archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 05:58:45 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge branch 'PHP-5.5.32' into PHP-5.6.18

Browse source 
* PHP-5.5.32:
  Fixed bug #71488: Stack overflow when decompressing tar archives
  update NEWS
  add missing headers for SIZE_MAX
  backport the escapeshell* functions hardening branch
  add tests
  Fix bug #71459 - Integer overflow in iptcembed()
  Fixed bug #71323 - Output of stream_get_meta_data can be falsified by its input
  Fix bug #71391: NULL Pointer Dereference in phar_tar_setupmetadata()
  Fix bug #71335: Type Confusion in WDDX Packet Deserialization
  Fix bug #71354 - remove UMR when size is 0
This commit is contained in:
Stanislav Malyshev 2016-02-01 18:32:31 -08:00
commit 309ead112f
33 changed files with 500 additions and 246 deletions
Download patch file Download diff file Expand all files Collapse all files

1
ext/phar/phar_object.c
View file

@ -4886,6 +4886,7 @@ PHP_METHOD(PharFileInfo, getContent)
phar_seek_efp(link, 0, SEEK_SET, 0, 0 TSRMLS_CC);
Z_TYPE_P(return_value) = IS_STRING;
Z_STRVAL_P(return_value) = NULL;
Z_STRLEN_P(return_value) = php_stream_copy_to_mem(fp, &(Z_STRVAL_P(return_value)), link->uncompressed_filesize, 0);
if (!Z_STRVAL_P(return_value)) {

25
ext/phar/tar.c
View file

@ -195,6 +195,13 @@ static int phar_tar_process_metadata(phar_entry_info *entry, php_stream *fp TSRM
}
/* }}} */
#if !HAVE_STRNLEN
static size_t strnlen(const char *s, size_t maxlen) {
char *r = (char *)memchr(s, '\0', maxlen);
return r ? r-s : maxlen;
}
#endif
int phar_parse_tarfile(php_stream* fp, char *fname, int fname_len, char *alias, int alias_len, phar_archive_data** pphar, int is_data, php_uint32 compression, char **error TSRMLS_DC) /* {{{ */
{
char buf[512], *actual_alias = NULL, *p;
@ -204,6 +211,7 @@ int phar_parse_tarfile(php_stream* fp, char *fname, int fname_len, char *alias,
php_uint32 sum1, sum2, size, old;
phar_archive_data *myphar, **actual;
int last_was_longlink = 0;
int linkname_len;
if (error) {
*error = NULL;
@ -264,7 +272,7 @@ int phar_parse_tarfile(php_stream* fp, char *fname, int fname_len, char *alias,
goto next;
}
if (((!old && hdr->prefix[0] == 0) || old) && strlen(hdr->name) == sizeof(".phar/signature.bin")-1 && !strncmp(hdr->name, ".phar/signature.bin", sizeof(".phar/signature.bin")-1)) {
if (((!old && hdr->prefix[0] == 0) || old) && strnlen(hdr->name, 100) == sizeof(".phar/signature.bin")-1 && !strncmp(hdr->name, ".phar/signature.bin", sizeof(".phar/signature.bin")-1)) {
off_t curloc;
if (size > 511) {
@ -474,20 +482,22 @@ bail:
}
entry.link = NULL;
/* link field is null-terminated unless it has 100 non-null chars.
* Thus we can not use strlen. */
linkname_len = strnlen(hdr->linkname, 100);
if (entry.tar_type == TAR_LINK) {
if (!zend_hash_exists(&myphar->manifest, hdr->linkname, strlen(hdr->linkname))) {
if (!zend_hash_exists(&myphar->manifest, hdr->linkname, linkname_len)) {
if (error) {
spprintf(error, 4096, "phar error: \"%s\" is a corrupted tar file - hard link to non-existent file \"%s\"", fname, hdr->linkname);
spprintf(error, 4096, "phar error: \"%s\" is a corrupted tar file - hard link to non-existent file \"%.*s\"", fname, linkname_len, hdr->linkname);
}
pefree(entry.filename, entry.is_persistent);
php_stream_close(fp);
phar_destroy_phar_data(myphar TSRMLS_CC);
return FAILURE;
}
entry.link = estrdup(hdr->linkname);
entry.link = estrndup(hdr->linkname, linkname_len);
} else if (entry.tar_type == TAR_SYMLINK) {
entry.link = estrdup(hdr->linkname);
entry.link = estrndup(hdr->linkname, linkname_len);
}
phar_set_inode(&entry TSRMLS_CC);
zend_hash_add(&myphar->manifest, entry.filename, entry.filename_len, (void*)&entry, sizeof(phar_entry_info), (void **) &newentry);
@ -880,6 +890,9 @@ static int phar_tar_setupmetadata(void *pDest, void *argument TSRMLS_DC) /* {{{
if (entry->filename_len >= sizeof(".phar/.metadata") && !memcmp(entry->filename, ".phar/.metadata", sizeof(".phar/.metadata")-1)) {
if (entry->filename_len == sizeof(".phar/.metadata.bin")-1 && !memcmp(entry->filename, ".phar/.metadata.bin", sizeof(".phar/.metadata.bin")-1)) {
if (entry->phar->metadata == NULL) {
return ZEND_HASH_APPLY_REMOVE;
}
return phar_tar_setmetadata(entry->phar->metadata, entry, error TSRMLS_CC);
}
/* search for the file this metadata entry references */

13
ext/phar/tests/bug71354.phpt Normal file
View file

@ -0,0 +1,13 @@
--TEST--
Phar: bug #71354: Heap corruption in tar/zip/phar parser.
--SKIPIF--
<?php if (!extension_loaded("phar")) die("skip"); ?>
--FILE--
<?php
$p = new PharData(__DIR__."/bug71354.tar");
var_dump($p['aaaa']->getContent());
?>
DONE
--EXPECT--
string(0) ""
DONE

BIN
ext/phar/tests/bug71354.tar Normal file
View file

Binary file not shown.

