archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-18 23:18:56 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
107623 commits 526 branches 1434 tags 877 MiB
Commit graph

108 commits

Author SHA1 Message Date
Dmitry Stogov
524f5245c5 Avoid useless checks, using zend_string_efree(), in cases where the string is known to be a temporary allocated zend_string. 2018-05-08 17:30:15 +03:00
Xinchen Hui
c29f1f41c3 Combines common codes 2018-03-02 10:32:15 +08:00
Xinchen Hui
966923f4be Attempt to fix build again 
seems if a cpu supports avx2 but not ssse3, the build will fail. but how
could that possible... :<
 2018-03-01 15:05:50 +08:00
Xinchen Hui
fd208e82dd Attempt to fix build reported fails in containers 2018-03-01 11:56:12 +08:00
Anatol Belski
1bdf7abbcb Fix possible int overflow on vars used in loop with size_t counter 2018-02-18 17:55:50 +01:00
Xinchen Hui
6de9c91ba6 Update author info 2018-02-12 21:01:12 +08:00
Xinchen Hui
cf0fae5e97 Optimized base64_encode/decode with SIMD instructions 2018-02-12 20:53:14 +08:00
Xinchen Hui
a6519d0514 year++ 2018-01-02 12:57:58 +08:00
Sara Golemon
3de82a0349
Provide zend_string wrappers for php_base64_(en|de)code 
Also pull existing php_base64_decode() proxy out to an inline.
Bump PHP_API_VERSION for ABI change.
 2017-07-16 17:01:20 -04:00
Sammy Kaye Powers
9e29f841ce Update copyright headers to 2017 2017-01-02 09:30:12 -06:00
Sara Golemon
54c13295a6 Use new param API in standard 2016-12-30 09:12:17 -08:00
Xinchen Hui
ce6ad9bdd9 Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0: (48 commits)
  Update NEWs
  Unused label
  Fixed bug #72853 (stream_set_blocking doesn't work)
  fix test
  Bug #72663 - part 3
  Bug #72663 - part 2
  Bug #72663 - part 1
  Update NEWS
  BLock test with memory leak
  fix tests
  Fix TSRM build
  Fix bug #72850 - integer overflow in uuencode
  Fixed bug #72849 - integer overflow in urlencode
  Fix bug #72848 - integer overflow in quoted_printable_encode caused heap corruption
  Fix bug #72838 - 	Integer overflow lead to heap corruption in sql_regcase
  Fix bug #72837 - integer overflow in bzdecompress caused heap corruption
  Fix bug #72836 - integer overflow in base64_decode caused heap corruption
  Fix for bug #72807 - do not produce strings with negative length
  Fix for bug #72790 and bug #72799
  Fix bug #72730 - imagegammacorrect allows arbitrary write access
  ...

Conflicts:
	ext/standard/var_unserializer.c
 2016-08-17 17:14:30 +08:00
Stanislav Malyshev
0d13325b66 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6: (24 commits)
  Update NEWS
  BLock test with memory leak
  fix tests
  Fix TSRM build
  Fix bug #72850 - integer overflow in uuencode
  Fixed bug #72849 - integer overflow in urlencode
  Fix bug #72848 - integer overflow in quoted_printable_encode caused heap corruption
  Fix bug #72838 - 	Integer overflow lead to heap corruption in sql_regcase
  Fix bug #72837 - integer overflow in bzdecompress caused heap corruption
  Fix bug #72836 - integer overflow in base64_decode caused heap corruption
  Fix for bug #72807 - do not produce strings with negative length
  Fix for bug #72790 and bug #72799
  Fix bug #72730 - imagegammacorrect allows arbitrary write access
  Fix bug#72697 - select_colors write out-of-bounds
  Fixed bug #72627: Memory Leakage In exif_process_IFD_in_TIFF
  Fix bug #72750: wddx_deserialize null dereference
  Fix bug #72771: ftps:// opendir wrapper is vulnerable to protocol downgrade attack
  Improve fix for #72663
  Fix bug #70436: Use After Free Vulnerability in unserialize()
  Fix bug #72749: wddx_deserialize allows illegal memory access
  ...

