iliaa Sat May 5 15:36:15 2007 UTC
Modified files: (Branch: PHP_5_2)
/php-src NEWS
/php-src/ext/sqlite sqlite.c sess_sqlite.c
Log:
Fixed bug #41285 (Improved fix for CVE-2007-1887 to work with non-bundled
sqlite2 lib).
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.681&r2=1.2027.2.547.2.682&diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.2027.2.547.2.681 php-src/NEWS:1.2027.2.547.2.682
--- php-src/NEWS:1.2027.2.547.2.681 Sat May 5 15:14:56 2007
+++ php-src/NEWS Sat May 5 15:36:15 2007
@@ -6,6 +6,8 @@
- Fixed altering $this via argument named "this". (Dmitry)
- Fixed bug #41287 (Namespace functions don't allow xmlns defintion to be
optional). (Rob)
+- Fixed bug #41285 (Improved fix for CVE-2007-1887 to work with non-bundled
+ sqlite2 lib). (Ilia)
- Fixed bug #41283 (Bug with serializing array key that are doubles or
floats). (Ilia)
- Fixed bug #41257: (lookupNamespaceURI does not work as expected). (Rob)
http://cvs.php.net/viewvc.cgi/php-src/ext/sqlite/sqlite.c?r1=1.166.2.13.2.7&r2=1.166.2.13.2.8&diff_format=u
Index: php-src/ext/sqlite/sqlite.c
diff -u php-src/ext/sqlite/sqlite.c:1.166.2.13.2.7
php-src/ext/sqlite/sqlite.c:1.166.2.13.2.8
--- php-src/ext/sqlite/sqlite.c:1.166.2.13.2.7 Tue Mar 6 02:17:13 2007
+++ php-src/ext/sqlite/sqlite.c Sat May 5 15:36:15 2007
@@ -17,7 +17,7 @@
| Marcus Boerger <[EMAIL PROTECTED]> |
+----------------------------------------------------------------------+
- $Id: sqlite.c,v 1.166.2.13.2.7 2007/03/06 02:17:13 stas Exp $
+ $Id: sqlite.c,v 1.166.2.13.2.8 2007/05/05 15:36:15 iliaa Exp $
*/
#ifdef HAVE_CONFIG_H
@@ -73,7 +73,7 @@
extern int sqlite_decode_binary(const unsigned char *in, unsigned char *out);
#define php_sqlite_encode_binary(in, n, out) sqlite_encode_binary((const
unsigned char *)in, n, (unsigned char *)out)
-#define php_sqlite_decode_binary(in, out) sqlite_decode_binary((const
unsigned char *)in, (unsigned char *)out)
+#define php_sqlite_decode_binary(in, out) in && *in ?
sqlite_decode_binary((const unsigned char *)in, (unsigned char *)out) : 0
static int sqlite_count_elements(zval *object, long *count TSRMLS_DC);
@@ -1133,7 +1133,7 @@
{
php_info_print_table_start();
php_info_print_table_header(2, "SQLite support", "enabled");
- php_info_print_table_row(2, "PECL Module version",
PHP_SQLITE_MODULE_VERSION " $Id: sqlite.c,v 1.166.2.13.2.7 2007/03/06 02:17:13
stas Exp $");
+ php_info_print_table_row(2, "PECL Module version",
PHP_SQLITE_MODULE_VERSION " $Id: sqlite.c,v 1.166.2.13.2.8 2007/05/05 15:36:15
iliaa Exp $");
php_info_print_table_row(2, "SQLite Library", sqlite_libversion());
php_info_print_table_row(2, "SQLite Encoding", sqlite_libencoding());
php_info_print_table_end();
http://cvs.php.net/viewvc.cgi/php-src/ext/sqlite/sess_sqlite.c?r1=1.18.2.1.2.1&r2=1.18.2.1.2.2&diff_format=u
Index: php-src/ext/sqlite/sess_sqlite.c
diff -u php-src/ext/sqlite/sess_sqlite.c:1.18.2.1.2.1
php-src/ext/sqlite/sess_sqlite.c:1.18.2.1.2.2
--- php-src/ext/sqlite/sess_sqlite.c:1.18.2.1.2.1 Mon Jan 1 09:36:07 2007
+++ php-src/ext/sqlite/sess_sqlite.c Sat May 5 15:36:15 2007
@@ -17,7 +17,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: sess_sqlite.c,v 1.18.2.1.2.1 2007/01/01 09:36:07 sebastian Exp $ */
+/* $Id: sess_sqlite.c,v 1.18.2.1.2.2 2007/05/05 15:36:15 iliaa Exp $ */
#include "php.h"
@@ -110,9 +110,13 @@
case SQLITE_ROW:
if (rowdata[0] != NULL) {
*vallen = strlen(rowdata[0]);
- *val = emalloc(*vallen);
- *vallen = sqlite_decode_binary(rowdata[0],
*val);
- (*val)[*vallen] = '\0';
+ if (*vallen) {
+ *val = emalloc(*vallen);
+ *vallen =
sqlite_decode_binary(rowdata[0], *val);
+ (*val)[*vallen] = '\0';
+ } else {
+ *val = STR_EMPTY_ALLOC();
+ }
}
break;
default:
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
