phar_get_pharfp() can return NULL. In this case this is because the
stream gets closed by the include code in the engine. However, the phar
entry is still cached, so when the next include happens the engine tries
to read from a closed (and nullified) stream.
Use the same fix as in phar_open_entry_fp(): take into account that the
phar_get_pharfp() can return NULL and in that case reopen the phar
archive.
Closes GH-13056.
On ZTS, the global variables are stored in dynamically allocated memory.
When the module gets shut down this memory is released. After the module
is shut down, only then are the persistent resources cleared. Normally
this isn't an issue, but pgsql and odbc refer to the globals to modify
some counters, after the globals have been freed.
Fix this by guarding the modification.
Closes GH-13032.
Because these functions are copied and not properly registered (which we
can't), the observer code doesn't add the temporaries on startup.
Add them via a callback during startup.
Closes GH-12906.
It seems SELinux has a bug where memory directly adjacent to the heap is
interpreted as heap memory. Dodge this issue by leaving some space between the
heap and memory suggested by find_prefered_mmap_base.
See GH-12932
See https://bugzilla.kernel.org/show_bug.cgi?id=218258
Closes GH-12942
There's two problems:
- Some loops used `unsigned int` instead of `size_t`.
- The 2*N-bit addition that is emulated using 2 N bit numbers has a bug:
it first truncated the number to 32/64 bit and only then shifted. This
resulted in the wrong length info stored inside the resulting hash.
Closes GH-12937.
The memory region found by find_prefered_mmap_base may clash with memory regions
reserved by asan for tracking memory. The symptom of this is that mprotect for
JIT fails adding the PROT_EXEC flag to the shared memory region.
Closes GH-12890
In master I use ZEND_DIAGNOSTIC_IGNORED_START, but that doesn't exist on
8.2 or 8.3 (8.3 has a similar macro though).
So to unbreak CI I just made a variation of this directly in the
php_libxml.h header.
See 683e787860 (commitcomment-134301083)
Closes GH-12887.
The issue referenced here doesn't contain a reproducer, but I recently
received an email of a user with the exact same problem. I was able to
recreate the scenario locally using vsftpd and setting
`require_ssl_reuse=YES` in the vsftpd configuration.
It turns out that our session resumption code is broken. It only works a
single time: the first time a data connection opens. Subsequent data
connections fail to reuse the session. This is because on every data
connection a new session is negotiated, but the current code always
tries to reuse the (stale) session of the control connection.
To fix this, we use SSL_CTX_sess_set_new_cb() to setup a callback that
gets called every time a new session is negotiated. We take a strong
reference using SSL_get1_session() and store it in the ftpbuf_t struct.
Every time we open a data connection we'll take that session.
This works because every control connection has at most a single
associated data connection.
Also disable internal session caching storage to not fill the cache up
with useless sessions.
There is no phpt for this because PHP does not support enforcing SSL
session reuse.
It is however testable manually by setting up vsftpd and setting the
`require_ssl_reuse=YES` function from before.
Closes GH-12851.
If there are two users that can execute the script that caches a WSDL,
but the script is owned by a single user, then the caching code will
name the cached file with the file owner username and a hash of the uri.
When one of the two tries to rename the file created by the other
process, this does not work because it has no permission to do so.
This then leaves temporary files floating in the temp directory.
To fix the immediate problem, unlink the file after rename has failed.
On the long term, this has to be fixed by taking the username of the
process instead of the username of the file owner.
Closes GH-12841.
This has been the case at least since PHP 5.4. Thanks to Girgias for
pointing it out.
It appears that there are several global variables internal to mbstring
which can be queried via mb_get_info() and which could be NULL, but
at the very least, we know that "mbstring.http_input" is one of them.
