[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/main/fopen_wrappers.c trunk/main/fopen_wrappers.c
pajoye Tue, 28 Sep 2010 13:29:33 + Revision: http://svn.php.net/viewvc?view=revisionrevision=303824 Log: - Fixed possible flaw in open_basedir (CVE-2010-3436) Changed paths: U php/php-src/branches/PHP_5_3/main/fopen_wrappers.c U php/php-src/trunk/main/fopen_wrappers.c Modified: php/php-src/branches/PHP_5_3/main/fopen_wrappers.c === --- php/php-src/branches/PHP_5_3/main/fopen_wrappers.c 2010-09-28 13:28:55 UTC (rev 303823) +++ php/php-src/branches/PHP_5_3/main/fopen_wrappers.c 2010-09-28 13:29:33 UTC (rev 303824) @@ -250,8 +250,13 @@ #else if (strncmp(resolved_basedir, resolved_name, resolved_basedir_len) == 0) { #endif - /* File is in the right directory */ - return 0; + if (resolved_name_len resolved_basedir_len + resolved_name[resolved_basedir_len] != PHP_DIR_SEPARATOR) { + return -1; + } else { + /* File is in the right directory */ + return 0; + } } else { /* /openbasedir/ and /openbasedir are the same directory */ if (resolved_basedir_len == (resolved_name_len + 1) resolved_basedir[resolved_basedir_len - 1] == PHP_DIR_SEPARATOR) { Modified: php/php-src/trunk/main/fopen_wrappers.c === --- php/php-src/trunk/main/fopen_wrappers.c 2010-09-28 13:28:55 UTC (rev 303823) +++ php/php-src/trunk/main/fopen_wrappers.c 2010-09-28 13:29:33 UTC (rev 303824) @@ -249,8 +249,13 @@ #else if (strncmp(resolved_basedir, resolved_name, resolved_basedir_len) == 0) { #endif - /* File is in the right directory */ - return 0; + if (resolved_name_len resolved_basedir_len + resolved_name[resolved_basedir_len] != PHP_DIR_SEPARATOR) { + return -1; + } else { + /* File is in the right directory */ + return 0; + } } else { /* /openbasedir/ and /openbasedir are the same directory */ if (resolved_basedir_len == (resolved_name_len + 1) resolved_basedir[resolved_basedir_len - 1] == PHP_DIR_SEPARATOR) { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_2/ NEWS
pajoye Tue, 28 Sep 2010 13:30:20 + Revision: http://svn.php.net/viewvc?view=revisionrevision=303825 Log: - Fixed possible flaw in open_basedir (CVE-2010-3436) Changed paths: U php/php-src/branches/PHP_5_2/NEWS Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-09-28 13:29:33 UTC (rev 303824) +++ php/php-src/branches/PHP_5_2/NEWS 2010-09-28 13:30:20 UTC (rev 303825) @@ -1,6 +1,7 @@ PHP NEWS ||| ?? ??? 2010, PHP 5.2.15 +- Fixed possible flaw in open_basedir (CVE-2010-3436). (Pierre) - Fixed possible crash in mssql_fetch_batch(). (Kalle) - Fixed bug #52772 (var_dump() doesn't check for the existence of -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_3/ NEWS
