[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/main/fopen_wrappers.c trunk/main/fopen_wrappers.c
pajoye Tue, 28 Sep 2010 13:29:33 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=303824
Log:
- Fixed possible flaw in open_basedir (CVE-2010-3436)
Changed paths:
U php/php-src/branches/PHP_5_3/main/fopen_wrappers.c
U php/php-src/trunk/main/fopen_wrappers.c
Modified: php/php-src/branches/PHP_5_3/main/fopen_wrappers.c
===
--- php/php-src/branches/PHP_5_3/main/fopen_wrappers.c 2010-09-28 13:28:55 UTC
(rev 303823)
+++ php/php-src/branches/PHP_5_3/main/fopen_wrappers.c 2010-09-28 13:29:33 UTC
(rev 303824)
@@ -250,8 +250,13 @@
#else
if (strncmp(resolved_basedir, resolved_name,
resolved_basedir_len) == 0) {
#endif
- /* File is in the right directory */
- return 0;
+ if (resolved_name_len resolved_basedir_len
+ resolved_name[resolved_basedir_len] !=
PHP_DIR_SEPARATOR) {
+ return -1;
+ } else {
+ /* File is in the right directory */
+ return 0;
+ }
} else {
/* /openbasedir/ and /openbasedir are the same
directory */
if (resolved_basedir_len == (resolved_name_len + 1)
resolved_basedir[resolved_basedir_len - 1] == PHP_DIR_SEPARATOR) {
Modified: php/php-src/trunk/main/fopen_wrappers.c
===
--- php/php-src/trunk/main/fopen_wrappers.c 2010-09-28 13:28:55 UTC (rev
303823)
+++ php/php-src/trunk/main/fopen_wrappers.c 2010-09-28 13:29:33 UTC (rev
303824)
@@ -249,8 +249,13 @@
#else
if (strncmp(resolved_basedir, resolved_name,
resolved_basedir_len) == 0) {
#endif
- /* File is in the right directory */
- return 0;
+ if (resolved_name_len resolved_basedir_len
+ resolved_name[resolved_basedir_len] !=
PHP_DIR_SEPARATOR) {
+ return -1;
+ } else {
+ /* File is in the right directory */
+ return 0;
+ }
} else {
/* /openbasedir/ and /openbasedir are the same
directory */
if (resolved_basedir_len == (resolved_name_len + 1)
resolved_basedir[resolved_basedir_len - 1] == PHP_DIR_SEPARATOR) {
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_2/ NEWS
pajoye Tue, 28 Sep 2010 13:30:20 + Revision: http://svn.php.net/viewvc?view=revisionrevision=303825 Log: - Fixed possible flaw in open_basedir (CVE-2010-3436) Changed paths: U php/php-src/branches/PHP_5_2/NEWS Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-09-28 13:29:33 UTC (rev 303824) +++ php/php-src/branches/PHP_5_2/NEWS 2010-09-28 13:30:20 UTC (rev 303825) @@ -1,6 +1,7 @@ PHP NEWS ||| ?? ??? 2010, PHP 5.2.15 +- Fixed possible flaw in open_basedir (CVE-2010-3436). (Pierre) - Fixed possible crash in mssql_fetch_batch(). (Kalle) - Fixed bug #52772 (var_dump() doesn't check for the existence of -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_3/ NEWS
pajoye Tue, 28 Sep 2010 13:30:30 + Revision: http://svn.php.net/viewvc?view=revisionrevision=303826 Log: - Fixed possible flaw in open_basedir (CVE-2010-3436) Changed paths: U php/php-src/branches/PHP_5_3/NEWS Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2010-09-28 13:30:20 UTC (rev 303825) +++ php/php-src/branches/PHP_5_3/NEWS 2010-09-28 13:30:30 UTC (rev 303826) @@ -13,8 +13,9 @@ - Implemented symbolic links support for open_basedir checks. (Pierre) - Implemented FR #51804, SplFileInfo::getLinkTarget on Windows. (Pierre) +- Fixed possible flaw in open_basedir (CVE-2010-3436). (Pierre) +- Fixed MOPS-2010-24, fix string validation. (CVE-2010-2950). (Pierre) - Fixed symbolic resolution support when the target is a DFS share. (Pierre) -- Fixed MOPS-2010-24, fix string validation. (CVE-2010-2950). (Pierre) - Changed deprecated ini options on startup from E_WARNING to E_DEPRECATED. (Kalle) - Changed the $context parameter on copy() to actually have an effect. (Kalle) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/trunk/ext/pdo_dblib/ dblib_stmt.c
Will do. Thanks.
