archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 05:58:45 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
php-src/ext/standard
History
Exact
Niels Dossche c8b36406c0
Fix GHSA-9fcc-425m-g385: bypass CVE-2024-1874 
The old code checked for suffixes but didn't take into account trailing
whitespace. Furthermore, there is peculiar behaviour with trailing dots
too. This all happens because of the special path-handling code inside
CreateProcessW.

By studying Wine's code, we can see that CreateProcessInternalW calls
get_file_name [1] in our case because we haven't provided an application
name. That code gets the first whitespace-delimited string into app_name
excluding the quotes. It's then passed to create_process_params [2]
where there is the path handling code that transforms the command line
argument to an image path [3]. Inside Wine, the extension check if
performed after these transformations [4]. By doing the same thing in
PHP we match the behaviour and can properly match the extension even in
the given edge cases.

[1] 166895ae3a/dlls/kernelbase/process.c (L542-L543)
[2] 166895ae3a/dlls/kernelbase/process.c (L565)
[3] 166895ae3a/dlls/kernelbase/process.c (L150-L151)
[4] 166895ae3a/dlls/kernelbase/process.c (L647-L654)
2024-06-05 00:42:24 -05:00
..
html_tables Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
tests Fix GHSA-9fcc-425m-g385: bypass CVE-2024-1874 2024-06-05 00:42:24 -05:00
array.c Fix exception handling in array_multisort() 2023-05-24 13:55:25 +02:00
assert.c Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
base64.c Fixed some spaces used instead of tabs 2021-06-29 11:30:26 +02:00
base64.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
basic_functions.c Initialize syslog device in GINIT 2023-11-16 14:31:44 +00:00
basic_functions.h Use zend_string for putenv key (#7379) 2021-08-17 12:29:04 +02:00
basic_functions.stub.php Fix GH-10292 1st param of mt_srand() has UNKNOWN default on PHP <8.3 2023-01-24 19:05:33 +01:00
basic_functions_arginfo.h Fix GH-10292 1st param of mt_srand() has UNKNOWN default on PHP <8.3 2023-01-24 19:05:33 +01:00
browscap.c Fix GH-12621: browscap segmentation fault when configured in the vhost 2023-11-22 20:39:28 -06:00
config.m4 Merge branch 'PHP-8.0' into PHP-8.1 2022-07-15 12:48:09 +01:00
config.w32 Merge branch 'PHP-7.4' into PHP-8.0 2020-10-26 11:06:10 +01:00
crc32.c Fix pointer constness warning in crc32 module on arm64 (#7225) 2021-07-09 15:29:36 +02:00
crc32.h phar: crc32: Extend and cleanup API for the new bulk crc32 functions 2021-07-03 21:03:47 +02:00
crc32_x86.c Zend/zend_cpuinfo, ext/standard/crc32_x86: fix -Wstrict-prototypes 2023-02-07 22:47:43 +00:00
crc32_x86.h X86: Fast CRC32 computation using PCLMULQDQ instruction 2020-09-02 15:10:41 +02:00
credits.c Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
credits.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
credits_ext.h Update CREDITS 2020-06-17 13:04:01 +00:00
credits_sapi.h Update CREDITS for PHP 7.2.30 2020-04-14 15:16:26 +00:00
crypt.c Merge branch 'PHP-8.0' into PHP-8.1 2023-02-12 21:33:39 -07:00
crypt_blowfish.c crypt: Fix validation of malformed BCrypt hashes 2023-02-12 20:46:44 -07:00
crypt_blowfish.h Clean house in cryptographic hashing code 2020-06-24 13:40:27 +02:00
crypt_freesec.c Clean house in cryptographic hashing code 2020-06-24 13:40:27 +02:00
crypt_freesec.h
crypt_sha256.c Merge branch 'PHP-8.0' into PHP-8.1 2022-07-01 05:34:05 +01:00
crypt_sha512.c Merge branch 'PHP-8.0' into PHP-8.1 2022-07-01 05:34:05 +01:00
css.c Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
css.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
datetime.c Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
datetime.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
dir.c Declare Directory properties 2021-08-19 10:39:23 +02:00
dir.stub.php Declare Directory properties 2021-08-19 10:39:23 +02:00
dir_arginfo.h Declare Directory properties 2021-08-19 10:39:23 +02:00
dl.c Fix GH-12215: Module entry being overwritten causes type errors in ext/dom (<= PHP 8.3) 2023-09-20 20:57:04 +02:00
dl.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
dl.stub.php Add stubs for some SAPIs 2020-05-14 13:35:12 +02:00
dl_arginfo.h Include stub hash in generated arginfo files 2020-06-24 09:55:19 +02:00
dns.c Fix GH-7748: gethostbyaddr outputs binary string 2021-12-10 17:38:36 +01:00
dns_win32.c Merge branch 'PHP-8.0' 2021-08-30 18:55:16 +02:00
exec.c Remove 'register' type qualifier (#6980) 2021-05-14 13:38:01 +01:00
exec.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
file.c Fix off-by-one bug when truncating tempnam prefix 2023-08-08 09:46:27 +01:00
file.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
filestat.c Merge branch 'PHP-8.0' into PHP-8.1 2022-03-04 16:07:54 +01:00
filters.c Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
flock_compat.c Merge branch 'PHP-8.0' 2021-07-06 12:03:55 +02:00
flock_compat.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
formatted_print.c Merge branch 'PHP-8.0' into PHP-8.1 2021-09-29 12:21:49 +02:00
fsock.c Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
fsock.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
ftok.c Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
ftp_fopen_wrapper.c Fix context option check for "overwrite" in FTP 2023-06-27 17:53:45 +02:00
head.c Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
head.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
hrtime.c Revert "hrtime implementation update for Mac" 2021-06-14 14:27:35 +02:00
hrtime.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
html.c Fix incorrect check in cs_8559_5 in map_from_unicode() 2023-01-25 00:08:28 +00:00
html.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
html_tables.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
http.c Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
http_fopen_wrapper.c Fix GH-11274: POST/PATCH request via file_get_contents + stream_context_create switches to GET after a HTTP 308 redirect 2023-05-19 23:37:20 +02:00