18
ext/phar/tests/bug71391.phpt Normal file
View file

@ -0,0 +1,18 @@
--TEST--
Phar: bug #71391: NULL Pointer Dereference in phar_tar_setupmetadata()
--SKIPIF--
<?php if (!extension_loaded("phar")) die("skip"); ?>
--FILE--
<?php
// duplicate since the tar will change
copy(__DIR__."/bug71391.tar", __DIR__."/bug71391.test.tar");
$p = new PharData(__DIR__."/bug71391.test.tar");
$p->delMetaData();
?>
DONE
--CLEAN--
<?php
unlink(__DIR__."/bug71391.test.tar");
?>
--EXPECT--
DONE

BIN
ext/phar/tests/bug71391.tar Normal file
View file

Binary file not shown.

16
ext/phar/tests/bug71488.phpt Normal file
View file

@ -0,0 +1,16 @@
--TEST--
Phar: bug #71488: Stack overflow when decompressing tar archives
--SKIPIF--
<?php if (!extension_loaded("phar")) die("skip"); ?>
--FILE--
<?php
$p = new PharData(__DIR__."/bug71488.tar");
$newp = $p->decompress("test");
?>
DONE
--CLEAN--
<?php
@unlink(__DIR__."/bug71488.test");
?>
--EXPECT--
DONE

BIN
ext/phar/tests/bug71488.tar Normal file
View file

Binary file not shown.

1
ext/standard/basic_functions.c
View file

@ -3647,6 +3647,7 @@ PHP_MINIT_FUNCTION(basic) /* {{{ */
#ifdef PHP_CAN_SUPPORT_PROC_OPEN
BASIC_MINIT_SUBMODULE(proc_open)
#endif
BASIC_MINIT_SUBMODULE(exec)
BASIC_MINIT_SUBMODULE(user_streams)
BASIC_MINIT_SUBMODULE(imagetypes)

76
ext/standard/exec.c
View file

@ -46,10 +46,42 @@
#include <fcntl.h>
#endif
#if HAVE_NICE && HAVE_UNISTD_H
#if HAVE_UNISTD_H
#include <unistd.h>
#endif
#ifdef PHP_WIN32
# include "win32/php_stdint.h"
#else
# if HAVE_INTTYPES_H
# include <inttypes.h>
# elif HAVE_STDINT_H
# include <stdint.h>
# endif
#endif
static int cmd_max_len;
/* {{{ PHP_MINIT_FUNCTION(exec) */
PHP_MINIT_FUNCTION(exec)
{
#ifdef _SC_ARG_MAX
cmd_max_len = sysconf(_SC_ARG_MAX);
#elif defined(ARG_MAX)
cmd_max_len = ARG_MAX;
#elif defined(PHP_WIN32)
/* Executed commands will run through cmd.exe. As long as it's the case,
it's just the constant limit.*/
cmd_max_len = 8192;
#else
/* This is just an arbitrary value for the fallback case. */
cmd_max_len = 4096;
#endif
return SUCCESS;
}
/* }}} */
/* {{{ php_exec
* If type==0, only last line of output is returned (exec)
* If type==1, all lines will be printed and last lined returned (system)
@ -244,13 +276,20 @@ PHP_FUNCTION(passthru)
*/
PHPAPI char *php_escape_shell_cmd(char *str)
{
register int x, y, l = strlen(str);
register int x, y;
size_t l = strlen(str);
uint64_t estimate = (2 * (uint64_t)l) + 1;
char *cmd;
char *p = NULL;
size_t estimate = (2 * l) + 1;
TSRMLS_FETCH();
/* max command line length - two single quotes - \0 byte length */
if (l > cmd_max_len - 2 - 1) {
php_error_docref(NULL TSRMLS_CC, E_ERROR, "Command exceeds the allowed length of %d bytes", cmd_max_len);
return NULL;
}
cmd = safe_emalloc(2, l, 1);
for (x = 0, y = 0; x < l; x++) {
@ -322,6 +361,12 @@ PHPAPI char *php_escape_shell_cmd(char *str)
}
cmd[y] = '\0';
if (y - 1 > cmd_max_len) {
php_error_docref(NULL TSRMLS_CC, E_ERROR, "Escaped command exceeds the allowed length of %d bytes", cmd_max_len);
efree(cmd);
return NULL;
}
if ((estimate - y) > 4096) {
/* realloc if the estimate was way overill
* Arbitrary cutoff point of 4096 */
@ -336,12 +381,19 @@ PHPAPI char *php_escape_shell_cmd(char *str)
*/
PHPAPI char *php_escape_shell_arg(char *str)
{
int x, y = 0, l = strlen(str);
int x, y = 0;
size_t l = strlen(str);
char *cmd;
size_t estimate = (4 * l) + 3;
uint64_t estimate = (4 * (uint64_t)l) + 3;
TSRMLS_FETCH();
/* max command line length - two single quotes - \0 byte length */
if (l > cmd_max_len - 2 - 1) {
php_error_docref(NULL TSRMLS_CC, E_ERROR, "Argument exceeds the allowed length of %d bytes", cmd_max_len);
return NULL;
}
cmd = safe_emalloc(4, l, 3); /* worst case */
#ifdef PHP_WIN32
@ -396,6 +448,12 @@ PHPAPI char *php_escape_shell_arg(char *str)
#endif
cmd[y] = '\0';
if (y - 1 > cmd_max_len) {
php_error_docref(NULL TSRMLS_CC, E_ERROR, "Escaped argument exceeds the allowed length of %d bytes", cmd_max_len);
efree(cmd);
return NULL;
}
if ((estimate - y) > 4096) {
/* realloc if the estimate was way overill
* Arbitrary cutoff point of 4096 */
@ -418,6 +476,10 @@ PHP_FUNCTION(escapeshellcmd)
}
if (command_len) {
if (command_len != strlen(command)) {
php_error_docref(NULL TSRMLS_CC, E_ERROR, "Input string contains NULL bytes");
return;
}
cmd = php_escape_shell_cmd(command);
RETVAL_STRING(cmd, 0);
} else {
@ -439,6 +501,10 @@ PHP_FUNCTION(escapeshellarg)
}
if (argument) {
if (argument_len != strlen(argument)) {
php_error_docref(NULL TSRMLS_CC, E_ERROR, "Input string contains NULL bytes");
return;
}
cmd = php_escape_shell_arg(argument);
RETVAL_STRING(cmd, 0);
}