On Sun, Sep 26, 2010 at 2:34 PM, Kalle Sommer Nielsen ka...@php.net wrote:
Hi Stanley
2010/9/26 Stanley Sufficool ssuffic...@php.net:
ssufficool Sun, 26 Sep 2010 20:16:25 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=303771
Log:
Update getColumnMeta native types for SQL Server 2008
Changed paths:
U php/php-src/trunk/ext/pdo_dblib/dblib_stmt.c
Modified: php/php-src/trunk/ext/pdo_dblib/dblib_stmt.c
===
--- php/php-src/trunk/ext/pdo_dblib/dblib_stmt.c 2010-09-26 16:20:11
UTC (rev 303770)
+++ php/php-src/trunk/ext/pdo_dblib/dblib_stmt.c 2010-09-26 20:16:25
UTC (rev 303771)
@@ -35,60 +35,47 @@
/* {{{ pdo_dblib_get_field_name
*
+ case 127: return bigint;
+ //case 240: return hierarchyid;
+ case 240: return geometry;
+ //case 240: return geography;
+ case 165: return varbinary;
+ case 167: return varchar;
+ case 173: return binary;
+ case 175: return char;
+ case 189: return timestamp;
+ //case 231: return sysname;
Please use C multi line comments ( /* */ ) or #if 0 blocks for C90
compatiblity :)
--
regards,
Kalle Sommer Nielsen
ka...@php.net
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/ext/mysqlnd/mysqlnd_ps.c branches/PHP_5_3/ext/mysqlnd/mysqlnd_structs.h trunk/ext/mysqlnd/mysqlnd_ps.c trunk/ext/mysqlnd/mysqlnd_structs.h
andrey Tue, 28 Sep 2010 14:36:18 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=303828
Log:
add another hook, maybe the last one, for MYSQLND_STMT, which
was missed before
Changed paths:
U php/php-src/branches/PHP_5_3/ext/mysqlnd/mysqlnd_ps.c
U php/php-src/branches/PHP_5_3/ext/mysqlnd/mysqlnd_structs.h
U php/php-src/trunk/ext/mysqlnd/mysqlnd_ps.c
U php/php-src/trunk/ext/mysqlnd/mysqlnd_structs.h
Modified: php/php-src/branches/PHP_5_3/ext/mysqlnd/mysqlnd_ps.c
===
--- php/php-src/branches/PHP_5_3/ext/mysqlnd/mysqlnd_ps.c 2010-09-28
14:35:37 UTC (rev 303827)
+++ php/php-src/branches/PHP_5_3/ext/mysqlnd/mysqlnd_ps.c 2010-09-28
14:36:18 UTC (rev 303828)
@@ -52,8 +52,6 @@
static void mysqlnd_stmt_separate_result_bind(MYSQLND_STMT * const stmt
TSRMLS_DC);
static void mysqlnd_stmt_separate_one_result_bind(MYSQLND_STMT * const stmt,
unsigned int param_no TSRMLS_DC);
-static void mysqlnd_internal_free_stmt_content(MYSQLND_STMT * const stmt
TSRMLS_DC);
-
/* {{{ mysqlnd_stmt::store_result */
static MYSQLND_RES *
MYSQLND_METHOD(mysqlnd_stmt, store_result)(MYSQLND_STMT * const s TSRMLS_DC)
@@ -228,7 +226,7 @@
}
/* Free space for next result */
- mysqlnd_internal_free_stmt_content(s TSRMLS_CC);
+ s-m-free_stmt_content(s TSRMLS_CC);
DBG_RETURN(s-m-parse_execute_response(s TSRMLS_CC));
}
@@ -2062,12 +2060,12 @@
/* }}} */
-/* {{{ mysqlnd_internal_free_stmt_content */
+/* {{{ mysqlnd_stmt::free_stmt_content */
static void
-mysqlnd_internal_free_stmt_content(MYSQLND_STMT * const s TSRMLS_DC)
+MYSQLND_METHOD(mysqlnd_stmt, free_stmt_content)(MYSQLND_STMT * const s
