archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 22:18:50 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
95777 commits 526 branches 1434 tags 867 MiB
Commit graph

526 commits

Author SHA1 Message Date
Sammy Kaye Powers
478f119ab9 Update copyright headers to 2017 2017-01-04 11:14:55 -06:00
Stanislav Malyshev
cd8c9b0614 Fix outlen for openssl function 
Even though datalen can't be over int, outlen can.
 2016-10-12 23:19:07 -07:00
Anatol Belski
b135ba3fa9 followup with #73276 merge 2016-10-12 16:03:35 +02:00
Stanislav Malyshev
7dc8b5e7ae Fix bug #73276 - crash in openssl_random_pseudo_bytes function 
(cherry picked from commit 85a22a0af0)
 2016-10-12 15:55:42 +02:00
Jakub Zelenka
a2f4c32eb1 Merge branch 'PHP-5.6' into PHP-7.0 2016-06-12 18:39:32 +01:00
Jakub Zelenka
0e2447cd11 Fix bug #71915 (openssl_random_pseudo_bytes is not fork-safe) 
Add time to the entropy before using RAND_bytes
 2016-06-12 18:14:21 +01:00
Jakub Zelenka
54310d95f9 Fix bug #72336 (openssl_pkey_new does not fail for invalid DSA params) 2016-06-12 18:14:21 +01:00
Jakub Zelenka
84dce33b04 Merge branch 'PHP-5.6' into PHP-7.0 2016-06-08 18:36:36 +01:00
Jakub Zelenka
05033c9ebd Fix bug #72140 (segfault after calling ERR_free_strings()) 2016-06-08 18:21:39 +01:00
Anatol Belski
5afba67bfe Re-fix #72165 
Reverted previous wrong patch, throw warning for numeric keys.
Numeric field names are not supported, see "distinguished name"
section here https://www.openssl.org/docs/manmaster/apps/req.html
 2016-05-06 09:30:41 +02:00
Anatol Belski
dd5479ea4c Revert "Fixed bug #72165 Null pointer dereference - openssl_csr_new" 
This reverts commit 7277c85765.
 2016-05-06 09:19:04 +02:00
Anatol Belski
7277c85765 Fixed bug #72165 Null pointer dereference - openssl_csr_new 2016-05-06 09:01:27 +02:00
Stanislav Malyshev
9afb29aa68 Remove TSRMLS_* from code, they are not used anymore 2016-02-17 22:44:05 -08:00
Nikita Popov
c9357f82d3 Format string fixes 
Conflicts:
	ext/pgsql/pgsql.c
 2016-02-14 14:45:53 +01:00
Stanislav Malyshev
c631f1ee2b Merge branch 'PHP-7.0.3' into PHP-7.0 
* PHP-7.0.3: (35 commits)
  fix tests
  update NEWS
  fix tests
  fix NEWS
  Update NEWS
  update NEWS
  Fixed bug #71475: openssl_seal() uninitialized memory usage
  Fixed bug #71488: Stack overflow when decompressing tar archives
  fix tests
  fix wrong gc sequence
  revert the API string as well
  update NEWS
  Revert "Fix #70720"
  sync NEWS
  reset ext/session to the state of 7.0.2
  update NEWS
  update NEWS
  add missing headers for SIZE_MAX
  backport the escapeshell* functions hardening branch
  add tests
  ...