1
ext/standard/exec.h
View file

@ -33,6 +33,7 @@ PHP_FUNCTION(proc_close);
PHP_FUNCTION(proc_terminate);
PHP_FUNCTION(proc_nice);
PHP_MINIT_FUNCTION(proc_open);
PHP_MINIT_FUNCTION(exec);
PHPAPI char *php_escape_shell_cmd(char *);
PHPAPI char *php_escape_shell_arg(char *);

16
ext/standard/iptc.c
View file

@ -38,6 +38,15 @@
#include <sys/stat.h>
#ifdef PHP_WIN32
# include "win32/php_stdint.h"
#else
# if HAVE_INTTYPES_H
# include <inttypes.h>
# elif HAVE_STDINT_H
# include <stdint.h>
# endif
#endif
/* some defines for the different JPEG block types */
#define M_SOF0 0xC0 /* Start Of Frame N */
@ -195,6 +204,11 @@ PHP_FUNCTION(iptcembed)
RETURN_FALSE;
}
if ((size_t)iptcdata_len >= SIZE_MAX - sizeof(psheader) - 1025) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "IPTC data too large");
RETURN_FALSE;
}
if ((fp = VCWD_FOPEN(jpeg_file, "rb")) == 0) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to open %s", jpeg_file);
RETURN_FALSE;
@ -203,7 +217,7 @@ PHP_FUNCTION(iptcembed)
if (spool < 2) {
fstat(fileno(fp), &sb);
poi = spoolbuf = safe_emalloc(1, iptcdata_len + sizeof(psheader) + sb.st_size + 1024, 1);
poi = spoolbuf = safe_emalloc(1, (size_t)iptcdata_len + sizeof(psheader) + 1024 + 1, sb.st_size);
memset(poi, 0, iptcdata_len + sizeof(psheader) + sb.st_size + 1024 + 1);
}

20
ext/standard/streamsfuncs.c
View file

@ -498,6 +498,12 @@ PHP_FUNCTION(stream_get_meta_data)
array_init(return_value);
if (!php_stream_populate_meta_data(stream, return_value)) {
add_assoc_bool(return_value, "timed_out", 0);
add_assoc_bool(return_value, "blocked", 1);
add_assoc_bool(return_value, "eof", php_stream_eof(stream));
}
if (stream->wrapperdata) {
MAKE_STD_ZVAL(newval);
MAKE_COPY_ZVAL(&stream->wrapperdata, newval);
@ -533,12 +539,6 @@ PHP_FUNCTION(stream_get_meta_data)
add_assoc_string(return_value, "uri", stream->orig_path, 1);
}
if (!php_stream_populate_meta_data(stream, return_value)) {
add_assoc_bool(return_value, "timed_out", 0);
add_assoc_bool(return_value, "blocked", 1);
add_assoc_bool(return_value, "eof", php_stream_eof(stream));
}
}
/* }}} */
@ -687,7 +687,7 @@ static int stream_array_from_fd_set(zval *stream_array, fd_set *fds TSRMLS_DC)
} else { /* HASH_KEY_IS_STRING */
zend_hash_update(new_hash, key, key_len, (void *)elem, sizeof(zval *), (void **)&dest_elem);
}
if (dest_elem) {
zval_add_ref(dest_elem);
}
@ -1444,7 +1444,7 @@ PHP_FUNCTION(stream_set_chunk_size)
php_error_docref(NULL TSRMLS_CC, E_WARNING, "The chunk size must be a positive integer, given %ld", csize);
RETURN_FALSE;
}
/* stream.chunk_size is actually a size_t, but php_stream_set_option
/* stream.chunk_size is actually a size_t, but php_stream_set_option
* can only use an int to accept the new value and return the old one.
* In any case, values larger than INT_MAX for a chunk size make no sense.
*/
@ -1452,11 +1452,11 @@ PHP_FUNCTION(stream_set_chunk_size)
php_error_docref(NULL TSRMLS_CC, E_WARNING, "The chunk size cannot be larger than %d", INT_MAX);
RETURN_FALSE;
}
php_stream_from_zval(stream, &zstream);
ret = php_stream_set_option(stream, PHP_STREAM_OPTION_SET_CHUNK_SIZE, (int)csize, NULL);
RETURN_LONG(ret > 0 ? (long)ret : (long)EOF);
}
/* }}} */

