archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-19 08:49:28 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
77348 commits 526 branches 1434 tags 878 MiB
Commit graph

130 commits

Author SHA1 Message Date
Stanislav Malyshev
6935058a98 Merge branch 'PHP-5.4.45' into PHP-5.5.29 
* PHP-5.4.45:
  add test
  Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
  Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
  Fix bug #70172 - Use After Free Vulnerability in unserialize()
  Fix bug #70388 - SOAP serialize_function_call() type confusion
  Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
  Improve fix for #70385
  Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
  Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)

Conflicts:
	ext/pcre/php_pcre.c
	ext/standard/var_unserializer.c
 2015-09-01 00:28:39 -07:00
Stanislav Malyshev
e8429400d4 Fix bug #70172 - Use After Free Vulnerability in unserialize() 2015-08-31 23:26:14 -07:00
Stanislav Malyshev
24dda816d0 Merge branch 'PHP-5.4.45' into PHP-5.5.29 
* PHP-5.4.45:
  Fix bug #70219 (Use after free vulnerability in session deserializer)
  Fix for bug #69782
  5.4.45 next

Conflicts:
	configure.in
	ext/standard/var_unserializer.c
	ext/standard/var_unserializer.re
	main/php_version.h
 2015-08-25 23:08:49 -07:00
Stanislav Malyshev
df4bf28f9f Fix bug #70219 (Use after free vulnerability in session deserializer) 2015-08-23 19:56:12 -07:00
Stanislav Malyshev
d5e523f52f Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fixed bug #68976 - Use After Free Vulnerability in unserialize()

Conflicts:
	ext/standard/var_unserializer.c
 2015-03-17 13:22:12 -07:00
Stanislav Malyshev
646572d6d3 Fixed bug #68976 - Use After Free Vulnerability in unserialize() 2015-03-17 13:20:22 -07:00
Xinchen Hui
caebb76131 Fixed bug #69139 (Crash in gc_zval_possible_root on unserialize) 2015-03-01 23:16:15 +08:00
Stanislav Malyshev
e2744c51b6 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  5.4.38 next
  Fix bug #68799: Free called on unitialized pointer
  Fix for bug #68710 (Use After Free Vulnerability in PHP's unserialize())

Conflicts:
	configure.in
	main/php_version.h
 2015-01-20 10:40:11 -08:00
Xinchen Hui
73c1be2653 Bump year 2015-01-15 23:26:03 +08:00
Stanislav Malyshev
b585a3aed7 Fix for bug #68710 (Use After Free Vulnerability in PHP's unserialize()) 2015-01-01 16:19:05 -08:00
Stanislav Malyshev
630f9c33c2 Fix bug #68594 - Use after free vulnerability in unserialize() 2014-12-16 10:15:17 -08:00
Anatol Belski
13f1c276ab Fixed bug #68545 NULL pointer dereference in unserialize.c 2014-12-11 10:39:37 -08:00
Stanislav Malyshev
56754a7f9e Fixed bug #68044: Integer overflow in unserialize() (32-bits only) 2014-10-13 23:14:25 -07:00
Stanislav Malyshev
c42d5cf5de Better fix for bug #67072 with more BC provisions 2014-06-21 21:29:11 -07:00
Lior Kaplan
6f3bcb0d6e Update copyright year for re2c generated files 2014-06-16 23:28:36 +03:00
Anatol Belski
20568e5028 Fixed regression introduced by patch for bug #67072 
This applies to 5.4 and 5.5 only as a legacy fix.
 2014-06-03 20:43:58 +02:00
Anatol Belski
c2acdbdd3d Improved the fix for bug #67072, thanks Nikita 2014-04-18 15:13:32 +02:00
Anatol Belski
5328d42899 Fixed bug #67072 Echoing unserialized "SplFileObject" crash 
The actual issue lays in the unserializer code which doesn't honor
the unserialize callback. By contrast, the serialize callback is
respected. This leads to the situation that even if a class has
disabled the serialization explicitly, user could still construct
a vulnerable string which would result bad things when trying
to unserialize.

