Re: [PHP-CVS] cvs: php-src /ext/session session.c
On Thu, 11 Dec 2008, Scott MacVicar wrote: > scottmac Thu Dec 11 01:20:58 2008 UTC > > Modified files: > /php-src/ext/session session.c > Log: > Fix bug #35975 - Session cookie expires date format isn't the most > compatible. Sync to that of setcookie(). > > > > http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.498&r2=1.499&diff_format=u > Index: php-src/ext/session/session.c > diff -u php-src/ext/session/session.c:1.498 > php-src/ext/session/session.c:1.499 > --- php-src/ext/session/session.c:1.498 Mon Nov 17 11:26:23 2008 > +++ php-src/ext/session/session.c Thu Dec 11 01:20:58 2008 > @@ -17,7 +17,7 @@ > +--+ > */ > > -/* $Id: session.c,v 1.498 2008/11/17 11:26:23 felipe Exp $ */ > +/* $Id: session.c,v 1.499 2008/12/11 01:20:58 scottmac Exp $ */ > > #ifdef HAVE_CONFIG_H > #include "config.h" > @@ -42,7 +42,7 @@ > #include "ext/standard/md5.h" > #include "ext/standard/sha1.h" > #include "ext/standard/php_var.h" > -#include "ext/standard/datetime.h" > +#include "ext/date/php_date.h" > #include "ext/standard/php_lcg.h" > #include "ext/standard/url_scanner_ex.h" > #include "ext/standard/php_rand.h" /* for RAND_MAX */ > @@ -1175,7 +1175,7 @@ > t = tv.tv_sec + PS(cookie_lifetime); > > if (t > 0) { > - date_fmt = php_std_date(t TSRMLS_CC); > + date_fmt = php_format_date("D, d-M-Y H:i:s T", > sizeof("D, d-M-Y H:i:s T")-1, t, 0 TSRMLS_CC); There is a constant for this: DATE_FORMAT_RFC850 (also as DATE_COOKIE in userland), but that uses: "l, d-M-y H:i:s T" -- which I deducted from several RFCs. Those constants should be moved to a .h file though regards, Derick -- HEAD before 5_3!: http://tinyurl.com/6d2esb http://derickrethans.nl | http://ezcomponents.org | http://xdebug.org -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /sapi/cgi fastcgi.c
pajoye Thu Dec 11 10:20:30 2008 UTC Modified files: /php-src/sapi/cgi fastcgi.c Log: - WS http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/fastcgi.c?r1=1.51&r2=1.52&diff_format=u Index: php-src/sapi/cgi/fastcgi.c diff -u php-src/sapi/cgi/fastcgi.c:1.51 php-src/sapi/cgi/fastcgi.c:1.52 --- php-src/sapi/cgi/fastcgi.c:1.51 Thu Dec 11 00:15:05 2008 +++ php-src/sapi/cgi/fastcgi.c Thu Dec 11 10:20:30 2008 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: fastcgi.c,v 1.51 2008/12/11 00:15:05 pajoye Exp $ */ +/* $Id: fastcgi.c,v 1.52 2008/12/11 10:20:30 pajoye Exp $ */ #include "php.h" #include "fastcgi.h" @@ -267,63 +267,63 @@ */ static PACL prepare_named_pipe_acl(PSECURITY_DESCRIPTOR sd, LPSECURITY_ATTRIBUTES sa) { - DWORD req_acl_size; - char everyone_buf[32], owner_buf[32]; - PSID sid_everyone, sid_owner; - SID_IDENTIFIER_AUTHORITY -siaWorld = SECURITY_WORLD_SID_AUTHORITY, -siaCreator = SECURITY_CREATOR_SID_AUTHORITY; - PACL acl; - - sid_everyone = (PSID)&everyone_buf; - sid_owner = (PSID)&owner_buf; - - req_acl_size = sizeof(ACL) + -(2 * ((sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD)) + GetSidLengthRequired(1))); - - acl = malloc(req_acl_size); - - if (acl == NULL) { -return NULL; - } - - if (!InitializeSid(sid_everyone, &siaWorld, 1)) { -goto out_fail; - } - *GetSidSubAuthority(sid_everyone, 0) = SECURITY_WORLD_RID; - - if (!InitializeSid(sid_owner, &siaCreator, 1)) { -goto out_fail; - } - *GetSidSubAuthority(sid_owner, 0) = SECURITY_CREATOR_OWNER_RID; - - if (!InitializeAcl(acl, req_acl_size, ACL_REVISION)) { -goto out_fail; - } - - if (!AddAccessAllowedAce(acl, ACL_REVISION, FILE_GENERIC_READ | FILE_GENERIC_WRITE, sid_everyone)) { -goto out_fail; - } - - if (!AddAccessAllowedAce(acl, ACL_REVISION, FILE_ALL_ACCESS, sid_owner)) { -goto out_fail; - } - - if (!InitializeSecurityDescriptor(sd, SECURITY_DESCRIPTOR_REVISION)) { -goto out_fail; - } - - if (!SetSecurityDescriptorDacl(sd, TRUE, acl, FALSE)) { -goto out_fail; - } + DWORD req_acl_size; + char everyone_buf[32], owner_buf[32]; + PSID sid_everyone, sid_owner; + SID_IDENTIFIER_AUTHORITY + siaWorld = SECURITY_WORLD_SID_AUTHORITY, + siaCreator = SECURITY_CREATOR_SID_AUTHORITY; + PACL acl; - sa->lpSecurityDescriptor = sd; + sid_everyone = (PSID)&everyone_buf; + sid_owner = (PSID)&owner_buf; - return acl; + req_acl_size = sizeof(ACL) + + (2 * ((sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD)) + GetSidLengthRequired(1))); + + acl = malloc(req_acl_size); + + if (acl == NULL) { + return NULL; + } + + if (!InitializeSid(sid_everyone, &siaWorld, 1)) { + goto out_fail; + } + *GetSidSubAuthority(sid_everyone, 0) = SECURITY_WORLD_RID; + + if (!InitializeSid(sid_owner, &siaCreator, 1)) { + goto out_fail; + } + *GetSidSubAuthority(sid_owner, 0) = SECURITY_CREATOR_OWNER_RID; + + if (!InitializeAcl(acl, req_acl_size, ACL_REVISION)) { + goto out_fail; + } + + if (!AddAccessAllowedAce(acl, ACL_REVISION, FILE_GENERIC_READ | FILE_GENERIC_WRITE, sid_everyone)) { + goto out_fail; + } + + if (!AddAccessAllowedAce(acl, ACL_REVISION, FILE_ALL_ACCESS, sid_owner)) { + goto out_fail; + } + + if (!InitializeSecurityDescriptor(sd, SECURITY_DESCRIPTOR_REVISION)) { + goto out_fail; + } + + if (!SetSecurityDescriptorDacl(sd, TRUE, acl, FALSE)) { + goto out_fail; + } + + sa->lpSecurityDescriptor = sd; + + return acl; out_fail: - free(acl); - return NULL; + free(acl); + return NULL; } #endif @@ -960,13 +960,13 @@ int n = 0; int allowed = 0; - while (allowed_clients[n] != INADDR_NONE) { - if (allowed_clients[n] == sa.sa_inet.sin_addr.s_addr) { - allowed = 1; - break; - } - n++; - } + while (allowed_clients[n] != INADDR_NONE) { + if (allowed_clients[n] == sa.sa_inet.sin_addr.s_addr) { + allowed = 1; + break; + } +
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/mcrypt/tests mcrypt_cbc_3des_decrypt.phpt mcrypt_cbc_3des_encrypt.phpt mcrypt_cbc_error.phpt mcrypt_cbc_variation1.phpt mcrypt_cbc_variation2.phpt mcrypt_cbc_varia