10
ext/standard/tests/general_functions/escapeshellarg_bug71039.phpt Normal file
View file

@ -0,0 +1,10 @@
--TEST--
Test escapeshellarg() string with \0 bytes
--FILE--
<?php
escapeshellarg("hello\0world");
?>
===DONE===
--EXPECTF--
Fatal error: escapeshellarg(): Input string contains NULL bytes in %s on line %d

12
ext/standard/tests/general_functions/escapeshellarg_bug71270.phpt Normal file
View file

@ -0,0 +1,12 @@
--TEST--
Test escapeshellarg() allowed argument length
--FILE--
<?php
ini_set('memory_limit', -1);
$var_2 = str_repeat('A', 1024*1024*64);
escapeshellarg($var_2);
?>
===DONE===
--EXPECTF--
Fatal error: escapeshellarg(): Argument exceeds the allowed length of %d bytes in %s on line %d

10
ext/standard/tests/general_functions/escapeshellcmd_bug71039.phpt Normal file
View file

@ -0,0 +1,10 @@
--TEST--
Test escapeshellcmd() string with \0 bytes
--FILE--
<?php
escapeshellcmd("hello\0world");
?>
===DONE===
--EXPECTF--
Fatal error: escapeshellcmd(): Input string contains NULL bytes in %s on line %d

12
ext/standard/tests/general_functions/escapeshellcmd_bug71270.phpt Normal file
View file

@ -0,0 +1,12 @@
--TEST--
Test escapeshellcmd() allowed argument length
--FILE--
<?php
ini_set('memory_limit', -1);
$var_2 = str_repeat('A', 1024*1024*64);
escapeshellcmd($var_2);
?>
===DONE===
--EXPECTF--
Fatal error: escapeshellcmd(): Command exceeds the allowed length of %d bytes in %s on line %d

31
ext/standard/tests/streams/bug71323.phpt Normal file
View file

@ -0,0 +1,31 @@
--TEST--
Bug #71323: Output of stream_get_meta_data can be falsified by its input
--FILE--
<?php
$file = 'data:text/plain;z=y;uri=eviluri;mediatype=wut?;mediatype2=hello,somedata';
$meta = stream_get_meta_data(fopen($file, "r"));
var_dump($meta);
?>
--EXPECTF--
array(10) {
["mediatype"]=>
string(10) "text/plain"
["z"]=>
string(1) "y"
["uri"]=>
string(72) "data:text/plain;z=y;uri=eviluri;mediatype=wut?;mediatype2=hello,somedata"
["mediatype2"]=>
string(5) "hello"
["base64"]=>
bool(false)
["wrapper_type"]=>
string(7) "RFC2397"
["stream_type"]=>
string(7) "RFC2397"
["mode"]=>
string(1) "r"
["unread_bytes"]=>
int(0)
["seekable"]=>
bool(true)
}

24
ext/standard/tests/streams/stream_get_meta_data_dir_basic.phpt
View file

@ -13,6 +13,12 @@ var_dump(stream_get_meta_data($dirObject->handle));
?>
--EXPECT--
array(8) {
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
["wrapper_type"]=>
string(9) "plainfile"
["stream_type"]=>
@ -23,14 +29,14 @@ array(8) {
int(0)
["seekable"]=>
bool(true)
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
}
array(8) {
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
["wrapper_type"]=>
string(9) "plainfile"
["stream_type"]=>
@ -41,10 +47,4 @@ array(8) {
int(0)
["seekable"]=>
bool(true)
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
}

12
ext/standard/tests/streams/stream_get_meta_data_file_basic.phpt
View file

@ -12,6 +12,12 @@ fclose($fp);
?>
--EXPECTF--
array(9) {
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
["wrapper_type"]=>
string(9) "plainfile"
["stream_type"]=>
@ -24,10 +30,4 @@ array(9) {
bool(true)
["uri"]=>
string(%i) "%sstream_get_meta_data_file_basic.php"
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
}

104
ext/standard/tests/streams/stream_get_meta_data_file_variation1.phpt
View file

