archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 05:58:45 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
php-src/ext
History
Exact
Ahmed Lekssays 026ab919d0
Fix GHSA-453j-q27h-5p8x 
Libxml versions prior to 2.13 cannot correctly handle a call to
xmlNodeSetName() with a name longer than 2G. It will leave the node
object in an invalid state with a NULL name. This later causes a NULL
pointer dereference when using the name during message serialization.

To solve this, implement a workaround that resets the name to the
sentinel name if this situation arises.

Versions of libxml of 2.13 and higher are not affected.

This can be exploited if a SoapVar is created with a fully qualified
name that is longer than 2G. This would be possible if some application
code uses a namespace prefix from an untrusted source like from a remote
SOAP service.

Co-authored-by: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
2025-06-24 23:34:55 +02:00
..
bcmath Fixed GH-17398: bcmul memory leak (#17615) 2025-01-29 19:12:18 +09:00
bz2 Merge branch 'PHP-8.2' into PHP-8.3 2024-01-31 11:20:44 +01:00
calendar Merge branch 'PHP-8.2' into PHP-8.3 2024-11-17 12:27:26 +00:00
com_dotnet Merge branch 'PHP-8.2' into PHP-8.3 2024-11-29 16:30:01 +01:00
ctype Merge branch 'PHP-8.1' into PHP-8.2 2023-09-26 21:44:00 +02:00
curl Fix linking ext/curl against OpenSSL (#13262) 2025-06-06 13:51:21 +02:00
date Fix leaks with multiple calls to DatePeriod iterator current() 2025-05-26 19:40:41 +02:00
dba ext/dba/tests/gh16390.phpt: skip if inifile is disabled 2024-12-06 19:01:50 +01:00
dl_test Destroy temporary module classes in reverse order 2025-03-14 10:45:17 +01:00
dom Fix deprecation warning for libxml SAX header (#18594) 2025-05-19 19:10:27 +02:00
enchant Fix ext/enchant test SKIPIFs 2025-06-01 18:21:23 +02:00
exif Merge branch 'PHP-8.2' into PHP-8.3 2024-10-13 21:12:46 +02:00
ffi Fix FFI Parsing of Pointer Declaration Lists (#17794) 2025-02-17 10:27:11 +03:00
fileinfo Backport fix for GH-17687 2025-05-27 20:40:35 +02:00
filter Fix GH-18309: ipv6 filter integer overflow 2025-04-11 23:35:00 +02:00
ftp Fix GH-16800: ftp functions can abort with EINTR 2025-01-03 12:30:43 +01:00
gd Fixed GH-18243: imagettftext underflow/overflow on size argument. 2025-04-05 15:56:45 +01:00
gettext ext/gettext/config.m4: symlink en_US.UTF-8 test bits to en_US for musl 2024-12-19 18:26:35 +01:00
gmp Merge branch 'PHP-8.2' into PHP-8.3 2024-11-27 19:54:06 +00:00
hash Fix GH-14551: PGO build fails with xxhash 2025-06-12 19:26:28 +02:00
iconv Fix GH-17047: UAF on iconv filter failure 2024-12-06 17:43:38 +01:00
imap Merge branch 'PHP-8.1' into PHP-8.2 2025-03-06 15:24:35 +01:00
intl Fix memory leak in lookup_loc_range() 2025-06-01 11:38:24 +02:00
json Fix tests: Prevent stack overflow during dtor 2024-10-24 15:56:25 +02:00
ldap ext/ldap: simplify ldap_connect() workflow, fix url leak. 2025-05-25 12:53:28 +01:00
libxml ext/libxml: Fixed custom external entity loader returning an invalid resource leading to a confusing TypeError message 2025-04-07 12:58:52 +01:00
mbstring Fix GH-17989: mb_output_handler crash with unset http_output_conv_mimetypes 2025-03-09 11:16:33 +01:00
mysqli Merge branch 'PHP-8.2' into PHP-8.3 2025-03-13 16:47:20 +01:00
mysqlnd Merge branch 'PHP-8.2' into PHP-8.3 2024-11-20 11:12:19 +01:00
oci8 Merge branch 'PHP-8.1' into PHP-8.2 2025-03-06 15:24:35 +01:00
odbc Fix memory leak on php_odbc_fetch_hash() failure 2025-06-09 11:24:13 +02:00
opcache Fix GH-18743: Incompatibility in Inline TLS Assembly on Alpine 3.22 2025-06-09 11:39:34 +02:00