Conflicts:
	configure.in
	ext/session/tests/bug69111.phpt
	main/php_version.h
 2016-02-01 20:45:49 -08:00
Stanislav Malyshev
33b1fbbb5c Fixed bug #71475: openssl_seal() uninitialized memory usage 2016-01-31 20:18:46 -08:00
Jakub Zelenka
67c1921e2b Merge branch 'PHP-5.6' into PHP-7.0 2016-01-25 17:19:18 +00:00
Jakub Zelenka
a63d0f55da Fix memory leak with not freeing OpenSSL errors 2016-01-25 16:50:16 +00:00
Jakub Zelenka
0ea63cb2a8 Fix small CS label issue in openssl.c 2016-01-04 16:52:52 +00:00
Dominic Luechinger
e4bdf51f0a Replaced whitespaces with tabs and fixed aligments 2016-01-04 16:46:32 +00:00
Lior Kaplan
ed35de784f Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Happy new year (Update copyright to 2016)
 2016-01-01 19:48:25 +02:00
Lior Kaplan
49493a2dcf Happy new year (Update copyright to 2016) 2016-01-01 19:21:47 +02:00
Jakub Zelenka
2ee99f8954 Check EVP_SealFinal return code 
This can be done since we no longer support OpenSSL 0.9.6
 2015-10-25 17:53:39 +00:00
Dmitry Stogov
ad4fa8f758 Fixed incorrect usage of HASH_OF() macro. Replaced HASH_OF() with more appropriate Z_ARRVAL_P() or Z_OBJPROP_P(). 2015-09-24 22:39:59 +03:00
Anatol Belski
ca89d9a797 expose openssl config path so it can be tested 2015-09-23 19:48:20 +02:00
Anatol Belski
15d43095d7 expose openssl config path so it can be tested 2015-09-23 14:17:03 +02:00
Jakub Zelenka
6a81363405 Require at least OpenSSL version 0.9.8 2015-09-20 13:01:15 +01:00
Jakub Zelenka
76783a26d2 Merge branch 'PHP-5.6' into PHP-7.0 2015-09-20 12:38:58 +01:00
Jakub Zelenka
dcd569aad6 Use tabs for arg info indent in openssl.c 2015-09-20 12:34:35 +01:00
Jakub Zelenka
e235cb65fb Fix request #70438: Add IV parameter for openssl_seal and openssl_open 2015-09-06 19:09:56 +01:00
Jakub Zelenka
473ccf47a5 Merge branch 'PHP-5.6' 2015-09-06 16:42:37 +01:00
Jakub Zelenka
d47029167d Fix bug #60632: openssl_seal fails with AES 2015-09-06 16:39:59 +01:00
Christoph M. Becker
28e82cc714 Merge branch 'PHP-5.6' 
* PHP-5.6:
  Fix #70395: Missing ARG_INFO for openssl_seal()
 2015-09-05 03:19:43 +02:00
Christoph M. Becker
43b26c7b21 Fix #70395: Missing ARG_INFO for openssl_seal() 
This patch adds the missing ARG_INFO for the optional 5th parameter $method.
 2015-09-05 03:08:02 +02:00
Jakub Zelenka
6b9f31ab74 Merge branch 'PHP-5.6' 2015-08-27 20:17:33 +01:00
Jakub Zelenka
ad028ebc11 Use new range checks in openssl ext 2015-08-26 19:55:29 +01:00
Jakub Zelenka
c39336d1d8 Fix bug #55259 (openssl extension does not get the DH parameters from DH key resource) 2015-08-25 20:26:11 +01:00
Jakub Zelenka
7ad1703413 Add overflow check for openssl_pkcs12_read 2015-08-20 19:29:54 +01:00
Jakub Zelenka
c3f0c87564 Add overflow checks for openssl_pkey_* functions 2015-08-19 20:10:14 +01:00
Jakub Zelenka
478ecc674b Move overflow checks in openssl_pbkdf2 2015-08-19 20:06:58 +01:00
Jakub Zelenka
6a201b3651 Use macros for openssl overflow checks 
It reduces code duplications
 2015-08-18 20:17:04 +01:00
Jakub Zelenka
618c327a56 Fix possible overflow in openssl_pbkdf2 
Especially key_length would lead to the crash if it overflowed
to the negative value.
 2015-08-18 19:46:59 +01:00
Jakub Zelenka
c4a98e876c Check and use correct signature_len type for EVP_VerifyFinal 2015-08-17 18:43:02 +01:00
Jakub Zelenka
f3abea9f91 Fix some int overflows in openssl 
There might be more. I just did a quick check for enc/dec, rand
and one BN call.
 2015-08-16 15:43:00 +01:00
Stanislav Malyshev
ed709d5aa0 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  update NEWS
  fix test
  update NEWS
  Fix bug #70019 - limit extracted files to given directory
  Do not do convert_to_* on unserialize, it messes up references
  Fix #69793 - limit what we accept when unserializing exception
  Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
  Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
  ignore signatures for packages too
  Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
  Fixed bug #69892
  Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
  Improved fix for Bug #69441
  Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
  Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
  Fix bug #70081: check types for SOAP variables

Conflicts:
	ext/soap/php_http.c
	ext/spl/spl_observer.c
 2015-08-04 15:29:13 -07:00
Stanislav Malyshev
69ed3969dd Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fix bug #70019 - limit extracted files to given directory
  Do not do convert_to_* on unserialize, it messes up references
  Fix #69793 - limit what we accept when unserializing exception
  Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
  Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
  ignore signatures for packages too
  Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
  Fixed bug #69892
  Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
  Improved fix for Bug #69441
  Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
  Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
  Fix bug #70081: check types for SOAP variables

Conflicts:
	.gitignore
	ext/date/php_date.c
	ext/spl/spl_array.c
	ext/spl/spl_observer.c
 2015-08-04 14:10:57 -07:00
Stanislav Malyshev
16023f3e3b Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes 2015-07-26 17:43:16 -07:00
Stanislav Malyshev
97047e7665 Merge branch 'PHP-5.6' 
* PHP-5.6:
  update NEWS
  fix test
  update NEWS
  Fix bug #70019 - limit extracted files to given directory
  Do not do convert_to_* on unserialize, it messes up references
  Fix #69793 - limit what we accept when unserializing exception
  Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
  Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
  ignore signatures for packages too
  Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
  Fixed bug #69892
  Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
  Improved fix for Bug #69441
  Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
  Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
  Fix bug #70081: check types for SOAP variables

Conflicts:
	Zend/zend_exceptions.c
	ext/date/php_date.c
	ext/openssl/openssl.c
	ext/phar/phar_internal.h
	ext/soap/php_http.c
	ext/spl/spl_array.c
	ext/spl/spl_dllist.c
	ext/spl/spl_observer.c
	ext/standard/tests/serialize/bug69152.phpt
	sapi/cli/tests/005.phpt
 2015-08-04 16:14:24 -07:00
Anatol Belski
b281211979 fix backport mistake 
in 5.6 it has to be explicitly copied to avoid double free
 2015-07-03 16:21:02 +02:00
Anatol Belski
d870683d6b backport c01943bffc into 5.6 2015-07-03 11:16:02 +02:00