TSRMLS_DC)
{
MYSQLND_STMT_DATA * stmt = s? s-data:NULL;
- DBG_ENTER(mysqlnd_internal_free_stmt_content);
+ DBG_ENTER(mysqlnd_stmt::free_stmt_content);
if (!stmt) {
DBG_VOID_RETURN;
}
@@ -2186,7 +2184,7 @@
stmt-execute_cmd_buffer.buffer = NULL;
}
- mysqlnd_internal_free_stmt_content(s TSRMLS_CC);
+ s-m-free_stmt_content(s TSRMLS_CC);
if (stmt-conn) {
stmt-conn-m-free_reference(stmt-conn TSRMLS_CC);
@@ -2324,7 +2322,8 @@
MYSQLND_METHOD(mysqlnd_stmt, free_result_bind),
MYSQLND_METHOD(mysqlnd_stmt, server_status),
mysqlnd_stmt_execute_generate_request,
- mysqlnd_stmt_execute_parse_response
+ mysqlnd_stmt_execute_parse_response,
+ MYSQLND_METHOD(mysqlnd_stmt, free_stmt_content)
MYSQLND_CLASS_METHODS_END;
Modified: php/php-src/branches/PHP_5_3/ext/mysqlnd/mysqlnd_structs.h
===
--- php/php-src/branches/PHP_5_3/ext/mysqlnd/mysqlnd_structs.h 2010-09-28
14:35:37 UTC (rev 303827)
+++ php/php-src/branches/PHP_5_3/ext/mysqlnd/mysqlnd_structs.h 2010-09-28
14:36:18 UTC (rev 303828)
@@ -627,6 +627,7 @@
typedef unsigned int (*func_mysqlnd_stmt__server_status)(const
MYSQLND_STMT * const stmt TSRMLS_DC);
typedef enum_func_status
(*func_mysqlnd_stmt__generate_execute_request)(MYSQLND_STMT * const s,
zend_uchar ** request, size_t *request_len, zend_bool * free_buffer TSRMLS_DC);
typedef enum_func_status
(*func_mysqlnd_stmt__parse_execute_response)(MYSQLND_STMT * const s TSRMLS_DC);
+typedef void
(*func_mysqlnd_stmt__free_stmt_content)(MYSQLND_STMT * const s TSRMLS_DC);
struct st_mysqlnd_stmt_methods
{
@@ -678,6 +679,8 @@
func_mysqlnd_stmt__generate_execute_request generate_execute_request;
func_mysqlnd_stmt__parse_execute_response parse_execute_response;
+
+ func_mysqlnd_stmt__free_stmt_content free_stmt_content;
};
Modified: php/php-src/trunk/ext/mysqlnd/mysqlnd_ps.c
===
--- php/php-src/trunk/ext/mysqlnd/mysqlnd_ps.c 2010-09-28 14:35:37 UTC (rev
303827)
+++ php/php-src/trunk/ext/mysqlnd/mysqlnd_ps.c 2010-09-28 14:36:18 UTC (rev
303828)
@@ -52,8 +52,6 @@
static void mysqlnd_stmt_separate_result_bind(MYSQLND_STMT * const stmt
TSRMLS_DC);
static void mysqlnd_stmt_separate_one_result_bind(MYSQLND_STMT * const stmt,
unsigned int param_no TSRMLS_DC);
-static void mysqlnd_internal_free_stmt_content(MYSQLND_STMT * const stmt
TSRMLS_DC);
-
/* {{{ mysqlnd_stmt::store_result */
static MYSQLND_RES *
MYSQLND_METHOD(mysqlnd_stmt, store_result)(MYSQLND_STMT * const s TSRMLS_DC)
@@ -228,7 +226,7 @@
}
/* Free space for next result */
- mysqlnd_internal_free_stmt_content(s TSRMLS_CC);
+ s-m-free_stmt_content(s TSRMLS_CC);
DBG_RETURN(s-m-parse_execute_response(s TSRMLS_CC));
}
@@ -2062,12 +2060,12 @@
/* }}} */
-/* {{{ mysqlnd_internal_free_stmt_content */
+/* {{{ mysqlnd_stmt::free_stmt_content */
static void
-mysqlnd_internal_free_stmt_content(MYSQLND_STMT * const s
