[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/ext/sockets/sockets.c branches/PHP_5_4/ext/sockets/sockets.c trunk/ext/sockets/sockets.c

2011-10-13 Thread Felipe Pena 
felipe   Thu, 13 Oct 2011 22:56:05 +

Revision: http://svn.php.net/viewvc?view=revisionrevision=318094

Log:
- Fixed bug #60048 (sa_len a #define on IRIX)
  patch by: china at thewrittenword dot com

Bug: https://bugs.php.net/60048 (Closed) sa_len a #define on IRIX
  
Changed paths:
U   php/php-src/branches/PHP_5_3/NEWS
U   php/php-src/branches/PHP_5_3/ext/sockets/sockets.c
U   php/php-src/branches/PHP_5_4/ext/sockets/sockets.c
U   php/php-src/trunk/ext/sockets/sockets.c

Modified: php/php-src/branches/PHP_5_3/NEWS
===
--- php/php-src/branches/PHP_5_3/NEWS   2011-10-13 21:07:23 UTC (rev 318093)
+++ php/php-src/branches/PHP_5_3/NEWS   2011-10-13 22:56:05 UTC (rev 318094)
@@ -3,12 +3,13 @@
 ?? ??? 2011, PHP 5.3.9

 - Core:
-  . Fixed bug #55859 (mysqli-stat property access gives error). (Andrey)
   . Fixed bug #55798 (serialize followed by unserialize with numeric object
 prop. gives integer prop). (Gustavo)
   . Fixed bug #55749 (TOCTOU issue in getenv() on Windows builds). (Pierre)
   . Fixed bug #55707 (undefined reference to `__sync_fetch_and_add_4' on Linux
 parisc). (Felipe)
+  . Fixed bug #55674 (fgetcsv  str_getcsv skip empty fields in some
+tab-separated records). (Laruence)
   . Fixed bug #55649 (Undefined function Bug()). (Laruence)
   . Fixed bug #55622 (memory corruption in parse_ini_string). (Pierre)
   . Fixed bug #55576 (Cannot conditionally move uploaded file without race
@@ -25,8 +26,6 @@
   . Fixed bug #55366 (keys lost when using substr_replace an array) (Arpad)
   . Fixed bug #55273 (base64_decode() with strict rejects whitespace after
 pad). (Ilia)
-  . Fixed bug #54304 (RegexIterator::accept() doesn't work with scalar values).
-(Hannes)
   . Fixed bug #50982 (incorrect assumption of PAGE_SIZE size). (Dmitry)

 - Calendar:
@@ -47,6 +46,7 @@
   . Fixed bug #0 (mysql.trace_mode miscounts result sets). (Johannes)

 - MySQLi extension:
+  . Fixed bug #55859 (mysqli-stat property access gives error). (Andrey)
   . Fixed bug #55582 (mysqli_num_rows() returns always 0 for unbuffered, when
   mysqlnd is used). (Andrey)
   . Fixed bug #55703 (PHP crash when calling mysqli_fetch_fields).
@@ -106,14 +106,15 @@
   . Reverted the SimpleXML-query() behaviour to returning empty arrays
 instead of false when no nodes are found as it was since 5.3.3
 (bug #48601). (chregu, rrichards)
-
-- String:
-  . Fixed bug #55674 (fgetcsv  str_getcsv skip empty fields in some 
tab-separated
-records). (Laruence)

+- Sockets:
+  . Fixed bug #60048 (sa_len a #define on IRIX). (china at thewrittenword dot 
com)
+
 - SPL:
   . Fixed bug #55807 (Wrong value for splFileObject::SKIP_EMPTY).
 (jgotti at modedemploi dot fr, Hannes)
+  . Fixed bug #54304 (RegexIterator::accept() doesn't work with scalar values).
+(Hannes)

 - XSL:
   . Added xsl.security_prefs ini option to define forbidden operations within 
XSLT

Modified: php/php-src/branches/PHP_5_3/ext/sockets/sockets.c
===
--- php/php-src/branches/PHP_5_3/ext/sockets/sockets.c  2011-10-13 21:07:23 UTC 
(rev 318093)
+++ php/php-src/branches/PHP_5_3/ext/sockets/sockets.c  2011-10-13 22:56:05 UTC 
(rev 318094)
@@ -884,7 +884,7 @@
zval *arg1;
php_socket   *php_sock, *new_sock;
php_sockaddr_storage sa;
-   socklen_tsa_len = sizeof(sa);
+   socklen_tphp_sa_len = sizeof(sa);

if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, r, arg1) == 
FAILURE) {
return;
@@ -892,7 +892,7 @@

ZEND_FETCH_RESOURCE(php_sock, php_socket *, arg1, -1, le_socket_name, 
le_socket);

-   if (!php_accept_connect(php_sock, new_sock, (struct sockaddr*)sa, 
sa_len TSRMLS_CC)) {
+   if (!php_accept_connect(php_sock, new_sock, (struct sockaddr*)sa, 
php_sa_len TSRMLS_CC)) {
RETURN_FALSE;
}


