-fp); @@ -1309,7 +1312,7 @@ } --ch-uses; if (ch-handlers-write-method == PHP_CURL_RETURN) { - RETURN_STRINGL(, sizeof() - 1, 0); + RETURN_EMPTY_STRING(); } RETURN_TRUE; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_4) / NEWS /ext/curl curl.c
iliaa Fri Jan 12 16:38:40 2007 UTC Modified files: (Branch: PHP_4_4) /php-srcNEWS /php-src/ext/curl curl.c Log: Fixed bug #36248 (CURLOPT_HEADERFUNCTION, couldn't set the function in the class). http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.1247.2.920.2.183r2=1.1247.2.920.2.184diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.1247.2.920.2.183 php-src/NEWS:1.1247.2.920.2.184 --- php-src/NEWS:1.1247.2.920.2.183 Tue Jan 9 17:06:42 2007 +++ php-src/NEWSFri Jan 12 16:38:39 2007 @@ -3,6 +3,8 @@ ?? Jan 2007, Version 4.4.5 - Fixed bug #39819 (Using $this not in object context can cause segfaults). (Dmitry) +- Fixed bug #36248 (CURLOPT_HEADERFUNCTION, couldn't set the function in the + class). (Ilia) 04 Jan 2007, Version 4.4.5RC1 - Added a meta tag to phpinfo() output to prevent search engines from http://cvs.php.net/viewvc.cgi/php-src/ext/curl/curl.c?r1=1.124.2.30.2.15r2=1.124.2.30.2.16diff_format=u Index: php-src/ext/curl/curl.c diff -u php-src/ext/curl/curl.c:1.124.2.30.2.15 php-src/ext/curl/curl.c:1.124.2.30.2.16 --- php-src/ext/curl/curl.c:1.124.2.30.2.15 Mon Jan 1 09:46:40 2007 +++ php-src/ext/curl/curl.c Fri Jan 12 16:38:40 2007 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: curl.c,v 1.124.2.30.2.15 2007/01/01 09:46:40 sebastian Exp $ */ +/* $Id: curl.c,v 1.124.2.30.2.16 2007/01/12 16:38:40 iliaa Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -702,19 +702,17 @@ retval, 2, argv TSRMLS_CC); ch-in_callback = 0; if (error == FAILURE) { - php_error(E_WARNING, %s(): Couldn't call the CURLOPT_HEADERFUNCTION, - get_active_function_name(TSRMLS_C)); + php_error_docref(NULL TSRMLS_CC, E_WARNING, Could not call the CURLOPT_HEADERFUNCTION); length = -1; - } - else { + } else { if (Z_TYPE_P(retval) != IS_LONG) { convert_to_long_ex(retval); } length = Z_LVAL_P(retval); + zval_ptr_dtor(retval); } zval_ptr_dtor(argv[0]); zval_ptr_dtor(argv[1]); - zval_ptr_dtor(retval); break; } @@ -1075,6 +1073,7 @@ case CURLOPT_WRITEFUNCTION: if (ch-handlers-write-func) { zval_ptr_dtor(ch-handlers-write-func); + ch-handlers-write-func = NULL; } zval_add_ref(zvalue); ch-handlers-write-func = *zvalue; @@ -1083,6 +1082,7 @@ case CURLOPT_READFUNCTION: if (ch-handlers-read-func) { zval_ptr_dtor(ch-handlers-read-func); + ch-handlers-read-func = NULL; } zval_add_ref(zvalue); ch-handlers-read-func = *zvalue; @@ -1091,6 +1091,7 @@ case CURLOPT_HEADERFUNCTION: if (ch-handlers-write_header-func) { zval_ptr_dtor(ch-handlers-write_header-func); + ch-handlers-write_header-func = NULL; } zval_add_ref(zvalue); ch-handlers-write_header-func = *zvalue; @@ -1100,6 +1101,7 @@ case CURLOPT_PASSWDFUNCTION: if (ch-handlers-passwd) { zval_ptr_dtor(ch-handlers-passwd); + ch-handlers-passwd = NULL; } zval_add_ref(zvalue); ch-handlers-passwd = *zvalue; @@ -1300,10 +1302,13 @@ ch-uses++; if (ch-handlers-write-method == PHP_CURL_RETURN ch-handlers-write-buf.len 0) { + --ch-uses; if (ch-handlers-write-type != PHP_CURL_BINARY) smart_str_0(ch-handlers-write-buf); RETURN_STRINGL(ch-handlers-write-buf.c, ch-handlers-write-buf.len, 0); - } else if (ch-handlers-write-method == PHP_CURL_RETURN) { + } + --ch-uses; + if (ch-handlers-write-method == PHP_CURL_RETURN) { RETURN_STRINGL(, sizeof() - 1, 0); } @@ -1506,7 +1511,11 @@ php_error_docref(NULL TSRMLS_CC, E_WARNING, Attempt to close CURL handle from a callback); return;
[PHP-CVS] cvs: php-src(PHP_4_4) / NEWS /ext/curl curl.c
iliaa Fri Nov 3 14:55:59 2006 UTC Modified files: (Branch: PHP_4_4) /php-src/ext/curl curl.c /php-srcNEWS Log: MFH: Fixed bug #39354 (Allow building of curl extension against libcurl 7.16.0) http://cvs.php.net/viewvc.cgi/php-src/ext/curl/curl.c?r1=1.124.2.30.2.13r2=1.124.2.30.2.14diff_format=u Index: php-src/ext/curl/curl.c diff -u php-src/ext/curl/curl.c:1.124.2.30.2.13 php-src/ext/curl/curl.c:1.124.2.30.2.14 --- php-src/ext/curl/curl.c:1.124.2.30.2.13 Tue Oct 10 23:17:05 2006 +++ php-src/ext/curl/curl.c Fri Nov 3 14:55:59 2006 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: curl.c,v 1.124.2.30.2.13 2006/10/10 23:17:05 iliaa Exp $ */ +/* $Id: curl.c,v 1.124.2.30.2.14 2006/11/03 14:55:59 iliaa Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -258,7 +258,9 @@ REGISTER_CURL_CONSTANT(CURLOPT_FTPAPPEND); REGISTER_CURL_CONSTANT(CURLOPT_NETRC); REGISTER_CURL_CONSTANT(CURLOPT_FOLLOWLOCATION); +#if CURLOPT_FTPASCII != 0 REGISTER_CURL_CONSTANT(CURLOPT_FTPASCII); +#endif REGISTER_CURL_CONSTANT(CURLOPT_PUT); #if CURLOPT_MUTE != 0 REGISTER_CURL_CONSTANT(CURLOPT_MUTE); @@ -296,7 +298,9 @@ REGISTER_CURL_CONSTANT(CURLOPT_FILETIME); REGISTER_CURL_CONSTANT(CURLOPT_WRITEFUNCTION); REGISTER_CURL_CONSTANT(CURLOPT_READFUNCTION); +#if CURLOPT_PASSWDFUNCTION != 0 REGISTER_CURL_CONSTANT(CURLOPT_PASSWDFUNCTION); +#endif REGISTER_CURL_CONSTANT(CURLOPT_HEADERFUNCTION); REGISTER_CURL_CONSTANT(CURLOPT_MAXREDIRS); REGISTER_CURL_CONSTANT(CURLOPT_MAXCONNECTS); http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.1247.2.920.2.170r2=1.1247.2.920.2.171diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.1247.2.920.2.170 php-src/NEWS:1.1247.2.920.2.171 --- php-src/NEWS:1.1247.2.920.2.170 Thu Oct 19 11:27:36 2006 +++ php-src/NEWSFri Nov 3 14:55:59 2006 @@ -3,6 +3,8 @@ ?? ??? 2006, Version 4.4.5 - Updated PCRE to version 6.7. (Ilia) - Fixed missing open_basedir check inside chdir() function. (Ilia) +- Fixed bug #39354 (Allow building of curl extension against libcurl + 7.16.0). (Ilia) - Fixed bug #39129 (avoid creation of a dummy constructor. (Ilia) - Fixed bug #39034 (curl_exec() with return transfer returns TRUE on empty files). (Ilia) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_4) / NEWS /ext/curl curl.c