@ -29,6 +29,12 @@ unlink($filename);
?>
--EXPECTF--
array(9) {
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
["wrapper_type"]=>
string(9) "plainfile"
["stream_type"]=>
@ -41,14 +47,14 @@ array(9) {
bool(true)
["uri"]=>
string(%i) "%s.tmp"
}
array(9) {
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
}
array(9) {
["wrapper_type"]=>
string(9) "plainfile"
["stream_type"]=>
@ -61,14 +67,14 @@ array(9) {
bool(true)
["uri"]=>
string(%i) "%s.tmp"
}
array(9) {
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
}
array(9) {
["wrapper_type"]=>
string(9) "plainfile"
["stream_type"]=>
@ -81,14 +87,14 @@ array(9) {
bool(true)
["uri"]=>
string(%i) "%s.tmp"
}
array(9) {
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
}
array(9) {
["wrapper_type"]=>
string(9) "plainfile"
["stream_type"]=>
@ -101,14 +107,14 @@ array(9) {
bool(true)
["uri"]=>
string(%i) "%s.tmp"
}
array(9) {
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
}
array(9) {
["wrapper_type"]=>
string(9) "plainfile"
["stream_type"]=>
@ -121,14 +127,14 @@ array(9) {
bool(true)
["uri"]=>
string(%i) "%s.tmp"
}
array(9) {
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
}
array(9) {
["wrapper_type"]=>
string(9) "plainfile"
["stream_type"]=>
@ -141,14 +147,14 @@ array(9) {
bool(true)
["uri"]=>
string(%i) "%s.tmp"
}
array(9) {
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
}
array(9) {
["wrapper_type"]=>
string(9) "plainfile"
["stream_type"]=>
@ -161,14 +167,14 @@ array(9) {
bool(true)
["uri"]=>
string(%i) "%s.tmp"
}
array(9) {
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
}
array(9) {
["wrapper_type"]=>
string(9) "plainfile"
["stream_type"]=>
@ -181,14 +187,14 @@ array(9) {
bool(true)
["uri"]=>
string(%i) "%s.tmp"
}
array(9) {
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
}
array(9) {
["wrapper_type"]=>
string(9) "plainfile"
["stream_type"]=>
@ -201,14 +207,14 @@ array(9) {
bool(true)
["uri"]=>
string(%i) "%s.tmp"
}
array(9) {
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
}
array(9) {
["wrapper_type"]=>
string(9) "plainfile"
["stream_type"]=>
@ -221,14 +227,14 @@ array(9) {
bool(true)
["uri"]=>
string(%i) "%s.tmp"
}
array(9) {
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
}
array(9) {
["wrapper_type"]=>
string(9) "plainfile"
["stream_type"]=>
@ -241,14 +247,14 @@ array(9) {
bool(true)
["uri"]=>
string(%i) "%s.tmp"
}
array(9) {
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
}
array(9) {
["wrapper_type"]=>
string(9) "plainfile"
["stream_type"]=>
@ -261,14 +267,14 @@ array(9) {
bool(true)
["uri"]=>
string(%i) "%s.tmp"
}
array(9) {
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
}
array(9) {
["wrapper_type"]=>
string(9) "plainfile"
["stream_type"]=>
@ -281,14 +287,14 @@ array(9) {
bool(true)
["uri"]=>
string(%i) "%s.tmp"
}
array(9) {
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
}
array(9) {
["wrapper_type"]=>
string(9) "plainfile"
["stream_type"]=>
@ -301,14 +307,14 @@ array(9) {
bool(true)
["uri"]=>
string(%i) "%s.tmp"
}
array(9) {
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
}
array(9) {
["wrapper_type"]=>
string(9) "plainfile"
["stream_type"]=>
@ -321,14 +327,14 @@ array(9) {
bool(true)
["uri"]=>
string(%i) "%s.tmp"
}
array(9) {
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
}
array(9) {
["wrapper_type"]=>
string(9) "plainfile"
["stream_type"]=>
@ -341,14 +347,14 @@ array(9) {
bool(true)
["uri"]=>
string(%i) "%s.tmp"
}
array(9) {
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
}
array(9) {
["wrapper_type"]=>
string(9) "plainfile"
["stream_type"]=>
@ -361,14 +367,14 @@ array(9) {
bool(true)
["uri"]=>
string(%i) "%s.tmp"
}
array(9) {
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
}
array(9) {
["wrapper_type"]=>
string(9) "plainfile"
["stream_type"]=>
@ -381,14 +387,14 @@ array(9) {
bool(true)
["uri"]=>
string(%i) "%s.tmp"
}
array(9) {
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
}
array(9) {
["wrapper_type"]=>
string(9) "plainfile"
["stream_type"]=>
@ -401,14 +407,14 @@ array(9) {
bool(true)
["uri"]=>
string(%i) "%s.tmp"
}
array(9) {
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
}
array(9) {
["wrapper_type"]=>
string(9) "plainfile"
["stream_type"]=>
@ -421,14 +427,14 @@ array(9) {
bool(true)
["uri"]=>
string(%i) "%s.tmp"
}
array(9) {
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
}
array(9) {
["wrapper_type"]=>
string(9) "plainfile"
["stream_type"]=>
@ -441,14 +447,14 @@ array(9) {
bool(true)
["uri"]=>
string(%i) "%s.tmp"
}
array(9) {
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
}
array(9) {
["wrapper_type"]=>
string(9) "plainfile"
["stream_type"]=>
@ -461,14 +467,14 @@ array(9) {
bool(true)
["uri"]=>
string(%i) "%s.tmp"
}
array(9) {
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
}
array(9) {
["wrapper_type"]=>
string(9) "plainfile"
["stream_type"]=>
@ -481,14 +487,14 @@ array(9) {
bool(true)
["uri"]=>
string(%i) "%s.tmp"
}
array(9) {
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
}
array(9) {
["wrapper_type"]=>
string(9) "plainfile"
["stream_type"]=>
@ -501,10 +507,4 @@ array(9) {
bool(true)
["uri"]=>
string(%i) "%s.tmp"
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
}

