archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-18 15:08:55 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
83560 commits 526 branches 1434 tags 877 MiB
Commit graph

168 commits

Author SHA1 Message Date
Stanislav Malyshev
7dde353ee7 Merge branch 'PHP-5.5' into PHP-5.6.23 
* PHP-5.5:
  Fixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
  update NEWS
  fix tests
  fix build
  Fix bug #72455:  Heap Overflow due to integer overflows
  Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
  Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize
  Fix bug #72407: NULL Pointer Dereference at _gdScaleVert
  Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free
  Fix bug #72298	pass2_no_dither out-of-bounds access
  Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow
  Fix bug #72262 - do not overflow int
  Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
  Fix bug #72275: don't allow smart_str to overflow int
  Fix bug #72340: Double Free Courruption in wddx_deserialize
  update NEWS
  Fix #66387: Stack overflow with imagefilltoborder
  Skip test which is 64bits only
  5.5.37 now

Conflicts:
	configure.in
	ext/mcrypt/mcrypt.c
	ext/spl/spl_directory.c
	main/php_version.h
 2016-06-21 00:01:48 -07:00
Stanislav Malyshev
6c5211a0ce Fix bug #72455: Heap Overflow due to integer overflows 2016-06-20 21:51:42 -07:00
Lior Kaplan
49493a2dcf Happy new year (Update copyright to 2016) 2016-01-01 19:21:47 +02:00
Nikita Popov
fe1933aae2 Fixed bug #70625 2015-10-03 10:12:11 +02:00
Anatol Belski
80bc2133cd fix bug #69833 mcrypt fd caching not working 2015-08-11 16:49:28 +02:00
Anatol Belski
4fe938b0a9 remove duplicated declaration, fix build 2015-05-21 10:56:14 +02:00
Julien Pauli
c09fad97d6 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Close fd at the end, otherwise people complain
  Add file descriptor caching to mcrypt_create_iv()
 2015-05-13 14:19:04 +02:00
Leigh
f7952b90ca Close fd at the end, otherwise people complain 
Even though it's closed when the process terminates!
 2015-05-13 14:18:32 +02:00
Leigh
c02c4aca00 Add file descriptor caching to mcrypt_create_iv() 
This improves performance for applications that make repeated calls to
mcrypt_create_iv()
 2015-05-13 14:18:32 +02:00
Xinchen Hui
0579e8278d bump year 2015-01-15 23:26:37 +08:00
Xinchen Hui
73c1be2653 Bump year 2015-01-15 23:26:03 +08:00
Dmitry Stogov
278c38165c Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Fixed possible read after end of buffer and use after free.
 2014-12-08 12:24:16 +03:00
Dmitry Stogov
e6ad29ae96 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fixed possible read after end of buffer and use after free.
 2014-12-08 12:20:01 +03:00
Dmitry Stogov
dd791cd717 Fixed possible read after end of buffer and use after free. 2014-12-08 12:18:27 +03:00
Nikita Popov
fd5fbba98c Use /dev/urandom as the default mcrypt_create_iv() source 
Also fixes the ARGINFO for mcrypt_create_iv() and adds missing
UPGRADING entries.
 2014-03-11 14:06:13 +01:00
Nikita Popov
d8ed84e4c4 Use zpp for accepting encryption mode string 
Leaving the non-zpp usage for the mcrypt_{MODE} functions, as
they're deprecated and I'm too lazy to update all their tests.
 2014-03-05 15:32:32 +01:00
Nikita Popov
eb0eac75ef Remove a number of macros that are no longer used 2014-03-05 15:32:32 +01:00
Nikita Popov
e5738d3bc9 Provide expected IV length in IV error messages 2014-03-05 15:32:32 +01:00
Nikita Popov
b9737aa08e Call mcrypt_module_close on error 2014-03-05 15:32:32 +01:00
Nikita Popov
e4876ecbfb Print supported key sizes in error message 2014-03-05 15:32:32 +01:00
Nikita Popov
32333abe3e Clean up do_crypt code 
Avoid unnecessary alloc/copy/free cycles and clean up structure in
general. Add a few extra checks for the key length.
 2014-03-05 15:32:32 +01:00
Nikita Popov
a861a3a93d Abort on invalid key size 
Previously an incorrectly sized key was either silently padded
with NUL bytes or truncated. Especially the silent nature of this
behavior makes it extremely easy to use weak encryption. A common
mistake - which has also been extensively made in our tests - is
to use a password instead of a key.