iliaa Tue Oct 10 23:17:05 2006 UTC Modified files: (Branch: PHP_4_4) /php-srcNEWS /php-src/ext/curl curl.c Log: MFH: Fixed bug #39034 (curl_exec() with return transfer returns TRUE on empty files). http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.1247.2.920.2.166r2=1.1247.2.920.2.167diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.1247.2.920.2.166 php-src/NEWS:1.1247.2.920.2.167 --- php-src/NEWS:1.1247.2.920.2.166 Wed Oct 4 23:20:02 2006 +++ php-src/NEWSTue Oct 10 23:17:04 2006 @@ -3,6 +3,8 @@ ?? ??? 2006, Version 4.4.5 - Updated PCRE to version 6.7. (Ilia) - Fixed missing open_basedir check inside chdir() function. (Ilia) +- Fixed bug #39034 (curl_exec() with return transfer returns TRUE on empty + files). (Ilia) - Fixed bug #38963 (Fixed a possible open_basedir bypass in tempnam()). (Ilia) - Fixed bug #38859 (parse_url() fails if passing '@' in passwd). (Tony,Ilia) - Fixed bug #38534 (segfault when calling setlocale() in userspace session http://cvs.php.net/viewvc.cgi/php-src/ext/curl/curl.c?r1=1.124.2.30.2.12r2=1.124.2.30.2.13diff_format=u Index: php-src/ext/curl/curl.c diff -u php-src/ext/curl/curl.c:1.124.2.30.2.12 php-src/ext/curl/curl.c:1.124.2.30.2.13 --- php-src/ext/curl/curl.c:1.124.2.30.2.12 Thu Aug 10 17:27:11 2006 +++ php-src/ext/curl/curl.c Tue Oct 10 23:17:05 2006 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: curl.c,v 1.124.2.30.2.12 2006/08/10 17:27:11 iliaa Exp $ */ +/* $Id: curl.c,v 1.124.2.30.2.13 2006/10/10 23:17:05 iliaa Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -1299,6 +1299,8 @@ if (ch-handlers-write-type != PHP_CURL_BINARY) smart_str_0(ch-handlers-write-buf); RETURN_STRINGL(ch-handlers-write-buf.c, ch-handlers-write-buf.len, 0); + } else if (ch-handlers-write-method == PHP_CURL_RETURN) { + RETURN_STRINGL(, sizeof() - 1, 0); } RETURN_TRUE; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_4) / NEWS /ext/curl curl.c curlstreams.c /ext/standard string.c Zend zend_alloc.c
iliaa Thu Aug 10 17:27:12 2006 UTC Modified files: (Branch: PHP_4_4) /php-srcNEWS /php-src/ext/curl curl.c curlstreams.c /Zend zend_alloc.c /php-src/ext/standard string.c Log: MFH: Various security fixes http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.1247.2.920.2.150r2=1.1247.2.920.2.151diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.1247.2.920.2.150 php-src/NEWS:1.1247.2.920.2.151 --- php-src/NEWS:1.1247.2.920.2.150 Tue Aug 8 14:57:04 2006 +++ php-src/NEWSThu Aug 10 17:27:11 2006 @@ -1,6 +1,10 @@ PHP 4 NEWS ||| ?? ??? 