This conserns also the classes implementing Serializable as well
as some core classes disabling serialize/unserialize callbacks
explicitly (PDO, SimpleXML, SplFileInfo and co). As of now, the
flow is first to call the unserialize callback (if available),
then call __wakeup. If the unserialize callback returns with no
success, no object is instantiated. This makes the scheme used
by internal classes effective, to disable unserialize just assign
zend_class_unserialize_deny as callback.
 2014-04-17 10:48:14 +02:00
Xinchen Hui
c0d060f5c0 Bump year 2014-01-03 11:04:26 +08:00
Michael Wallner
1ac4d8f2c6 fix bug #65481 (shutdown segfault due to serialize) 2013-08-20 00:05:11 +02:00
Xinchen Hui
f52b2e6a65 Fixed bug #64354 (Unserialize array of objects whose class can't be autoloaded fail) 
about the __sleep one, since php_serialize_* are all void function,
so,,only check exception at the very begining
 2013-03-09 23:00:58 +08:00
Xinchen Hui
86c1a26169 Merge fix of #62836 to ?.re, and regenerate ?.c 2013-01-21 11:35:22 +08:00
Xinchen Hui
0a7395e009 Happy New Year 2013-01-01 16:28:54 +08:00
Xinchen Hui
0b23da1c74 Fixed bug #62836 (Seg fault or broken object references on unserialize()) 2012-08-17 18:28:32 +08:00
Pierre Joye
ee772f60b1 - fix bug #60879, unserialize does not invoke __wakeup 2012-02-28 18:36:10 +00:00
Felipe Pena
4e19825281 - Year++ 2012-01-01 13:15:04 +00:00
Felipe Pena
6781229e88 - Make valgrind happy with session_decode_error2.phpt 2011-11-09 23:50:01 +00:00
Gustavo André dos Santos Lopes
ecfa660a82 - Fixed #55798: serialize followed by unserialize with numeric object prop. 
gives integer prop.
 2011-09-28 14:47:42 +00:00
Felipe Pena
0203cc3d44 - Year++ 2011-01-01 02:17:06 +00:00
Kalle Sommer Nielsen
208aa1025d Improved performance of unserialize(), original patch by galaxy dot mipt at gmail dot com 2010-09-18 16:09:28 +00:00
Felipe Pena
9adda6199b - Updated generated file 2010-08-06 22:23:39 +00:00
Stanislav Malyshev
de8022e905 fix SplObjectStorage unserialization (CVE-2010-2225) 2010-06-29 00:58:31 +00:00
Pierre Joye
06e7d5e9cb - Fix #51424, crypt() function hangs after 3rd call 2010-06-15 09:26:22 +00:00
Michael Wallner
89e93723fb Added support for object references in recursive serialize() calls. FR #36424 2010-05-26 07:24:37 +00:00
Pierre Joye
95fcd75af2 - [doc] add stream_set_read_buffer, equivalent of stream_set_write_buffer for read operations. Fixing possible bad effects while reading devices. full context support is under work. 2010-04-12 08:25:50 +00:00
Pierre Joye
15a3c450b7 - those are in 5.3.2 now, merge to 5.3.2 section is coming 2010-02-11 21:17:13 +00:00
Sebastian Bergmann
9ba1e81665 sed -i "s#1997-2009#1997-2010#g" **/*.c **/*.h **/*.php 2010-01-03 09:23:27 +00:00
Rasmus Lerdorf
5a2b41a627 Someone strap down Jani and give him a sedative please. 
This makes our toolchain work with the latest versions
of autoconf and avoids a lot of end-user grief.
 2009-11-25 01:30:06 +00:00
Rasmus Lerdorf
70c7e179de Fixed bug #44929 - Better handling of leading zeros 2009-04-08 18:10:46 +00:00
Felipe Pena
b117752f8b - MFH: Year++ 2009-03-17 23:07:40 +00:00
Matt Wilmas
927880b5cc MFH: Fixed bug #46882 (Serialize / Unserialize misbehaviour under OS with different bit numbers) 2009-03-17 22:04:10 +00:00
Marcus Boerger
7126de4912 - Next step in namespaces, using / as namespace separator. 2008-11-04 15:58:55 +00:00
Dmitry Stogov
78d28494ca Fixed bug #45706 (Unserialization of classes derived from ArrayIterator fails) 2008-08-29 14:59:20 +00:00
Matt Wilmas
88adc05748 Regenerate 2008-05-27 11:28:18 +00:00
Jani Taskinen
ee42eca5d8 - Generated with re2c 0.13.4 2008-04-08 12:17:04 +00:00
Felipe Pena
17c7463331 MFB: Fixed bug #43614 (incorrect processing of numerical string keys of array in arbitrary serialized data) 2008-03-19 03:05:35 +00:00
Dmitry Stogov
cb0991bb85 Fixed bug #42919 (Unserializing of namespaced class object fails) 2007-10-17 10:36:33 +00:00
Yiduo (David) Wang
4b4d634cb9 MFH: Added macros for managing zval refcounts and is_ref statuses 2007-10-07 05:22:07 +00:00
Nuno Lopes
e029a0ee59 fix a few compiler warnings (mostly use of unitialized values) 2007-09-29 11:18:42 +00:00
Jani Taskinen
c07aeab868 Touch generated file 2007-08-06 18:33:29 +00:00