Modified: php/php-src/branches/PHP_5_4/ext/sockets/sockets.c
===
--- php/php-src/branches/PHP_5_4/ext/sockets/sockets.c  2011-10-13 21:07:23 UTC 
(rev 318093)
+++ php/php-src/branches/PHP_5_4/ext/sockets/sockets.c  2011-10-13 22:56:05 UTC 
(rev 318094)
@@ -1052,7 +1052,7 @@
zval *arg1;
php_socket   *php_sock, *new_sock;
php_sockaddr_storage sa;
-   socklen_tsa_len = sizeof(sa);
+   socklen_tphp_sa_len = sizeof(sa);

if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, r, arg1) == 
FAILURE) {
return;
@@ -1060,7 +1060,7 @@

ZEND_FETCH_RESOURCE(php_sock, php_socket *, arg1, -1, le_socket_name, 
le_socket);

-   if (!php_accept_connect(php_sock, new_sock, (struct sockaddr*)sa,

[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/ext/sockets/sockets.c branches/PHP_5_4/ext/sockets/sockets.c trunk/ext/sockets/sockets.c

2011-05-23 Thread Felipe Pena 
felipe   Tue, 24 May 2011 00:05:50 +

Revision: http://svn.php.net/viewvc?view=revisionrevision=311369

Log:
- Fixed stack buffer overflow in socket_connect().
  Found by: Mateusz Kocielski, Marek Kroemeke and Filip Palian

Changed paths:
U   php/php-src/branches/PHP_5_3/NEWS
U   php/php-src/branches/PHP_5_3/ext/sockets/sockets.c
U   php/php-src/branches/PHP_5_4/ext/sockets/sockets.c
U   php/php-src/trunk/ext/sockets/sockets.c

Modified: php/php-src/branches/PHP_5_3/NEWS
===
--- php/php-src/branches/PHP_5_3/NEWS   2011-05-23 23:51:28 UTC (rev 311368)
+++ php/php-src/branches/PHP_5_3/NEWS   2011-05-24 00:05:50 UTC (rev 311369)
@@ -118,6 +118,8 @@
   . Fixed bug #54312 (soap_version logic bug). (tom at samplonius dot org)

 - Sockets extension:
+  . Fixed stack buffer overflow in socket_connect().
+Found by Mateusz Kocielski, Marek Kroemeke and Filip Palian. (Felipe)
   . Changed socket_set_block() and socket_set_nonblock() so they emit warnings
 on error. (Gustavo)
   . Fixed bug #51958 (socket_accept() fails on IPv6 server sockets). (Gustavo)

Modified: php/php-src/branches/PHP_5_3/ext/sockets/sockets.c
===
--- php/php-src/branches/PHP_5_3/ext/sockets/sockets.c  2011-05-23 23:51:28 UTC 
(rev 311368)
+++ php/php-src/branches/PHP_5_3/ext/sockets/sockets.c  2011-05-24 00:05:50 UTC 
(rev 311369)
@@ -1336,6 +1336,11 @@
break;

case AF_UNIX:
+   if (addr_len = sizeof(s_un.sun_path)) {
+   php_error_docref(NULL TSRMLS_CC, E_WARNING, 
Path too long, php_sock-type);
+   RETURN_FALSE;
+   }
+
memset(s_un, 0, sizeof(struct sockaddr_un));

s_un.sun_family = AF_UNIX;

Modified: php/php-src/branches/PHP_5_4/ext/sockets/sockets.c
===
--- php/php-src/branches/PHP_5_4/ext/sockets/sockets.c  2011-05-23 23:51:28 UTC 
(rev 311368)
+++ php/php-src/branches/PHP_5_4/ext/sockets/sockets.c  2011-05-24 00:05:50 UTC 
(rev 311369)
@@ -1540,6 +1540,11 @@
break;

case AF_UNIX:
+   if (addr_len = sizeof(s_un.sun_path)) {
+   php_error_docref(NULL TSRMLS_CC, E_WARNING, 
Path too long, php_sock-type);
+   RETURN_FALSE;
+   }
+
memset(s_un, 0, sizeof(struct sockaddr_un));

s_un.sun_family = AF_UNIX;

Modified: php/php-src/trunk/ext/sockets/sockets.c
===
--- php/php-src/trunk/ext/sockets/sockets.c 2011-05-23 23:51:28 UTC (rev 
311368)
+++ php/php-src/trunk/ext/sockets/sockets.c 2011-05-24 00:05:50 UTC (rev 
311369)
@@ -1540,6 +1540,11 @@
break;

case AF_UNIX:
+   if (addr_len = sizeof(s_un.sun_path)) {
+   php_error_docref(NULL TSRMLS_CC, E_WARNING, 
Path too long, php_sock-type);
+   RETURN_FALSE;
+   }
+
memset(s_un, 0, sizeof(struct sockaddr_un));

s_un.sun_family = AF_UNIX;

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php