2006, Version 4.4.4 +- Fixed memory_limit on 64bit systems. (Stefan E.) +- Fixed overflow on 64bit systems in str_repeat() and wordwrap(). (Stefan E.) +- Disabled CURLOPT_FOLLOWLOCATION in curl when open_basedir or safe_mode are + enabled. (Stefan E.) - Fixed bug #38377 (session_destroy() gives warning after session_regenerate_id()). (Ilia) - Fixed bug #38322 (reading past array in sscanf() leads to arbitary code http://cvs.php.net/viewvc.cgi/php-src/ext/curl/curl.c?r1=1.124.2.30.2.11r2=1.124.2.30.2.12diff_format=u Index: php-src/ext/curl/curl.c diff -u php-src/ext/curl/curl.c:1.124.2.30.2.11 php-src/ext/curl/curl.c:1.124.2.30.2.12 --- php-src/ext/curl/curl.c:1.124.2.30.2.11 Sun May 21 18:48:50 2006 +++ php-src/ext/curl/curl.c Thu Aug 10 17:27:11 2006 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: curl.c,v 1.124.2.30.2.11 2006/05/21 18:48:50 helly Exp $ */ +/* $Id: curl.c,v 1.124.2.30.2.12 2006/08/10 17:27:11 iliaa Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -924,7 +924,6 @@ case CURLOPT_FTPLISTONLY: case CURLOPT_FTPAPPEND: case CURLOPT_NETRC: - case CURLOPT_FOLLOWLOCATION: case CURLOPT_PUT: #if CURLOPT_MUTE != 0 case CURLOPT_MUTE: @@ -961,6 +960,16 @@ convert_to_long_ex(zvalue); error = curl_easy_setopt(ch-cp, option, Z_LVAL_PP(zvalue)); break; + case CURLOPT_FOLLOWLOCATION: + convert_to_long_ex(zvalue); + if ((PG(open_basedir) *PG(open_basedir)) || PG(safe_mode)) { + if (Z_LVAL_PP(zvalue) != 0) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, CURLOPT_FOLLOWLOCATION cannot be activated when in safe_mode or an open_basedir is set); + RETURN_FALSE; + } + } + error = curl_easy_setopt(ch-cp, option, Z_LVAL_PP(zvalue)); + break; case CURLOPT_URL: case CURLOPT_PROXY: case CURLOPT_USERPWD: http://cvs.php.net/viewvc.cgi/php-src/ext/curl/curlstreams.c?r1=1.2.2.3.2.1r2=1.2.2.3.2.2diff_format=u Index: php-src/ext/curl/curlstreams.c diff -u php-src/ext/curl/curlstreams.c:1.2.2.3.2.1 php-src/ext/curl/curlstreams.c:1.2.2.3.2.2 --- php-src/ext/curl/curlstreams.c:1.2.2.3.2.1 Sun Jan 1 13:46:50 2006 +++ php-src/ext/curl/curlstreams.c Thu Aug 10 17:27:11 2006 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: curlstreams.c,v 1.2.2.3.2.1 2006/01/01 13:46:50 sniper Exp $ */ +/* $Id: curlstreams.c,v 1.2.2.3.2.2 2006/08/10 17:27:11 iliaa Exp $ */ /* This file implements cURL based wrappers. * NOTE: If you are implementing your own streams that are intended to @@ -297,7 +297,11 @@ curl_easy_setopt(curlstream-curl, CURLOPT_WRITEHEADER, stream); /* currently buggy (bug is in curl) */ - curl_easy_setopt(curlstream-curl, CURLOPT_FOLLOWLOCATION, 1); + if ((PG(open_basedir) *PG(open_basedir)) || PG(safe_mode)) { + curl_easy_setopt(curlstream-curl, CURLOPT_FOLLOWLOCATION, 0); + } else { + curl_easy_setopt(curlstream-curl, CURLOPT_FOLLOWLOCATION, 1); + } curl_easy_setopt(curlstream-curl, CURLOPT_ERRORBUFFER, curlstream-errstr); curl_easy_setopt(curlstream-curl, CURLOPT_VERBOSE, 