image.c Fix bug #75708: getimagesize with "&$imageinfo" fails on StreamWrappers 2023-10-22 13:26:18 +01:00
incomplete_class.c Fixed some spaces used instead of tabs 2021-06-29 11:30:26 +02:00
info.c fix: support for timeouts with ZTS on Linux (#10141) 2023-03-03 11:35:06 +01:00
info.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
iptc.c Fixed some spaces used instead of tabs 2021-06-29 11:30:26 +02:00
lcg.c Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
levenshtein.c Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
link.c Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
mail.c Fix GH-10990: mail() throws TypeError after iterating over $additional_headers array by reference 2023-04-01 19:44:43 +02:00
Makefile.frag Revert "Remove some unnecessary explicit header dependencies" 2021-03-16 14:22:25 +01:00
Makefile.frag.w32
math.c Prevent int overflow on $decimals in number_format 2023-07-21 13:50:18 +02:00
md5.c Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
md5.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
metaphone.c Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
microtime.c Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
mt_rand.c Fixed some spaces used instead of tabs 2021-06-29 11:30:26 +02:00
net.c Merge branch 'PHP-8.0' 2021-06-11 09:34:03 +02:00
pack.c Fix undefined behaviour in unpack() 2023-03-28 22:43:27 +02:00
pack.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
pageinfo.c Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
pageinfo.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
password.c Fix bug GHSA-q6x7-frmf-grcw: password_verify can erroneously return true 2024-04-09 23:38:32 -05:00
php_array.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
php_assert.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
php_browscap.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
php_crypt.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
php_crypt_r.c Merge branch 'PHP-8.0' into PHP-8.1 2022-09-29 20:40:33 +01:00
php_crypt_r.h fix php_init_crypt_r/php_shutdown_crypt_r signatures warning. 2022-09-29 20:40:16 +01:00
php_dir.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
php_dns.h Merge branch 'PHP-8.0' into PHP-8.1 2021-11-15 10:00:55 +01:00
php_ext_syslog.h Fix memory leak in standard syslog device handling 2023-11-09 13:29:09 +00:00
php_filestat.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
php_fopen_wrapper.c Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
php_fopen_wrappers.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
php_http.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
php_image.h AVIF support for getimagesize() and imagecreatefromstring() 2021-07-07 00:02:57 +02:00
php_incomplete_class.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
php_lcg.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
php_mail.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
php_math.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
php_mt_rand.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
php_net.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
php_password.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
php_rand.h Fix undefined behaviour in GENERATE_SEED() 2023-03-26 16:07:39 +02:00
php_random.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
php_smart_string.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
php_smart_string_public.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
php_standard.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
php_string.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
php_uuencode.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
php_var.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
php_versioning.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
proc_open.c Fix GHSA-9fcc-425m-g385: bypass CVE-2024-1874 2024-06-05 00:42:24 -05:00
proc_open.h Refactor proc_open() implementation (#7255) 2021-08-11 14:51:55 +02:00
quot_print.c Fixed some spaces used instead of tabs 2021-06-29 11:30:26 +02:00
quot_print.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
rand.c Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
random.c Merge branch 'PHP-8.0' into PHP-8.1 2022-07-15 12:48:09 +01:00
scanf.c Specify function pointer signature for scanf implementation 2021-05-12 18:58:44 +01:00
scanf.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
sha1.c Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
sha1.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
soundex.c Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
streamsfuncs.c Fix GH-11175 and GH-11177: Stream socket timeout undefined behaviour 2023-05-03 19:40:52 +02:00
streamsfuncs.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
string.c Fix param name in implode() error message 2023-08-24 21:05:26 +01:00
strnatcmp.c Fixed some spaces used instead of tabs 2021-06-29 11:30:26 +02:00
syslog.c Initialize syslog device in GINIT 2023-11-16 14:31:44 +00:00
type.c Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
uniqid.c Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
url.c Fix typos (#7327) 2021-08-01 18:03:30 +01:00
url.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
url_scanner_ex.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
url_scanner_ex.re Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
user_filters.c Merge branch 'PHP-8.0' into PHP-8.1 2021-10-07 11:46:49 +02:00
user_filters.stub.php Declare php_user_filter::$stream property 2021-08-20 14:50:25 +02:00
user_filters_arginfo.h Declare php_user_filter::$stream property 2021-08-20 14:50:25 +02:00
uuencode.c Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
var.c Fix serialization of RC1 objects appearing in object graph twice 2023-06-28 21:15:03 +02:00
var_unserializer.re Fix bug #81142 by adding zend_string_init_existing_interned() 2021-08-12 11:57:50 +02:00
versioning.c Fixed some spaces used instead of tabs 2021-06-29 11:30:26 +02:00
winver.h