iliaa Tue Sep 18 19:52:28 2007 UTC Modified files: /php-src/ext/xmlrpc xmlrpc-epi-php.c /php-src/ext/xmlrpc/libxmlrpc xmlrpc.c /php-src/ext/xmlrpc/tests bug42189.phpt Log: MFB: Fixed bug #42189 (xmlrpc_set_type() crashes php on invalid datetime values). http://cvs.php.net/viewvc.cgi/php-src/ext/xmlrpc/xmlrpc-epi-php.c?r1=1.50&r2=1.51&diff_format=u Index: php-src/ext/xmlrpc/xmlrpc-epi-php.c diff -u php-src/ext/xmlrpc/xmlrpc-epi-php.c:1.50 php-src/ext/xmlrpc/xmlrpc-epi-php.c:1.51 --- php-src/ext/xmlrpc/xmlrpc-epi-php.c:1.50 Thu Jul 12 10:04:42 2007 +++ php-src/ext/xmlrpc/xmlrpc-epi-php.c Tue Sep 18 19:52:27 2007 @@ -51,7 +51,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: xmlrpc-epi-php.c,v 1.50 2007/07/12 10:04:42 tony2001 Exp $ */ +/* $Id: xmlrpc-epi-php.c,v 1.51 2007/09/18 19:52:27 iliaa Exp $ */ /********************************************************************** * BUGS: * @@ -1313,8 +1313,12 @@ if(SUCCESS == zend_hash_update(Z_OBJPROP_P(value), OBJECT_TYPE_ATTR, sizeof(OBJECT_TYPE_ATTR), (void *) &type, sizeof(zval *), NULL)) { bSuccess = zend_hash_update(Z_OBJPROP_P(value), OBJECT_VALUE_TS_ATTR, sizeof(OBJECT_VALUE_TS_ATTR), (void *) &ztimestamp, sizeof(zval *), NULL); } + } else { + zval_ptr_dtor(&type); } XMLRPC_CleanupValue(v); + } else { + zval_ptr_dtor(&type); } } else { http://cvs.php.net/viewvc.cgi/php-src/ext/xmlrpc/libxmlrpc/xmlrpc.c?r1=1.11&r2=1.12&diff_format=u Index: php-src/ext/xmlrpc/libxmlrpc/xmlrpc.c diff -u php-src/ext/xmlrpc/libxmlrpc/xmlrpc.c:1.11 php-src/ext/xmlrpc/libxmlrpc/xmlrpc.c:1.12 --- php-src/ext/xmlrpc/libxmlrpc/xmlrpc.c:1.11 Thu Jun 7 09:07:12 2007 +++ php-src/ext/xmlrpc/libxmlrpc/xmlrpc.c Tue Sep 18 19:52:27 2007 @@ -31,7 +31,7 @@ */ -static const char rcsid[] = "#(@) $Id: xmlrpc.c,v 1.11 2007/06/07 09:07:12 tony2001 Exp $"; +static const char rcsid[] = "#(@) $Id: xmlrpc.c,v 1.12 2007/09/18 19:52:27 iliaa Exp $"; /****h* ABOUT/xmlrpc @@ -43,6 +43,11 @@ * 9/1999 - 10/2000 * HISTORY * $Log: xmlrpc.c,v $ + * Revision 1.12 2007/09/18 19:52:27 iliaa + * + * MFB: Fixed bug #42189 (xmlrpc_set_type() crashes php on invalid datetime + * values). + * * Revision 1.11 2007/06/07 09:07:12 tony2001 * php_localtime_r() checks * @@ -179,7 +184,7 @@ } p++; } - text = buf; + text = buf; } @@ -189,15 +194,19 @@ return -1; } +#define XMLRPC_IS_NUMBER(x) if (x < '0' || x > '9') return -1; + n = 1000; tm.tm_year = 0; for(i = 0; i < 4; i++) { + XMLRPC_IS_NUMBER(text[i]) tm.tm_year += (text[i]-'0')*n; n /= 10; } n = 10; tm.tm_mon = 0; for(i = 0; i < 2; i++) { + XMLRPC_IS_NUMBER(text[i]) tm.tm_mon += (text[i+4]-'0')*n; n /= 10; } @@ -206,6 +215,7 @@ n = 10; tm.tm_mday = 0; for(i = 0; i < 2; i++) { + XMLRPC_IS_NUMBER(text[i]) tm.tm_mday += (text[i+6]-'0')*n; n /= 10; } @@ -213,6 +223,7 @@ n = 10; tm.tm_hour = 0; for(i = 0; i < 2; i++) { + XMLRPC_IS_NUMBER(text[i]) tm.tm_hour += (text[i+9]-'0')*n; n /= 10; } @@ -220,6 +231,7 @@ n = 10; tm.tm_min = 0; for(i = 0; i < 2; i++) { + XMLRPC_IS_NUMBER(text[i]) tm.tm_min += (text[i+12]-'0')*n; n /= 10; } @@ -227,6 +239,7 @@ n = 10; tm.tm_sec = 0; for(i = 0; i < 2; i++) { + XMLRPC_IS_NUMBER(text[i]) tm.tm_sec += (text[i+15]-'0')*n; n /= 10; } http://cvs.php.net/viewvc.cgi/php-src/ext/xmlrpc/tests/bug42189.phpt?r1=1.1&r2=1.2&diff_format=u Index: php-src/ext/xmlrpc/tests/bug42189.phpt diff -u /dev/null php-src/ext/xmlrpc/tests/bug42189.phpt:1.2 --- /dev/null Tue Sep 18 19:52:28 2007 +++ php-src/ext/xmlrpc/tests/bug42189.phpt Tue Sep 18 19:52:27 2007 @@ -0,0 +1,15 @@ +--TEST-- +Bug #42189 (xmlrpc_get_type() crashes PHP on invalid dates) +--SKIPIF-- +<?php if (!extension_loaded("xmlrpc")) print "skip"; ?> +--FILE-- +<?php +$a = '~~~~~~~~~~~~~~~~~~'; +$ok = xmlrpc_set_type($a, 'datetime'); +var_dump($ok); + +echo "Done\n"; +?> +--EXPECT-- +bool(false) +Done
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php