46
ext/standard/tests/streams/stream_get_meta_data_file_variation2.phpt
View file

@ -43,6 +43,12 @@ unlink($filename);
--EXPECTF--
Write some data to the file:
array(9) {
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
["wrapper_type"]=>
string(9) "plainfile"
["stream_type"]=>
@ -55,12 +61,6 @@ array(9) {
bool(true)
["uri"]=>
string(%i) "%s.tmp"
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
}
@ -68,6 +68,12 @@ Read a line of the file, causing data to be buffered:
string(15) "a line of data
"
array(9) {
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
["wrapper_type"]=>
string(9) "plainfile"
["stream_type"]=>
@ -80,17 +86,17 @@ array(9) {
bool(true)
["uri"]=>
string(%i) "%s.tmp"
}
Read 20 bytes from the file:
array(9) {
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
}
Read 20 bytes from the file:
array(9) {
["wrapper_type"]=>
string(9) "plainfile"
["stream_type"]=>
@ -103,17 +109,17 @@ array(9) {
bool(true)
["uri"]=>
string(%i) "%s.tmp"
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
}
Read entire file:
array(9) {
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(true)
["wrapper_type"]=>
string(9) "plainfile"
["stream_type"]=>
@ -126,10 +132,4 @@ array(9) {
bool(true)
["uri"]=>
string(%i) "%s.tmp"
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(true)
}

20
ext/standard/tests/streams/stream_get_meta_data_file_variation4.phpt
View file

@ -28,6 +28,12 @@ unlink($filename);
--EXPECTF--
Create a file:
array(9) {
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
["wrapper_type"]=>
string(9) "plainfile"
["stream_type"]=>
@ -40,16 +46,16 @@ array(9) {
bool(true)
["uri"]=>
string(%i) "File://%sstream_get_meta_data_file_variation4.php.tmp"
}
Change to file's directory and open with a relative path:
array(9) {
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
}
Change to file's directory and open with a relative path:
array(9) {
["wrapper_type"]=>
string(9) "plainfile"
["stream_type"]=>
@ -62,10 +68,4 @@ array(9) {
bool(true)
["uri"]=>
string(%i) "stream_get_meta_data_file_variation4.php.tmp"
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
}

24
ext/standard/tests/streams/stream_get_meta_data_file_variation5.phpt
View file

@ -33,6 +33,12 @@ unlink($filename);
--EXPECTF--
Write some data to the file:
array(9) {
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
["wrapper_type"]=>
string(9) "plainfile"
["stream_type"]=>
@ -45,17 +51,17 @@ array(9) {
bool(true)
["uri"]=>
string(%i) "%s"
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
}
Read entire file:
array(9) {
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(true)
["wrapper_type"]=>
string(9) "plainfile"
["stream_type"]=>
@ -68,10 +74,4 @@ array(9) {
bool(true)
["uri"]=>
string(%i) "%s"
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(true)
}

12
ext/standard/tests/streams/stream_get_meta_data_process_basic.phpt
View file

@ -18,6 +18,12 @@ echo "Done";
?>
--EXPECT--
array(7) {
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
["stream_type"]=>
string(5) "STDIO"
["mode"]=>
@ -26,11 +32,5 @@ array(7) {
int(0)
["seekable"]=>
bool(false)
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
}
Done

12
ext/standard/tests/streams/stream_get_meta_data_socket_basic.phpt
View file

@ -10,6 +10,12 @@ fclose($tcp_socket);
?>
--EXPECTF--
array(7) {
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
["stream_type"]=>
string(%d) "tcp_socke%s"
["mode"]=>
@ -18,10 +24,4 @@ array(7) {
int(0)
["seekable"]=>
bool(false)
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
}

44
ext/standard/tests/streams/stream_get_meta_data_socket_variation1.phpt
View file