pajoye Tue, 28 Sep 2010 13:30:30 + Revision: http://svn.php.net/viewvc?view=revisionrevision=303826 Log: - Fixed possible flaw in open_basedir (CVE-2010-3436) Changed paths: U php/php-src/branches/PHP_5_3/NEWS Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2010-09-28 13:30:20 UTC (rev 303825) +++ php/php-src/branches/PHP_5_3/NEWS 2010-09-28 13:30:30 UTC (rev 303826) @@ -13,8 +13,9 @@ - Implemented symbolic links support for open_basedir checks. (Pierre) - Implemented FR #51804, SplFileInfo::getLinkTarget on Windows. (Pierre) +- Fixed possible flaw in open_basedir (CVE-2010-3436). (Pierre) +- Fixed MOPS-2010-24, fix string validation. (CVE-2010-2950). (Pierre) - Fixed symbolic resolution support when the target is a DFS share. (Pierre) -- Fixed MOPS-2010-24, fix string validation. (CVE-2010-2950). (Pierre) - Changed deprecated ini options on startup from E_WARNING to E_DEPRECATED. (Kalle) - Changed the $context parameter on copy() to actually have an effect. (Kalle) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/trunk/ext/pdo_dblib/ dblib_stmt.c
Will do. Thanks. On Sun, Sep 26, 2010 at 2:34 PM, Kalle Sommer Nielsen ka...@php.net wrote: Hi Stanley 2010/9/26 Stanley Sufficool ssuffic...@php.net: ssufficool Sun, 26 Sep 2010 20:16:25 + Revision: http://svn.php.net/viewvc?view=revisionrevision=303771 Log: Update getColumnMeta native types for SQL Server 2008 Changed paths: U php/php-src/trunk/ext/pdo_dblib/dblib_stmt.c Modified: php/php-src/trunk/ext/pdo_dblib/dblib_stmt.c === --- php/php-src/trunk/ext/pdo_dblib/dblib_stmt.c 2010-09-26 16:20:11 UTC (rev 303770) +++ php/php-src/trunk/ext/pdo_dblib/dblib_stmt.c 2010-09-26 20:16:25 UTC (rev 303771) @@ -35,60 +35,47 @@ /* {{{ pdo_dblib_get_field_name * + case 127: return bigint; + //case 240: return hierarchyid; + case 240: return geometry; + //case 240: return geography; + case 165: return varbinary; + case 167: return varchar; + case 173: return binary; + case 175: return char; + case 189: return timestamp; + //case 231: return sysname; Please use C multi line comments ( /* */ ) or #if 0 blocks for C90 compatiblity :) -- regards, Kalle Sommer Nielsen ka...@php.net -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/ext/mysqlnd/mysqlnd_ps.c branches/PHP_5_3/ext/mysqlnd/mysqlnd_structs.h trunk/ext/mysqlnd/mysqlnd_ps.c trunk/ext/mysqlnd/mysqlnd_structs.h
andrey Tue, 28 Sep 2010 14:36:18 + Revision: http://svn.php.net/viewvc?view=revisionrevision=303828 Log: add another hook, maybe the last one, for MYSQLND_STMT, which was missed before Changed paths: U php/php-src/branches/PHP_5_3/ext/mysqlnd/mysqlnd_ps.c U php/php-src/branches/PHP_5_3/ext/mysqlnd/mysqlnd_structs.h U php/php-src/trunk/ext/mysqlnd/mysqlnd_ps.c U php/php-src/trunk/ext/mysqlnd/mysqlnd_structs.h Modified: php/php-src/branches/PHP_5_3/ext/mysqlnd/mysqlnd_ps.c === --- php/php-src/branches/PHP_5_3/ext/mysqlnd/mysqlnd_ps.c 2010-09-28 14:35:37 UTC (rev 303827) +++ php/php-src/branches/PHP_5_3/ext/mysqlnd/mysqlnd_ps.c 2010-09-28 14:36:18 UTC (rev 303828) @@ -52,8 +52,6 @@ static void mysqlnd_stmt_separate_result_bind(MYSQLND_STMT * const stmt TSRMLS_DC); static void mysqlnd_stmt_separate_one_result_bind(MYSQLND_STMT * const stmt, unsigned int param_no TSRMLS_DC); -static void mysqlnd_internal_free_stmt_content(MYSQLND_STMT * const stmt TSRMLS_DC); - /* {{{ mysqlnd_stmt::store_result */ static MYSQLND_RES * MYSQLND_METHOD(mysqlnd_stmt, store_result)(MYSQLND_STMT * const s TSRMLS_DC) @@ -228,7 +226,7 @@ } /* Free space for next result */ - mysqlnd_internal_free_stmt_content(s TSRMLS_CC); + s-m-free_stmt_content(s TSRMLS_CC); DBG_RETURN(s-m-parse_execute_response(s TSRMLS_CC)); } @@ -2062,12 +2060,12 @@ /* }}} */ -/* {{{ mysqlnd_internal_free_stmt_content */ +/* {{{ mysqlnd_stmt::free_stmt_content */ static void -mysqlnd_internal_free_stmt_content(MYSQLND_STMT * const s TSRMLS_DC) +MYSQLND_METHOD(mysqlnd_stmt, free_stmt_content)(MYSQLND_STMT * const s TSRMLS_DC) { MYSQLND_STMT_DATA * stmt = s? s-data:NULL; - DBG_ENTER(mysqlnd_internal_free_stmt_content); + DBG_ENTER(mysqlnd_stmt::free_stmt_content); if (!stmt) { DBG_VOID_RETURN; } @@ -2186,7 +2184,7 @@ stmt-execute_cmd_buffer.buffer = NULL; } - mysqlnd_internal_free_stmt_content(s TSRMLS_CC); + s-m-free_stmt_content(s TSRMLS_CC); if (stmt-conn) { stmt-conn-m-free_reference(stmt-conn TSRMLS_CC); @@ -2324,7 +2322,8 @@ MYSQLND_METHOD(mysqlnd_stmt, free_result_bind), MYSQLND_METHOD(mysqlnd_stmt, server_status), mysqlnd_stmt_execute_generate_request, - mysqlnd_stmt_execute_parse_response + mysqlnd_stmt_execute_parse_response, + MYSQLND_METHOD(mysqlnd_stmt, free_stmt_content) MYSQLND_CLASS_METHODS_END; Modified: php/php-src/branches/PHP_5_3/ext/mysqlnd/mysqlnd_structs.h === --- php/php-src/branches/PHP_5_3/ext/mysqlnd/mysqlnd_structs.h 2010-09-28 14:35:37 UTC (rev 303827) +++ php/php-src/branches/PHP_5_3/ext/mysqlnd/mysqlnd_structs.h 2010-09-28 14:36:18 UTC (rev 303828) @@ -627,6 +627,7 @@ typedef unsigned int (*func_mysqlnd_stmt__server_status)(const MYSQLND_STMT * const stmt TSRMLS_DC); typedef enum_func_status (*func_mysqlnd_stmt__generate_execute_request)(MYSQLND_STMT * const s, zend_uchar ** request, size_t *request_len, zend_bool * free_buffer TSRMLS_DC); typedef enum_func_status (*func_mysqlnd_stmt__parse_execute_response)(MYSQLND_STMT * const s TSRMLS_DC); +typedef void (*func_mysqlnd_stmt__free_stmt_content)(MYSQLND_STMT * const s TSRMLS_DC); struct st_mysqlnd_stmt_methods { @@ -678,6 +679,8 @@ func_mysqlnd_stmt__generate_execute_request generate_execute_request; func_mysqlnd_stmt__parse_execute_response parse_execute_response; + + func_mysqlnd_stmt__free_stmt_content free_stmt_content; }; Modified: php/php-src/trunk/ext/mysqlnd/mysqlnd_ps.c === --- php/php-src/trunk/ext/mysqlnd/mysqlnd_ps.c 2010-09-28 14:35:37 UTC (rev 303827) +++ php/php-src/trunk/ext/mysqlnd/mysqlnd_ps.c 2010-09-28 14:36:18 UTC (rev 303828) @@ -52,8 +52,6 @@ static void mysqlnd_stmt_separate_result_bind(MYSQLND_STMT * const stmt TSRMLS_DC); static void mysqlnd_stmt_separate_one_result_bind(MYSQLND_STMT * const stmt, unsigned int param_no TSRMLS_DC); -static void mysqlnd_internal_free_stmt_content(MYSQLND_STMT * const stmt TSRMLS_DC); - /* {{{ mysqlnd_stmt::store_result */ static MYSQLND_RES * MYSQLND_METHOD(mysqlnd_stmt, store_result)(MYSQLND_STMT * const s TSRMLS_DC) @@ -228,7 +226,7 @@ } /* Free space for next result */ - mysqlnd_internal_free_stmt_content(s TSRMLS_CC); + s-m-free_stmt_content(s TSRMLS_CC); DBG_RETURN(s-m-parse_execute_response(s TSRMLS_CC)); } @@ -2062,12 +2060,12 @@ /* }}} */ -/* {{{ mysqlnd_internal_free_stmt_content */ +/* {{{ mysqlnd_stmt::free_stmt_content */ static void -mysqlnd_internal_free_stmt_content(MYSQLND_STMT * const s