Conflicts:
	Zend/zend_API.h
	ext/bz2/bz2.c
	ext/curl/interface.c
	ext/ereg/ereg.c
	ext/exif/exif.c
	ext/gd/gd.c
	ext/gd/tests/imagetruecolortopalette_error3.phpt
	ext/gd/tests/imagetruecolortopalette_error4.phpt
	ext/session/session.c
	ext/snmp/snmp.c
	ext/standard/base64.c
	ext/standard/ftp_fopen_wrapper.c
	ext/standard/quot_print.c
	ext/standard/url.c
	ext/standard/uuencode.c
	ext/standard/var.c
	ext/standard/var_unserializer.c
	ext/standard/var_unserializer.re
	ext/wddx/tests/bug72790.phpt
	ext/wddx/tests/bug72799.phpt
	ext/wddx/wddx.c
	sapi/cli/generate_mime_type_map.php
 2016-08-17 00:43:33 -07:00
Stanislav Malyshev
40bd921cea Fix TSRM build 2016-08-16 22:55:43 -07:00
Stanislav Malyshev
d6a43a8562 Fix bug #72836 - integer overflow in base64_decode caused heap corruption 2016-08-16 22:55:41 -07:00
Nikita Popov
bb51da29dc Make base64_decode() in non-strict mode binary safe 2016-07-22 18:20:34 +02:00
Lauri Kenttä
316d5a19a6 base64_decode: Handle all invalid padding equally 2016-07-22 18:03:56 +02:00
Lauri Kenttä
5c62f3f68e base64_decode: strict: Fail on excessive padding 2016-07-22 18:03:56 +02:00
Lauri Kenttä
586a0761ff base64_decode: strict: Fail on truncated input 2016-07-22 18:03:56 +02:00
Lauri Kenttä
0981e5de3c base64_decode: Avoid code duplication in failures 2016-07-22 18:03:55 +02:00
Lauri Kenttä
3104759915 base64_decode: fix bug #72264 ('VV= =' shouldn't fail in strict mode) 2016-07-07 01:27:23 +02:00
Lauri Kenttä
0259459486 base64_decode: remove redundant code 
case 1 is already handled in the first lines of the for loop;
it would only be entered in the invalid case where the string
continues past the defined length (ch != 0 but length-- == 0).

case 2 and case 3 are redundant, since k >= j and later the
string is truncated to j characters anyway.
 2016-07-07 01:27:23 +02:00
Lauri Kenttä
c1ac081bf1 base64_decode: fix bug #72263 (skips char after padding) 2016-07-07 01:27:23 +02:00
Lauri Kenttä
b9c9be13cc base64_decode: fix bug #72152 (fail on NUL bytes in strict mode) 
This added check is actually for NOT failing in NON-strict mode.
The ch == -2 check later causes the desired failure in strict mode.
 2016-07-07 01:27:23 +02:00
Lauri Kenttä
ef6f163161 base64_decode: remove redundant check 
If length == 0 || *current != '=' is false, the for loop will always
end up in this same point, until the if statement becomes true.
Thus, the if statement is not needed.
 2016-07-07 01:27:23 +02:00
Lauri Kenttä
c65de8ac13 base64_decode: reorder to fix out of bounds read 2016-07-07 01:27:22 +02:00
Lauri Kenttä
3380acbdd4 base64_decode: fix bug #72264 ('VV= =' shouldn't fail in strict mode) 2016-07-05 16:51:36 +02:00
Lauri Kenttä
77e8c299ba base64_decode: remove redundant code 
case 1 is already handled in the first lines of the for loop;
it would only be entered in the invalid case where the string
continues past the defined length (ch != 0 but length-- == 0).