[PHP-CVS] svn: /php/php-src/trunk/ext/pdo_dblib/ dblib_stmt.c
ssufficool Wed, 29 Sep 2010 00:55:43 + Revision: http://svn.php.net/viewvc?view=revisionrevision=303838 Log: Remove non C90 quotes Changed paths: U php/php-src/trunk/ext/pdo_dblib/dblib_stmt.c Modified: php/php-src/trunk/ext/pdo_dblib/dblib_stmt.c === --- php/php-src/trunk/ext/pdo_dblib/dblib_stmt.c2010-09-29 00:49:28 UTC (rev 303837) +++ php/php-src/trunk/ext/pdo_dblib/dblib_stmt.c2010-09-29 00:55:43 UTC (rev 303838) @@ -63,15 +63,12 @@ case 108: return numeric; case 122: return smallmoney; case 127: return bigint; - //case 240: return hierarchyid; case 240: return geometry; - //case 240: return geography; case 165: return varbinary; case 167: return varchar; case 173: return binary; case 175: return char; case 189: return timestamp; - //case 231: return sysname; case 231: return nvarchar; case 239: return nchar; case 241: return xml; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/ext/openssl/xp_ssl.c trunk/ext/openssl/xp_ssl.c
felipe Wed, 29 Sep 2010 01:25:35 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=303839
Log:
- Fixed bug #52947 (segfault when ssl stream option capture_peer_cert_chain
used)
Bug: http://bugs.php.net/52947 (Open) segfault when ssl stream option
capture_peer_cert_chain used
Changed paths:
U php/php-src/branches/PHP_5_3/NEWS
U php/php-src/branches/PHP_5_3/ext/openssl/xp_ssl.c
U php/php-src/trunk/ext/openssl/xp_ssl.c
Modified: php/php-src/branches/PHP_5_3/NEWS
===
--- php/php-src/branches/PHP_5_3/NEWS 2010-09-29 00:55:43 UTC (rev 303838)
+++ php/php-src/branches/PHP_5_3/NEWS 2010-09-29 01:25:35 UTC (rev 303839)
@@ -22,6 +22,8 @@
- Fixed possible crash in mssql_fetch_batch(). (Kalle)
- Fixed inconsistent backlog default value (-1) in FPM on many systems. (fat)
+- Fixed bug #52947 (segfault when ssl stream option capture_peer_cert_chain
+ used). (Felipe)
- Fixed bug #52931 (strripos not overloaded with function overloading enabled).
(Felipe)
- Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with
Modified: php/php-src/branches/PHP_5_3/ext/openssl/xp_ssl.c
===
--- php/php-src/branches/PHP_5_3/ext/openssl/xp_ssl.c 2010-09-29 00:55:43 UTC
(rev 303838)
+++ php/php-src/branches/PHP_5_3/ext/openssl/xp_ssl.c 2010-09-29 01:25:35 UTC
(rev 303839)
@@ -502,7 +502,6 @@
zend_list_insert(mycert,
php_openssl_get_x509_list_id()));
add_next_index_zval(arr, zcert);
-
FREE_ZVAL(zcert);
}
} else {
Modified: php/php-src/trunk/ext/openssl/xp_ssl.c
===
--- php/php-src/trunk/ext/openssl/xp_ssl.c 2010-09-29 00:55:43 UTC (rev
303838)
+++ php/php-src/trunk/ext/openssl/xp_ssl.c 2010-09-29 01:25:35 UTC (rev
303839)
@@ -502,7 +502,6 @@
zend_list_insert(mycert,
php_openssl_get_x509_list_id() TSRMLS_CC));
add_next_index_zval(arr, zcert);
-
FREE_ZVAL(zcert);
}
} else {
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