@ -39,6 +39,12 @@ var_dump(stream_get_meta_data($client));
--EXPECTF--
Write some data:
array(7) {
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
["stream_type"]=>
string(%d) "tcp_socke%s"
["mode"]=>
@ -47,17 +53,17 @@ array(7) {
int(0)
["seekable"]=>
bool(false)
}
Read a line from the client, causing data to be buffered:
array(7) {
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
}
Read a line from the client, causing data to be buffered:
array(7) {
["stream_type"]=>
string(%d) "tcp_socke%s"
["mode"]=>
@ -66,17 +72,17 @@ array(7) {
int(15)
["seekable"]=>
bool(false)
}
Read 3 bytes of data from the client:
array(7) {
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
}
Read 3 bytes of data from the client:
array(7) {
["stream_type"]=>
string(%d) "tcp_socke%s"
["mode"]=>
@ -85,17 +91,17 @@ array(7) {
int(12)
["seekable"]=>
bool(false)
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
}
Close the server side socket and read the remaining data from the client:
array(7) {
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(true)
["stream_type"]=>
string(%d) "tcp_socke%s"
["mode"]=>
@ -104,10 +110,4 @@ array(7) {
int(0)
["seekable"]=>
bool(false)
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(true)
}

48
ext/standard/tests/streams/stream_get_meta_data_socket_variation2.phpt
View file

@ -37,6 +37,12 @@ fclose($server);
?>
--EXPECTF--
array(7) {
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
["stream_type"]=>
string(%d) "tcp_socke%s"
["mode"]=>
@ -45,17 +51,17 @@ array(7) {
int(0)
["seekable"]=>
bool(false)
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
}
Set a timeout on the client and attempt a read:
array(7) {
["timed_out"]=>
bool(true)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
["stream_type"]=>
string(%d) "tcp_socke%s"
["mode"]=>
@ -64,17 +70,17 @@ array(7) {
int(0)
["seekable"]=>
bool(false)
["timed_out"]=>
bool(true)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
}
Write some data from the server:
array(7) {
["timed_out"]=>
bool(true)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
["stream_type"]=>
string(%d) "tcp_socke%s"
["mode"]=>
@ -83,17 +89,17 @@ array(7) {
int(0)
["seekable"]=>
bool(false)
["timed_out"]=>
bool(true)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
}
Read some data from the client:
array(7) {
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
["stream_type"]=>
string(%d) "tcp_socke%s"
["mode"]=>
@ -102,10 +108,4 @@ array(7) {
int(0)
["seekable"]=>
bool(false)
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
}

36
ext/standard/tests/streams/stream_get_meta_data_socket_variation3.phpt
View file

@ -32,6 +32,12 @@ fclose($server);
?>
--EXPECTF--
array(7) {
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
["stream_type"]=>
string(%d) "tcp_socke%s"
["mode"]=>
@ -40,18 +46,18 @@ array(7) {
int(0)
["seekable"]=>
bool(false)
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
}
Set blocking to false:
bool(true)
array(7) {
["timed_out"]=>
bool(false)
["blocked"]=>
bool(false)
["eof"]=>
bool(false)
["stream_type"]=>
string(%d) "tcp_socke%s"
["mode"]=>
@ -60,18 +66,18 @@ array(7) {
int(0)
["seekable"]=>
bool(false)
["timed_out"]=>
bool(false)
["blocked"]=>
bool(false)
["eof"]=>
bool(false)
}
Set blocking to true:
bool(true)
array(7) {
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
["stream_type"]=>
string(%d) "tcp_socke%s"
["mode"]=>
@ -80,10 +86,4 @@ array(7) {
int(0)
["seekable"]=>
bool(false)
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
}

36
ext/standard/tests/streams/stream_get_meta_data_socket_variation4.phpt
View file

@ -37,6 +37,12 @@ fclose($client);
--EXPECTF--
Write some data:
array(7) {
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
["stream_type"]=>
string(%d) "tcp_socke%s"
["mode"]=>
@ -45,17 +51,17 @@ array(7) {
int(%i)
["seekable"]=>
bool(false)
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
}
Read a line from the client:
array(7) {
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
["stream_type"]=>
string(%d) "tcp_socke%s"
["mode"]=>
@ -64,17 +70,17 @@ array(7) {
int(%i)
["seekable"]=>
bool(false)
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(false)
}
Close the server side socket and read the remaining data from the client:
array(7) {
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(true)
["stream_type"]=>
string(%d) "tcp_socke%s"
["mode"]=>
@ -83,10 +89,4 @@ array(7) {
int(%i)
["seekable"]=>
bool(false)
["timed_out"]=>
bool(false)
["blocked"]=>
bool(true)
["eof"]=>
bool(true)
}

33
ext/wddx/tests/bug71335.phpt Normal file
View file

@ -0,0 +1,33 @@
--TEST--
Bug #71335 (Type Confusion in WDDX Packet Deserialization)
--SKIPIF--
<?php
if (!extension_loaded("wddx")) print "skip";
?>
--FILE--
<?php
$x = "<?xml version='1.0'?>
<wddxPacket version='1.0'>
<header/>
<data>
<struct>
<var name='php_class_name'>
<string>stdClass</string>
</var>
<var name='php_class_name'>
<string>stdClass</string>
</var>
</struct>
</data>
</wddxPacket>";
$d = wddx_deserialize($x);
var_dump($d);
?>
DONE
--EXPECTF--
object(stdClass)#%d (1) {
["php_class_name"]=>
string(8) "stdClass"
}
DONE