Incorrectly sized keys will now be rejected.
 2014-03-05 15:32:32 +01:00
Nikita Popov
25d801f97e Abort on missing IV if the enc_mode requires it 
Previously the code fell back on using a NUL IV if no IV was
passed and the encryption mode required it. This is dangerous and
makes no sense from a practical point of view (as you could just
as well use ECB then).
 2014-03-05 15:32:31 +01:00
Nikita Popov
c4b7cdb41e Abort on invalid IV size 
Previously, if the size of the IV did not match the block size
mcrypt would throw a warning and fall back to a NUL IV. This
behavior is both dangerous and makes no practical sense.

mcrypt_encrypt etc. will now return false if the IV has an incorrect
size.
 2014-03-05 15:32:31 +01:00
Xinchen Hui
c081ce628f Bump year 2014-01-03 11:08:10 +08:00
Xinchen Hui
47c9027772 Bump year 2014-01-03 11:06:16 +08:00
Xinchen Hui
c0d060f5c0 Bump year 2014-01-03 11:04:26 +08:00
Xinchen Hui
a666285bc2 Happy New Year 2013-01-01 16:37:09 +08:00
Xinchen Hui
0a7395e009 Happy New Year 2013-01-01 16:28:54 +08:00
Sherif Ramadan
7014a0eb6d Fixed Mcrypt deprecated functions and related tests 2012-08-16 10:21:22 -04:00
Sherif Ramadan
29a0efccef Fixes mcrypt_ecb not issuing an E_DEPRECATED level notice, despite having been deprecated for some time. Please reference bug #62374 as well. 2012-07-21 19:38:03 -04:00
Felipe Pena
8775a37559 - Year++ 2012-01-01 13:15:04 +00:00
Felipe Pena
4e19825281 - Year++ 2012-01-01 13:15:04 +00:00
Felipe Pena
4b30846b50 - Make usage of new PHP_FE_END macro 2011-07-25 11:35:02 +00:00
Felipe Pena
da376383e8 - Make usage of new PHP_FE_END macro 2011-07-25 11:35:02 +00:00
Pierre Joye
9805e1674a - remove magic quotes support, functions are kept (see the NEWS entry for the details) for BC reasons but do not allow to set enable MQ 2011-07-22 11:25:30 +00:00
Pierre Joye
b8dd53b713 - use warning here to match unix behavior 2011-07-10 14:19:51 +00:00
Pierre Joye
8a18b29d23 - use warning here to match unix behavior 2011-07-10 14:19:51 +00:00
Felipe Pena
0203cc3d44 - Year++ 2011-01-01 02:17:06 +00:00
Pierre Joye
cdaa87f57e - use new function to get random bytes 2010-06-08 18:27:23 +00:00
Pierre Joye
b03678348c - fix leak on error in mcrypt_create_iv on windows 2010-06-02 15:27:38 +00:00
Pierre Joye
8296e705bf - WS 2010-06-02 10:07:26 +00:00
Stanislav Malyshev
932e276c0b add filters to mcrypt 
# trunk will follow soon
 2010-01-15 21:02:20 +00:00
Sebastian Bergmann
9ba1e81665 sed -i "s#1997-2009#1997-2010#g" **/*.c **/*.h **/*.php 2010-01-03 09:23:27 +00:00
Sriram Natarajan
0f57b15e23 - Fixed bug #49738 (calling mcrypt after mcrypt_generic_deinit crashes). 2009-10-02 00:13:53 +00:00
Matt Wilmas
1fa3b21c15 MFH: Fixed error message grammar: 
- "cannot" instead of "can not" (meaning "also can")
 - "than" instead of "then" (Hint: "then" should hardly be needed;
     you're not telling the order in which to do something)

... plus removed a couple ending. dots
 2009-06-06 02:40:49 +00:00
Kalle Sommer Nielsen
6068ce7469 MFH: Fixed compiler warning 2009-05-19 17:47:06 +00:00
Sebastian Bergmann
08659c2dcd MFH: Bump copyright year, 3 of 3. 2008-12-31 11:15:49 +00:00
Felipe Pena
fc2fb50d09 - MFH: Added 'static' into ZEND_BEGIN_ARG_INFO_EX macro 2008-11-17 11:28:01 +00:00
Felipe Pena
7a37fa2d6b - Revert ZEND_BEGIN_ARG_INFO change 2008-11-02 21:19:39 +00:00