iliaa Tue Sep 18 19:52:28 2007 UTC
Modified files:
/php-src/ext/xmlrpc xmlrpc-epi-php.c
/php-src/ext/xmlrpc/libxmlrpc xmlrpc.c
/php-src/ext/xmlrpc/tests bug42189.phpt
Log:
MFB: Fixed bug #42189 (xmlrpc_set_type() crashes php on invalid datetime
values).
http://cvs.php.net/viewvc.cgi/php-src/ext/xmlrpc/xmlrpc-epi-php.c?r1=1.50&r2=1.51&diff_format=u
Index: php-src/ext/xmlrpc/xmlrpc-epi-php.c
diff -u php-src/ext/xmlrpc/xmlrpc-epi-php.c:1.50
php-src/ext/xmlrpc/xmlrpc-epi-php.c:1.51
--- php-src/ext/xmlrpc/xmlrpc-epi-php.c:1.50 Thu Jul 12 10:04:42 2007
+++ php-src/ext/xmlrpc/xmlrpc-epi-php.c Tue Sep 18 19:52:27 2007
@@ -51,7 +51,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: xmlrpc-epi-php.c,v 1.50 2007/07/12 10:04:42 tony2001 Exp $ */
+/* $Id: xmlrpc-epi-php.c,v 1.51 2007/09/18 19:52:27 iliaa Exp $ */
/**********************************************************************
* BUGS: *
@@ -1313,8 +1313,12 @@
if(SUCCESS ==
zend_hash_update(Z_OBJPROP_P(value), OBJECT_TYPE_ATTR,
sizeof(OBJECT_TYPE_ATTR), (void *) &type, sizeof(zval *), NULL)) {
bSuccess =
zend_hash_update(Z_OBJPROP_P(value), OBJECT_VALUE_TS_ATTR,
sizeof(OBJECT_VALUE_TS_ATTR), (void *) &ztimestamp, sizeof(zval *), NULL);
}
+ } else {
+ zval_ptr_dtor(&type);
}
XMLRPC_CleanupValue(v);
+ } else {
+ zval_ptr_dtor(&type);
}
}
else {
http://cvs.php.net/viewvc.cgi/php-src/ext/xmlrpc/libxmlrpc/xmlrpc.c?r1=1.11&r2=1.12&diff_format=u
Index: php-src/ext/xmlrpc/libxmlrpc/xmlrpc.c
diff -u php-src/ext/xmlrpc/libxmlrpc/xmlrpc.c:1.11
php-src/ext/xmlrpc/libxmlrpc/xmlrpc.c:1.12
--- php-src/ext/xmlrpc/libxmlrpc/xmlrpc.c:1.11 Thu Jun 7 09:07:12 2007
+++ php-src/ext/xmlrpc/libxmlrpc/xmlrpc.c Tue Sep 18 19:52:27 2007
@@ -31,7 +31,7 @@
*/
-static const char rcsid[] = "#(@) $Id: xmlrpc.c,v 1.11 2007/06/07 09:07:12
tony2001 Exp $";
+static const char rcsid[] = "#(@) $Id: xmlrpc.c,v 1.12 2007/09/18 19:52:27
iliaa Exp $";
/****h* ABOUT/xmlrpc
@@ -43,6 +43,11 @@
* 9/1999 - 10/2000
* HISTORY
* $Log: xmlrpc.c,v $
+ * Revision 1.12 2007/09/18 19:52:27 iliaa
+ *
+ * MFB: Fixed bug #42189 (xmlrpc_set_type() crashes php on invalid datetime
+ * values).
+ *
* Revision 1.11 2007/06/07 09:07:12 tony2001
* php_localtime_r() checks
*
@@ -179,7 +184,7 @@
}
p++;
}
- text = buf;
+ text = buf;
}
@@ -189,15 +194,19 @@
return -1;
}
+#define XMLRPC_IS_NUMBER(x) if (x < '0' || x > '9') return -1;
+
n = 1000;
tm.tm_year = 0;
for(i = 0; i < 4; i++) {
+ XMLRPC_IS_NUMBER(text[i])
tm.tm_year += (text[i]-'0')*n;
n /= 10;
}
n = 10;
tm.tm_mon = 0;
for(i = 0; i < 2; i++) {
+ XMLRPC_IS_NUMBER(text[i])
tm.tm_mon += (text[i+4]-'0')*n;
n /= 10;
}
@@ -206,6 +215,7 @@
n = 10;
tm.tm_mday = 0;
for(i = 0; i < 2; i++) {
+ XMLRPC_IS_NUMBER(text[i])
tm.tm_mday += (text[i+6]-'0')*n;
n /= 10;
}
@@ -213,6 +223,7 @@
n = 10;
tm.tm_hour = 0;
for(i = 0; i < 2; i++) {
+ XMLRPC_IS_NUMBER(text[i])
tm.tm_hour += (text[i+9]-'0')*n;
n /= 10;
}
@@ -220,6 +231,7 @@
n = 10;
tm.tm_min = 0;
for(i = 0; i < 2; i++) {
+ XMLRPC_IS_NUMBER(text[i])
tm.tm_min += (text[i+12]-'0')*n;
n /= 10;
}
@@ -227,6 +239,7 @@
n = 10;
tm.tm_sec = 0;
for(i = 0; i < 2; i++) {
+ XMLRPC_IS_NUMBER(text[i])
tm.tm_sec += (text[i+15]-'0')*n;
n /= 10;
}
http://cvs.php.net/viewvc.cgi/php-src/ext/xmlrpc/tests/bug42189.phpt?r1=1.1&r2=1.2&diff_format=u
Index: php-src/ext/xmlrpc/tests/bug42189.phpt
diff -u /dev/null php-src/ext/xmlrpc/tests/bug42189.phpt:1.2
--- /dev/null Tue Sep 18 19:52:28 2007
+++ php-src/ext/xmlrpc/tests/bug42189.phpt Tue Sep 18 19:52:27 2007
@@ -0,0 +1,15 @@
+--TEST--
+Bug #42189 (xmlrpc_get_type() crashes PHP on invalid dates)
+--SKIPIF--
+<?php if (!extension_loaded("xmlrpc")) print "skip"; ?>
+--FILE--
+<?php
+$a = '~~~~~~~~~~~~~~~~~~';
+$ok = xmlrpc_set_type($a, 'datetime');
+var_dump($ok);
+
+echo "Done\n";
+?>
+--EXPECT--
+bool(false)
+Done
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