0); http://cvs.php.net/viewvc.cgi/Zend/zend_alloc.c?r1=1.105.4.9.2.3r2=1.105.4.9.2.4diff_format=u Index: Zend/zend_alloc.c diff -u Zend/zend_alloc.c:1.105.4.9.2.3 Zend/zend_alloc.c:1.105.4.9.2.4 --- Zend/zend_alloc.c:1.105.4.9.2.3 Sun Jan 1 13:46:49 2006 +++ Zend/zend_alloc.c Thu Aug 10 17:27:12 2006 @@ -64,7 +64,15 @@ #define CHECK_MEMORY_LIMIT(s, rs) _CHECK_MEMORY_LIMIT(s, rs, NULL, 0) # endif -#define _CHECK_MEMORY_LIMIT(s, rs, file, lineno) { AG(allocated_memory) += rs;\ +#define _CHECK_MEMORY_LIMIT(s, rs, file, lineno) { if ((ssize_t)(rs) (ssize_t)(INT_MAX -
[PHP-CVS] cvs: php-src(PHP_4_4) / NEWS /ext/curl curl.c
iliaa Sun May 21 16:32:51 2006 UTC Modified files: (Branch: PHP_4_4) /php-src/ext/curl curl.c /php-srcNEWS Log: MFH: Added control character checks for cURL extension's open_basedir/safe_mode checks. http://cvs.php.net/viewcvs.cgi/php-src/ext/curl/curl.c?r1=1.124.2.30.2.9r2=1.124.2.30.2.10diff_format=u Index: php-src/ext/curl/curl.c diff -u php-src/ext/curl/curl.c:1.124.2.30.2.9 php-src/ext/curl/curl.c:1.124.2.30.2.10 --- php-src/ext/curl/curl.c:1.124.2.30.2.9 Tue Jan 31 10:57:52 2006 +++ php-src/ext/curl/curl.c Sun May 21 16:32:51 2006 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: curl.c,v 1.124.2.30.2.9 2006/01/31 10:57:52 tony2001 Exp $ */ +/* $Id: curl.c,v 1.124.2.30.2.10 2006/05/21 16:32:51 iliaa Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -162,11 +162,16 @@ strncasecmp(str, file:, sizeof(file:) - 1) == 0) \ { \ php_url *tmp_url; \ - \ + \ if (!(tmp_url = php_url_parse_ex(str, len))) { \ php_error_docref(NULL TSRMLS_CC, E_WARNING, Invalid url '%s', str); \ RETURN_FALSE; \ } \ + \ + if (php_memnstr(str, tmp_url-path, strlen(tmp_url-path), str + len)) {\ + php_error_docref(NULL TSRMLS_CC, E_WARNING, Url '%s' contains unencoded control characters., str);\ + RETURN_FALSE; \ + } \ \ if (tmp_url-query || tmp_url-fragment || php_check_open_basedir(tmp_url-path TSRMLS_CC) || \ (PG(safe_mode) !php_checkuid(tmp_url-path, rb+, CHECKUID_CHECK_MODE_PARAM)) \ http://cvs.php.net/viewcvs.cgi/php-src/NEWS?r1=1.1247.2.920.2.130r2=1.1247.2.920.2.131diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.1247.2.920.2.130 php-src/NEWS:1.1247.2.920.2.131 --- php-src/NEWS:1.1247.2.920.2.130 Sun May 21 16:10:28 2006 +++ php-src/NEWSSun May 21 16:32:51 2006 @@ -1,6 +1,8 @@ PHP 4 NEWS ||| ?? ??? 2006, Version 4.4.3 +- Added control character checks for cURL extension's open_basedir/safe_mode + checks. (Ilia) - Fixed a possible buffer overflow inside create_named_pipe() for Win32 systems in libmysql.c. (Ilia) - Updated PCRE to version 6.6. (Andrei) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_4) / NEWS /ext/curl curl.c
