archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-15 13:38:49 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge branch 'PHP-8.2' into PHP-8.3

Browse source 
* PHP-8.2:
  Fix in-place modification of filename in php_message_handler_for_zend
This commit is contained in:
Ilija Tovilo 2023-11-20 14:13:06 +01:00
commit 05a815399e
No known key found for this signature in database
GPG key ID: A4F5D403F118200A
3 changed files with 30 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

2
NEWS
View file

@ -5,6 +5,8 @@ PHP NEWS
- Core: - Core:
. Fixed oss-fuzz #54325 (Use-after-free of name in var-var with malicious . Fixed oss-fuzz #54325 (Use-after-free of name in var-var with malicious
error handler). (ilutov) error handler). (ilutov)
. Fixed oss-fuzz #64209 (In-place modification of filename in
php_message_handler_for_zend). (ilutov)
- DOM: - DOM:
. Fixed bug GH-12616 (DOM: Removing XMLNS namespace node results in invalid . Fixed bug GH-12616 (DOM: Removing XMLNS namespace node results in invalid

13
Zend/tests/oss_fuzz_64209.phpt Normal file
View file

@ -0,0 +1,13 @@
--TEST--
oss-fuzz #64209: Fix in-place modification of filename in php_message_handler_for_zend
--FILE--
<?php
require '://@';
?>
--EXPECTF--
Warning: require(://@): Failed to open stream: No such file or directory in %s on line %d
Fatal error: Uncaught Error: Failed opening required '://@' (include_path='%s') in %s:%d
Stack trace:
#0 {main}
thrown in %s on line %d

21
main/main.c
View file

@ -1611,15 +1611,24 @@ static void php_free_request_globals(void)
static ZEND_COLD void php_message_handler_for_zend(zend_long message, const void *data) static ZEND_COLD void php_message_handler_for_zend(zend_long message, const void *data)
{ {
switch (message) { switch (message) {
case ZMSG_FAILED_INCLUDE_FOPEN: case ZMSG_FAILED_INCLUDE_FOPEN: {
php_error_docref("function.include", E_WARNING, "Failed opening '%s' for inclusion (include_path='%s')", php_strip_url_passwd((char *) data), STR_PRINT(PG(include_path))); char *tmp = estrdup((char *) data);
php_error_docref("function.include", E_WARNING, "Failed opening '%s' for inclusion (include_path='%s')", php_strip_url_passwd(tmp), STR_PRINT(PG(include_path)));
efree(tmp);
break; break;
case ZMSG_FAILED_REQUIRE_FOPEN: }
zend_throw_error(NULL, "Failed opening required '%s' (include_path='%s')", php_strip_url_passwd((char *) data), STR_PRINT(PG(include_path))); case ZMSG_FAILED_REQUIRE_FOPEN: {
char *tmp = estrdup((char *) data);
zend_throw_error(NULL, "Failed opening required '%s' (include_path='%s')", php_strip_url_passwd(tmp), STR_PRINT(PG(include_path)));
efree(tmp);
break; break;
case ZMSG_FAILED_HIGHLIGHT_FOPEN: }
php_error_docref(NULL, E_WARNING, "Failed opening '%s' for highlighting", php_strip_url_passwd((char *) data)); case ZMSG_FAILED_HIGHLIGHT_FOPEN: {
char *tmp = estrdup((char *) data);
php_error_docref(NULL, E_WARNING, "Failed opening '%s' for highlighting", php_strip_url_passwd(tmp));
efree(tmp);
break; break;
}
case ZMSG_MEMORY_LEAK_DETECTED: case ZMSG_MEMORY_LEAK_DETECTED:
case ZMSG_MEMORY_LEAK_REPEATED: case ZMSG_MEMORY_LEAK_REPEATED:
#if ZEND_DEBUG #if ZEND_DEBUG