openssl Skip OpenSSL proxy test for bug #74796 on Windows 2025-06-05 16:18:06 +02:00
pcntl ext/pcntl: Fix memory leak in cleanup code of pcntl_exec() 2024-12-15 22:13:27 +00:00
pcre Relax test expectation for pcre2lib 10.45 Using e92848789a 2025-03-13 07:46:18 +01:00
pdo Backport fix for GH-17687 2025-05-27 20:40:35 +02:00
pdo_dblib Merge branch 'PHP-8.2' into PHP-8.3 2024-11-20 11:12:19 +01:00
pdo_firebird Fixed GH-18276 - persistent connection - "zend_mm_heap corrupted" with setAttribute() (#18280) 2025-04-15 09:01:40 +09:00
pdo_mysql Merge branch 'PHP-8.2' into PHP-8.3 2024-05-21 12:21:46 +01:00
pdo_oci Fix GH-18494: PDO OCI segfault in statement GC 2025-05-05 19:30:23 +02:00
pdo_odbc pdo_odbc: Fix memory leak if WideCharToMultiByte() fails 2025-06-09 11:24:48 +02:00
pdo_pgsql Fix GHSA-hrwm-9436-5mv3: pgsql escaping no error checks 2025-06-23 23:32:30 +02:00
pdo_sqlite Fix memory leak when destroying PDORow 2025-03-20 23:13:42 +01:00
pgsql Fix GHSA-hrwm-9436-5mv3: pgsql escaping no error checks 2025-06-23 23:32:30 +02:00
phar Fix GH-18642: Signed integer overflow in ext/phar fseek 2025-05-28 18:53:55 +02:00
posix Fix FD getting code on big endian (#17259) 2024-12-30 12:40:32 -04:00
pspell Add ASAN XLEAK support 2023-04-03 08:02:19 +02:00
random Fix test failures in engine_unsafe_empty_string.phpt (#18727) 2025-06-01 15:45:36 +02:00
readline Fix memory leak when calloc() fails in php_readline_completion_cb() 2025-05-24 20:39:14 +02:00
reflection Reflection: show the type of object constants used as default properties 2025-02-21 09:32:10 +01:00
session ext/session: Fix GH-17541 (ext/session NULL pointer dereferencement during ID reset) 2025-01-24 14:04:58 +00:00
shmop Merge branch 'PHP-8.2' into PHP-8.3 2024-06-28 20:14:20 +02:00
simplexml Fix GH-18304: Changing the properties of a DateInterval through dynamic properties triggers a SegFault 2025-04-11 23:33:58 +02:00
skeleton
snmp Fix GH-18304: Changing the properties of a DateInterval through dynamic properties triggers a SegFault 2025-04-11 23:33:58 +02:00
soap Fix GHSA-453j-q27h-5p8x 2025-06-24 23:34:55 +02:00
sockets Fix GH-18617: socket_import_file_descriptor return check. 2025-05-22 20:46:18 +01:00
sodium Merge branch 'PHP-8.2' into PHP-8.3 2024-05-23 22:40:54 +02:00
spl Fix GH-18421: Integer overflow with large numbers in LimitIterator 2025-04-25 20:05:55 +02:00
sqlite3 Fix cycle leak in sqlite3 setAuthorizer() 2025-02-23 16:34:41 +01:00
standard Fix GHSA-3cr5-j632-f35r: Null byte in hostnames 2025-06-23 23:06:22 +02:00
sysvmsg Merge branch 'PHP-8.2' into PHP-8.3 2024-11-03 13:39:41 +00:00
sysvsem
sysvshm Merge branch 'PHP-8.2' into PHP-8.3 2024-10-26 15:07:57 +02:00
tidy ext/tidy: anticipate tidyOptIsReadOnly retirement. 2025-06-04 20:32:21 +01:00
tokenizer Fix GH-8329 Print true/false instead of bool in error and debug messages (#8385) 2023-01-23 10:52:14 +01:00
xml Revert "Port XML_GetCurrentByteIndex to public APIs" 2025-04-23 22:07:26 +02:00
xmlreader Fix GH-18304: Changing the properties of a DateInterval through dynamic properties triggers a SegFault 2025-04-11 23:33:58 +02:00
xmlwriter Backport 4fe82131: Backport libxml2 2.13.2 fixes (#14816) 2024-10-12 15:12:40 +02:00
xsl Backport e2d97314: Backport deprecation warning ignores to unbreak CI 2024-10-12 15:12:40 +02:00
zend_test Do not delete main chunk in zend_gc 2025-06-09 11:23:29 +02:00
zip Fix GH-18438: Handling of empty data and errors in ZipArchive::addPattern 2025-04-27 11:30:57 +02:00
zlib Fix zlib support for large files 2025-02-14 23:09:57 +01:00
ext_skel.php