3
ext/wddx/wddx.c
View file

@ -976,7 +976,8 @@ static void php_wddx_pop_element(void *user_data, const XML_Char *name)
if (ent1->varname) {
if (!strcmp(ent1->varname, PHP_CLASS_NAME_VAR) &&
Z_TYPE_P(ent1->data) == IS_STRING && Z_STRLEN_P(ent1->data) && ent2->type == ST_STRUCT) {
Z_TYPE_P(ent1->data) == IS_STRING && Z_STRLEN_P(ent1->data) &&
ent2->type == ST_STRUCT && Z_TYPE_P(ent2->data) == IS_ARRAY) {
zend_bool incomplete_class = 0;
zend_str_tolower(Z_STRVAL_P(ent1->data), Z_STRLEN_P(ent1->data));

30
main/streams/memory.c
View file

@ -209,7 +209,7 @@ static int php_stream_memory_stat(php_stream *stream, php_stream_statbuf *ssb TS
memset(ssb, 0, sizeof(php_stream_statbuf));
/* read-only across the board */
ssb->sb.st_mode = ms->mode & TEMP_STREAM_READONLY ? 0444 : 0666;
ssb->sb.st_size = ms->fsize;
@ -248,7 +248,7 @@ static int php_stream_memory_set_option(php_stream *stream, int option, int valu
{
php_stream_memory_data *ms = (php_stream_memory_data*)stream->abstract;
size_t newsize;
switch(option) {
case PHP_STREAM_OPTION_TRUNCATE_API:
switch (value) {
@ -277,7 +277,7 @@ static int php_stream_memory_set_option(php_stream *stream, int option, int valu
}
}
/* }}} */
PHPAPI php_stream_ops php_stream_memory_ops = {
php_stream_memory_write, php_stream_memory_read,
php_stream_memory_close, php_stream_memory_flush,
@ -301,7 +301,7 @@ PHPAPI php_stream *_php_stream_memory_create(int mode STREAMS_DC TSRMLS_DC)
self->fsize = 0;
self->smax = ~0u;
self->mode = mode;
stream = php_stream_alloc_rel(&php_stream_memory_ops, self, 0, mode & TEMP_STREAM_READONLY ? "rb" : "w+b");
stream->flags |= PHP_STREAM_FLAG_NO_BUFFER;
return stream;
@ -317,7 +317,7 @@ PHPAPI php_stream *_php_stream_memory_open(int mode, char *buf, size_t length ST
if ((stream = php_stream_memory_create_rel(mode)) != NULL) {
ms = (php_stream_memory_data*)stream->abstract;
if (mode == TEMP_STREAM_READONLY || mode == TEMP_STREAM_TAKE_BUFFER) {
/* use the buffer directly */
ms->data = buf;
@ -401,11 +401,11 @@ static size_t php_stream_temp_read(php_stream *stream, char *buf, size_t count T
if (!ts->innerstream) {
return -1;
}
got = php_stream_read(ts->innerstream, buf, count);
stream->eof = ts->innerstream->eof;
return got;
}
/* }}} */
@ -424,7 +424,7 @@ static int php_stream_temp_close(php_stream *stream, int close_handle TSRMLS_DC)
} else {
ret = 0;
}
if (ts->meta) {
zval_ptr_dtor(&ts->meta);
}
@ -466,7 +466,7 @@ static int php_stream_temp_seek(php_stream *stream, off_t offset, int whence, of
ret = php_stream_seek(ts->innerstream, offset, whence);
*newoffs = php_stream_tell(ts->innerstream);
stream->eof = ts->innerstream->eof;
return ret;
}
/* }}} */
@ -508,7 +508,7 @@ static int php_stream_temp_cast(php_stream *stream, int castas, void **ret TSRML
file = php_stream_fopen_tmpfile();
php_stream_write(file, membuf, memsize);
pos = php_stream_tell(ts->innerstream);
php_stream_free_enclosed(ts->innerstream, PHP_STREAM_FREE_CLOSE);
ts->innerstream = file;
php_stream_encloses(stream, ts->innerstream);
@ -532,7 +532,7 @@ static int php_stream_temp_stat(php_stream *stream, php_stream_statbuf *ssb TSRM
static int php_stream_temp_set_option(php_stream *stream, int option, int value, void *ptrparam TSRMLS_DC) /* {{{ */
{
php_stream_temp_data *ts = (php_stream_temp_data*)stream->abstract;
switch(option) {
case PHP_STREAM_OPTION_META_DATA_API:
if (ts->meta) {
@ -654,7 +654,7 @@ static php_stream * php_stream_url_wrap_rfc2397(php_stream_wrapper *wrapper, con
dlen -= mlen;
semi = memchr(path, ';', mlen);
sep = memchr(path, '/', mlen);
if (!semi && !sep) {
php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "rfc2397: illegal media type");
return NULL;
@ -697,7 +697,9 @@ static php_stream * php_stream_url_wrap_rfc2397(php_stream_wrapper *wrapper, con
plen = sep - path;
vlen = (semi ? semi - sep : mlen - plen) - 1 /* '=' */;
key = estrndup(path, plen);
add_assoc_stringl_ex(meta, key, plen + 1, sep + 1, vlen, 1);
if (plen != sizeof("mediatype")-1 || memcmp(key, "mediatype", sizeof("mediatype")-1)) {
add_assoc_stringl_ex(meta, key, plen + 1, sep + 1, vlen, 1);
}
efree(key);
plen += vlen + 1;
mlen -= plen;