tony2001Tue Jan 31 10:57:52 2006 UTC Modified files: (Branch: PHP_4_4) /php-srcNEWS /php-src/ext/curl curl.c Log: fix #36223 (curl bypasses open_basedir restrictions) http://cvs.php.net/viewcvs.cgi/php-src/NEWS?r1=1.1247.2.920.2.113r2=1.1247.2.920.2.114diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.1247.2.920.2.113 php-src/NEWS:1.1247.2.920.2.114 --- php-src/NEWS:1.1247.2.920.2.113 Thu Jan 26 15:47:31 2006 +++ php-src/NEWSTue Jan 31 10:57:52 2006 @@ -2,6 +2,7 @@ ||| ?? ??? 2006, Version 4.4.3 - Added a check for special characters in the session name. (Ilia) +- Fixed bug #36223 (curl bypasses open_basedir restrictions). (Tony) - Fixed bug #36148 (unpack(H*hex, $data) is adding an extra character to the end of the string). (Ilia) - Fixed bug #36017 (fopen() crashes PHP when opening a URL). (Tony) http://cvs.php.net/viewcvs.cgi/php-src/ext/curl/curl.c?r1=1.124.2.30.2.8r2=1.124.2.30.2.9diff_format=u Index: php-src/ext/curl/curl.c diff -u php-src/ext/curl/curl.c:1.124.2.30.2.8 php-src/ext/curl/curl.c:1.124.2.30.2.9 --- php-src/ext/curl/curl.c:1.124.2.30.2.8 Thu Jan 26 13:23:50 2006 +++ php-src/ext/curl/curl.c Tue Jan 31 10:57:52 2006 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: curl.c,v 1.124.2.30.2.8 2006/01/26 13:23:50 mike Exp $ */ +/* $Id: curl.c,v 1.124.2.30.2.9 2006/01/31 10:57:52 tony2001 Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -159,7 +159,7 @@ #define PHP_CURL_CHECK_OPEN_BASEDIR(str, len) \ if (((PG(open_basedir) *PG(open_basedir)) || PG(safe_mode)) \ - strncasecmp(str, file://, sizeof(file://) - 1) == 0) \ + strncasecmp(str, file:, sizeof(file:) - 1) == 0) \ { \ php_url *tmp_url; \ \ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_4) / NEWS /ext/curl curl.c
iliaa Mon Oct 31 18:47:27 2005 EDT Modified files: (Branch: PHP_4_4) /php-src/ext/curl curl.c /php-srcNEWS Log: MFH: Additional open_basedir/safe_mode checks. http://cvs.php.net/diff.php/php-src/ext/curl/curl.c?r1=1.124.2.30.2.3r2=1.124.2.30.2.4ty=u Index: php-src/ext/curl/curl.c diff -u php-src/ext/curl/curl.c:1.124.2.30.2.3 php-src/ext/curl/curl.c:1.124.2.30.2.4 --- php-src/ext/curl/curl.c:1.124.2.30.2.3 Sun Oct 16 22:42:51 2005 +++ php-src/ext/curl/curl.c Mon Oct 31 18:47:21 2005 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: curl.c,v 1.124.2.30.2.3 2005/10/17 02:42:51 iliaa Exp $ */ +/* $Id: curl.c,v 1.124.2.30.2.4 2005/10/31 23:47:21 iliaa Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -76,7 +76,7 @@ RETURN_FALSE; \ } \ \ - if (tmp_url-query || php_check_open_basedir(tmp_url-path TSRMLS_CC) || \ + if (tmp_url-query || tmp_url-fragment || php_check_open_basedir(tmp_url-path TSRMLS_CC) || \ (PG(safe_mode) !php_checkuid(tmp_url-path, rb+, CHECKUID_CHECK_MODE_PARAM)) \ ) { \ php_url_free(tmp_url); \ http://cvs.php.net/diff.php/php-src/NEWS?r1=1.1247.2.920.2.63r2=1.1247.2.920.2.64ty=u Index: php-src/NEWS diff -u php-src/NEWS:1.1247.2.920.2.63 php-src/NEWS:1.1247.2.920.2.64 --- php-src/NEWS:1.1247.2.920.2.63 Sun Oct 30 05:55:20 2005 +++ php-src/NEWSMon Oct 31 18:47:24 2005 @@ -1,6 +1,7 @@ PHP 4 NEWS ||| ?? ??? 