case 2 and case 3 are redundant, since k >= j and later the
string is truncated to j characters anyway.
 2016-07-05 16:51:36 +02:00
Lauri Kenttä
6d17ee744f base64_decode: fix bug #72263 (skips char after padding) 2016-07-05 16:51:36 +02:00
Lauri Kenttä
260c07db85 base64_decode: fix bug #72152 (fail on NUL bytes in strict mode) 
This added check is actually for NOT failing in NON-strict mode.
The ch == -2 check later causes the desired failure in strict mode.
 2016-07-05 16:51:36 +02:00
Lauri Kenttä
fbc74bb5f9 base64_decode: remove redundant check 
If length == 0 || *current != '=' is false, the for loop will always
end up in this same point, until the if statement becomes true.
Thus, the if statement is not needed.
 2016-07-05 16:51:36 +02:00
Lauri Kenttä
59d36bfcf2 base64_decode: reorder to fix out of bounds read 2016-07-05 16:51:36 +02:00
Lior Kaplan
ed35de784f Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Happy new year (Update copyright to 2016)
 2016-01-01 19:48:25 +02:00
Lior Kaplan
49493a2dcf Happy new year (Update copyright to 2016) 2016-01-01 19:21:47 +02:00
Dmitry Stogov
4a2e40bb86 Use ZSTR_ API to access zend_string elements (this is just renaming without semantick changes). 2015-06-30 04:05:24 +03:00
Xinchen Hui
fc33f52d8c bump year 2015-01-15 23:27:30 +08:00
Xinchen Hui
0579e8278d bump year 2015-01-15 23:26:37 +08:00
Anatol Belski
bdeb220f48 first shot remove TSRMLS_* things 2014-12-13 23:06:14 +01:00
Johannes Schlüter
d0cb715373 s/PHP 5/PHP 7/ 2014-09-19 18:33:14 +02:00
Anatol Belski
3fa5064173 remove useless check 2014-09-19 00:06:32 +02:00
Anatol Belski
3234480827 first show to make 's' work with size_t 2014-08-27 20:49:31 +02:00
Anatol Belski
4d997f63d9 master renames phase 3 2014-08-25 20:22:49 +02:00
Anatol Belski
c3e3c98ec6 master renames phase 1 2014-08-25 19:24:55 +02:00
Anatol Belski
b7e7a89541 several fixes - 
- param parsing Z_PARAM_STR vs Z_PARAM_STRING
- some functions for new params
- etc
 2014-08-16 12:55:13 +02:00
Xinchen Hui
93428dc6b9 Refactor base64 to returning zend_string 2014-02-24 18:48:22 +08:00
Dmitry Stogov
f4cfaf36e2 Use better data structures (incomplete) 2014-02-10 10:04:30 +04:00
Xinchen Hui
c081ce628f Bump year 2014-01-03 11:08:10 +08:00
Xinchen Hui
a666285bc2 Happy New Year 2013-01-01 16:37:09 +08:00
Nikita Popov
5b3f4d25ea Fix memory allocation checks for base64 encode 
base64_encode used safe_emalloc, but one of the arguments was derived from a
multiplication, thus making the allocation unsafe again.

There was a size check in place, but it was off by a factor of two as it
didn't account for the signedness of the integer type.

The unsafe allocation is not exploitable, but still causes funny behavior
when the sized overflows into a negative number.

To fix the issue the *4 factor is moved into the size argument (where it is
known to be safe), so safe_emalloc can carry out the multiplication.

The size check is removed as it doesn't really make sense once safe_emalloc
works correctly. (Would only cause base64_encode to silently return false
instead of throwing an error. Also could cause problems with other uses of
the base64 encoding API, which all don't check for a NULL return value.)

Furthermore the (length + 2) < 0 check is replaced with just length < 0.
Allowing lengths -2 and -1 doesn't make sense semantically and also is not
honored in the following code (negative length would access unallocated
memory.)

Actually the length < 0 check doesn't make sense altogether, but I left it
there just to be safe.
 2012-06-24 23:32:50 +02:00
Felipe Pena
e4ca0ed09f - Year++ 2012-01-01 13:15:04 +00:00