[PHP-CVS] svn: /php/php-src/trunk/ext/pdo_dblib/ dblib_stmt.c
ssufficool Wed, 29 Sep 2010 00:55:43 + Revision: http://svn.php.net/viewvc?view=revisionrevision=303838 Log: Remove non C90 quotes Changed paths: U php/php-src/trunk/ext/pdo_dblib/dblib_stmt.c Modified: php/php-src/trunk/ext/pdo_dblib/dblib_stmt.c === --- php/php-src/trunk/ext/pdo_dblib/dblib_stmt.c2010-09-29 00:49:28 UTC (rev 303837) +++ php/php-src/trunk/ext/pdo_dblib/dblib_stmt.c2010-09-29 00:55:43 UTC (rev 303838) @@ -63,15 +63,12 @@ case 108: return numeric; case 122: return smallmoney; case 127: return bigint; - //case 240: return hierarchyid; case 240: return geometry; - //case 240: return geography; case 165: return varbinary; case 167: return varchar; case 173: return binary; case 175: return char; case 189: return timestamp; - //case 231: return sysname; case 231: return nvarchar; case 239: return nchar; case 241: return xml; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/ext/openssl/xp_ssl.c trunk/ext/openssl/xp_ssl.c
felipe Wed, 29 Sep 2010 01:25:35 + Revision: http://svn.php.net/viewvc?view=revisionrevision=303839 Log: - Fixed bug #52947 (segfault when ssl stream option capture_peer_cert_chain used) Bug: http://bugs.php.net/52947 (Open) segfault when ssl stream option capture_peer_cert_chain used Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/openssl/xp_ssl.c U php/php-src/trunk/ext/openssl/xp_ssl.c Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2010-09-29 00:55:43 UTC (rev 303838) +++ php/php-src/branches/PHP_5_3/NEWS 2010-09-29 01:25:35 UTC (rev 303839) @@ -22,6 +22,8 @@ - Fixed possible crash in mssql_fetch_batch(). (Kalle) - Fixed inconsistent backlog default value (-1) in FPM on many systems. (fat) +- Fixed bug #52947 (segfault when ssl stream option capture_peer_cert_chain + used). (Felipe) - Fixed bug #52931 (strripos not overloaded with function overloading enabled). (Felipe) - Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with Modified: php/php-src/branches/PHP_5_3/ext/openssl/xp_ssl.c === --- php/php-src/branches/PHP_5_3/ext/openssl/xp_ssl.c 2010-09-29 00:55:43 UTC (rev 303838) +++ php/php-src/branches/PHP_5_3/ext/openssl/xp_ssl.c 2010-09-29 01:25:35 UTC (rev 303839) @@ -502,7 +502,6 @@ zend_list_insert(mycert, php_openssl_get_x509_list_id())); add_next_index_zval(arr, zcert); - FREE_ZVAL(zcert); } } else { Modified: php/php-src/trunk/ext/openssl/xp_ssl.c === --- php/php-src/trunk/ext/openssl/xp_ssl.c 2010-09-29 00:55:43 UTC (rev 303838) +++ php/php-src/trunk/ext/openssl/xp_ssl.c 2010-09-29 01:25:35 UTC (rev 303839) @@ -502,7 +502,6 @@ zend_list_insert(mycert, php_openssl_get_x509_list_id() TSRMLS_CC)); add_next_index_zval(arr, zcert); - FREE_ZVAL(zcert); } } else { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php