2006, Version 4.4.2 +- Missing safe_mode/open_basedir check in cURL extension. (Ilia) - Fixed bug #34996 (ImageTrueColorToPalette() crashes when ncolors is zero). (Tony) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_4) / NEWS /ext/curl curl.c /ext/gd gd.c gd_ctx.c
iliaa Thu Oct 6 16:44:58 2005 EDT Modified files: (Branch: PHP_4_4) /php-src/ext/gd gd_ctx.c gd.c /php-src/ext/curl curl.c /php-srcNEWS Log: MFH: Added missing safe_mode checks. http://cvs.php.net/diff.php/php-src/ext/gd/gd_ctx.c?r1=1.15.2.2r2=1.15.2.2.4.1ty=u Index: php-src/ext/gd/gd_ctx.c diff -u php-src/ext/gd/gd_ctx.c:1.15.2.2 php-src/ext/gd/gd_ctx.c:1.15.2.2.4.1 --- php-src/ext/gd/gd_ctx.c:1.15.2.2Wed Jan 28 11:27:42 2004 +++ php-src/ext/gd/gd_ctx.c Thu Oct 6 16:44:52 2005 @@ -73,7 +73,7 @@ } if ((argc == 2) || (argc 2 Z_STRLEN_PP(file))) { - if (!fn || fn == empty_string || php_check_open_basedir(fn TSRMLS_CC)) { + if (!fn || fn == empty_string || php_check_open_basedir(fn TSRMLS_CC) || (PG(safe_mode) !php_checkuid(fn, rb+, CHECKUID_CHECK_FILE_AND_DIR))) { php_error_docref(NULL TSRMLS_CC, E_WARNING, Invalid filename '%s', fn); RETURN_FALSE; } http://cvs.php.net/diff.php/php-src/ext/gd/gd.c?r1=1.221.2.56r2=1.221.2.56.2.1ty=u Index: php-src/ext/gd/gd.c diff -u php-src/ext/gd/gd.c:1.221.2.56 php-src/ext/gd/gd.c:1.221.2.56.2.1 --- php-src/ext/gd/gd.c:1.221.2.56 Fri May 6 12:51:54 2005 +++ php-src/ext/gd/gd.c Thu Oct 6 16:44:52 2005 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: gd.c,v 1.221.2.56 2005/05/06 16:51:54 tony2001 Exp $ */ +/* $Id: gd.c,v 1.221.2.56.2.1 2005/10/06 20:44:52 iliaa Exp $ */ /* gd 1.2 is copyright 1994, 1995, Quest Protein Database Center, Cold Spring Harbor Labs. */ @@ -1644,7 +1644,7 @@ } if ((argc == 2) || (argc 2 Z_STRLEN_PP(file))) { - if (!fn || fn == empty_string || php_check_open_basedir(fn TSRMLS_CC)) { + if (!fn || fn == empty_string || php_check_open_basedir(fn TSRMLS_CC) || (PG(safe_mode) !php_checkuid(fn, rb+, CHECKUID_CHECK_FILE_AND_DIR))) { php_error_docref(NULL TSRMLS_CC, E_WARNING, Invalid filename '%s', fn); RETURN_FALSE; } http://cvs.php.net/diff.php/php-src/ext/curl/curl.c?r1=1.124.2.30.2.1r2=1.124.2.30.2.2ty=u Index: php-src/ext/curl/curl.c diff -u php-src/ext/curl/curl.c:1.124.2.30.2.1 php-src/ext/curl/curl.c:1.124.2.30.2.2 --- php-src/ext/curl/curl.c:1.124.2.30.2.1 Wed Oct 5 10:34:36 2005 +++ php-src/ext/curl/curl.c Thu Oct 6 16:44:55 2005 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: curl.c,v 1.124.2.30.2.1 2005/10/05 14:34:36 iliaa Exp $ */ +/* $Id: curl.c,v 1.124.2.30.2.2 2005/10/06 20:44:55 iliaa Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -66,7 +66,7 @@ #define CAAZ(s, v) add_assoc_zval_ex(return_value, s, sizeof(s), (zval *) v); #define PHP_CURL_CHECK_OPEN_BASEDIR(str, len) \ - if (PG(open_basedir) *PG(open_basedir) \ + if (((PG(open_basedir) *PG(open_basedir)) || PG(safe_mode)) \ strncasecmp(str, file://, sizeof(file://) - 1) == 0) \ { \ php_url *tmp_url; \ http://cvs.php.net/diff.php/php-src/NEWS?r1=1.1247.2.920.2.48r2=1.1247.2.920.2.49ty=u Index: php-src/NEWS diff -u php-src/NEWS:1.1247.2.920.2.48 php-src/NEWS:1.1247.2.920.2.49 --- php-src/NEWS:1.1247.2.920.2.48 Thu Oct 6 16:39:24 2005 +++ php-src/NEWSThu Oct 6 16:44:56 2005 @@ -1,6 +1,7 @@ PHP 4 NEWS ||| ?? ??? 2005, Version 4.4.1 +- Added missing safe_mode checks for image* functions and cURL. (Ilia) - Added missing safe_mode/open_basedir checks for file uploads. (Ilia) - Fixed possible INI setting leak via virtual() in Apache 2 sapi. (Ilia) - Fixed possible crash and/or memory corruption in import_request_variables(). -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_4) / NEWS /ext/curl curl.c
iliaa Wed Oct 5 10:34:41 2005 EDT Modified files: (Branch: PHP_4_4) /php-src/ext/curl curl.c /php-srcNEWS Log: MFH: Missing safe_mode/open_basedir checks for file uploads. http://cvs.php.net/diff.php/php-src/ext/curl/curl.c?r1=1.124.2.30r2=1.124.2.30.2.1ty=u Index: php-src/ext/curl/curl.c diff -u php-src/ext/curl/curl.c:1.124.2.30 php-src/ext/curl/curl.c:1.124.2.30.2.1 --- php-src/ext/curl/curl.c:1.124.2.30 Thu Jun 2 17:05:06 2005 +++ php-src/ext/curl/curl.c Wed Oct 5 10:34:36 2005 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: curl.c,v 1.124.2.30 2005/06/02 21:05:06 tony2001 Exp $ */ +/* $Id: curl.c,v 1.124.2.30.2.1 2005/10/05 14:34:36 iliaa Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -992,10 +992,15 @@ postval = Z_STRVAL_PP(current); if (*postval == '@') { + ++postval; + /* safe_mode / open_basedir check */ + if (php_check_open_basedir(postval TSRMLS_CC) || (PG(safe_mode) !php_checkuid(postval, rb+, CHECKUID_CHECK_MODE_PARAM))) { + RETURN_FALSE; + } error = curl_formadd(first, last, CURLFORM_COPYNAME, string_key, CURLFORM_NAMELENGTH, (long)string_key_len - 1, - CURLFORM_FILE, ++postval, + CURLFORM_FILE, postval, CURLFORM_END); } else { http://cvs.php.net/diff.php/php-src/NEWS?r1=1.1247.2.920.2.46r2=1.1247.2.920.2.47ty=u Index: php-src/NEWS diff -u php-src/NEWS:1.1247.2.920.2.46 php-src/NEWS:1.1247.2.920.2.47 --- php-src/NEWS:1.1247.2.920.2.46 Tue Oct 4 20:50:13 2005 +++ php-src/NEWSWed Oct 5 10:34:38 2005 @@ -1,6 +1,7 @@ PHP 4 NEWS ||| ?? ??? 2005, Version 4.4.1 +- Added missing safe_mode/open_basedir checks for file uploads. (Ilia) - Fixed possible INI setting leak via virtual() in Apache 2 sapi. (Ilia) - Fixed possible crash and/or memory corruption in import_request_variables(). (Ilia) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php