iliaa Sat May 5 15:36:15 2007 UTC Modified files: (Branch: PHP_5_2) /php-src NEWS /php-src/ext/sqlite sqlite.c sess_sqlite.c Log: Fixed bug #41285 (Improved fix for CVE-2007-1887 to work with non-bundled sqlite2 lib). http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.681&r2=1.2027.2.547.2.682&diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.2027.2.547.2.681 php-src/NEWS:1.2027.2.547.2.682 --- php-src/NEWS:1.2027.2.547.2.681 Sat May 5 15:14:56 2007 +++ php-src/NEWS Sat May 5 15:36:15 2007 @@ -6,6 +6,8 @@ - Fixed altering $this via argument named "this". (Dmitry) - Fixed bug #41287 (Namespace functions don't allow xmlns defintion to be optional). (Rob) +- Fixed bug #41285 (Improved fix for CVE-2007-1887 to work with non-bundled + sqlite2 lib). (Ilia) - Fixed bug #41283 (Bug with serializing array key that are doubles or floats). (Ilia) - Fixed bug #41257: (lookupNamespaceURI does not work as expected). (Rob) http://cvs.php.net/viewvc.cgi/php-src/ext/sqlite/sqlite.c?r1=1.166.2.13.2.7&r2=1.166.2.13.2.8&diff_format=u Index: php-src/ext/sqlite/sqlite.c diff -u php-src/ext/sqlite/sqlite.c:1.166.2.13.2.7 php-src/ext/sqlite/sqlite.c:1.166.2.13.2.8 --- php-src/ext/sqlite/sqlite.c:1.166.2.13.2.7 Tue Mar 6 02:17:13 2007 +++ php-src/ext/sqlite/sqlite.c Sat May 5 15:36:15 2007 @@ -17,7 +17,7 @@ | Marcus Boerger <[EMAIL PROTECTED]> | +----------------------------------------------------------------------+ - $Id: sqlite.c,v 1.166.2.13.2.7 2007/03/06 02:17:13 stas Exp $ + $Id: sqlite.c,v 1.166.2.13.2.8 2007/05/05 15:36:15 iliaa Exp $ */ #ifdef HAVE_CONFIG_H @@ -73,7 +73,7 @@ extern int sqlite_decode_binary(const unsigned char *in, unsigned char *out); #define php_sqlite_encode_binary(in, n, out) sqlite_encode_binary((const unsigned char *)in, n, (unsigned char *)out) -#define php_sqlite_decode_binary(in, out) sqlite_decode_binary((const unsigned char *)in, (unsigned char *)out) +#define php_sqlite_decode_binary(in, out) in && *in ? sqlite_decode_binary((const unsigned char *)in, (unsigned char *)out) : 0 static int sqlite_count_elements(zval *object, long *count TSRMLS_DC); @@ -1133,7 +1133,7 @@ { php_info_print_table_start(); php_info_print_table_header(2, "SQLite support", "enabled"); - php_info_print_table_row(2, "PECL Module version", PHP_SQLITE_MODULE_VERSION " $Id: sqlite.c,v 1.166.2.13.2.7 2007/03/06 02:17:13 stas Exp $"); + php_info_print_table_row(2, "PECL Module version", PHP_SQLITE_MODULE_VERSION " $Id: sqlite.c,v 1.166.2.13.2.8 2007/05/05 15:36:15 iliaa Exp $"); php_info_print_table_row(2, "SQLite Library", sqlite_libversion()); php_info_print_table_row(2, "SQLite Encoding", sqlite_libencoding()); php_info_print_table_end(); http://cvs.php.net/viewvc.cgi/php-src/ext/sqlite/sess_sqlite.c?r1=1.18.2.1.2.1&r2=1.18.2.1.2.2&diff_format=u Index: php-src/ext/sqlite/sess_sqlite.c diff -u php-src/ext/sqlite/sess_sqlite.c:1.18.2.1.2.1 php-src/ext/sqlite/sess_sqlite.c:1.18.2.1.2.2 --- php-src/ext/sqlite/sess_sqlite.c:1.18.2.1.2.1 Mon Jan 1 09:36:07 2007 +++ php-src/ext/sqlite/sess_sqlite.c Sat May 5 15:36:15 2007 @@ -17,7 +17,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: sess_sqlite.c,v 1.18.2.1.2.1 2007/01/01 09:36:07 sebastian Exp $ */ +/* $Id: sess_sqlite.c,v 1.18.2.1.2.2 2007/05/05 15:36:15 iliaa Exp $ */ #include "php.h" @@ -110,9 +110,13 @@ case SQLITE_ROW: if (rowdata[0] != NULL) { *vallen = strlen(rowdata[0]); - *val = emalloc(*vallen); - *vallen = sqlite_decode_binary(rowdata[0], *val); - (*val)[*vallen] = '\0'; + if (*vallen) { + *val = emalloc(*vallen); + *vallen = sqlite_decode_binary(rowdata[0], *val); + (*val)[*vallen] = '\0'; + } else { + *val = STR_EMPTY_ALLOC(); + } } break; default:
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php