ant Thu Dec 11 10:20:36 2008 UTC Added files: (Branch: PHP_5_2) /php-src/ext/mcrypt/tests mcrypt_cbc_error.phpt mcrypt_cbc_variation4.phpt mcrypt_ecb_variation1.phpt mcrypt_cbc_variation1.phpt mcrypt_cbc_variation3.phpt mcrypt_decrypt_variation3.phpt mcrypt_encrypt_error.phpt mcrypt_cbc_variation2.phpt mcrypt_rijndael128_256BitKey.phpt mcrypt_encrypt_variation1.phpt mcrypt_decrypt_3des_ecb.phpt mcrypt_ecb_error.phpt mcrypt_ecb_variation2.phpt mcrypt_encrypt_variation3.phpt mcrypt_decrypt_3des_cbc.phpt mcrypt_rijndael128_128BitKey.phpt mcrypt_encrypt_3des_ecb.phpt mcrypt_encrypt_3des_cbc.phpt mcrypt_decrypt_variation2.phpt mcrypt_encrypt_variation2.phpt mcrypt_cbc_variation5.phpt mcrypt_decrypt_variation5.phpt mcrypt_cbc_3des_encrypt.phpt mcrypt_ecb_3des_decrypt.phpt mcrypt_encrypt_variation5.phpt mcrypt_decrypt_variation4.phpt mcrypt_ecb_variation3.phpt mcrypt_ecb_variation5.phpt mcrypt_decrypt_variation1.phpt mcrypt_ecb_variation4.phpt mcrypt_encrypt_variation4.phpt mcrypt_decrypt_error.phpt mcrypt_cbc_3des_decrypt.phpt mcrypt_ecb_3des_encrypt.phpt Log: MCrypt tests: checked on PHP 5.2.6, 5.3 and 6.0 (Windows and Linux but not Linux 64 bit or 5.3). http://cvs.php.net/viewvc.cgi/php-src/ext/mcrypt/tests/mcrypt_cbc_error.phpt?view=markup&rev=1.1 Index: php-src/ext/mcrypt/tests/mcrypt_cbc_error.phpt +++ php-src/ext/mcrypt/tests/mcrypt_cbc_error.phpt http://cvs.php.net/viewvc.cgi/php-src/ext/mcrypt/tests/mcrypt_cbc_variation4.phpt?view=markup&rev=1.1 Index: php-src/ext/mcrypt/tests/mcrypt_cbc_variation4.phpt +++ php-src/ext/mcrypt/tests/mcrypt_cbc_variation4.phpt http://cvs.php.net/viewvc.cgi/php-src/ext/mcrypt/tests/mcrypt_ecb_variation1.phpt?view=markup&rev=1.1 Index: php-src/ext/mcrypt/tests/mcrypt_ecb_variation1.phpt +++ php-src/ext/mcrypt/tests/mcrypt_ecb_variation1.phpt http://cvs.php.net/viewvc.cgi/php-src/ext/mcrypt/tests/mcrypt_cbc_variation1.phpt?view=markup&rev=1.1 Index: php-src/ext/mcrypt/tests/mcrypt_cbc_variation1.phpt +++ php-src/ext/mcrypt/tests/mcrypt_cbc_variation1.phpt http://cvs.php.net/viewvc.cgi/php-src/ext/mcrypt/tests/mcrypt_cbc_variation3.phpt?view=markup&rev=1.1 Index: php-src/ext/mcrypt/tests/mcrypt_cbc_variation3.phpt +++ php-src/ext/mcrypt/tests/mcrypt_cbc_variation3.phpt http://cvs.php.net/viewvc.cgi/php-src/ext/mcrypt/tests/mcrypt_decrypt_variation3.phpt?view=markup&rev=1.1 Index: php-src/ext/mcrypt/tests/mcrypt_decrypt_variation3.phpt +++ php-src/ext/mcrypt/tests/mcrypt_decrypt_variation3.phpt http://cvs.php.net/viewvc.cgi/php-src/ext/mcrypt/tests/mcrypt_encrypt_error.phpt?view=markup&rev=1.1 Index: php-src/ext/mcrypt/tests/mcrypt_encrypt_error.phpt +++ php-src/ext/mcrypt/tests/mcrypt_encrypt_error.phpt http://cvs.php.net/viewvc.cgi/php-src/ext/mcrypt/tests/mcrypt_cbc_variation2.phpt?view=markup&rev=1.1 Index: php-src/ext/mcrypt/tests/mcrypt_cbc_variation2.phpt +++ php-src/ext/mcrypt/tests/mcrypt_cbc_variation2.phpt http://cvs.php.net/viewvc.cgi/php-src/ext/mcrypt/tests/mcrypt_rijndael128_256BitKey.phpt?view=markup&rev=1.1 Index: php-src/ext/mcrypt/tests/mcrypt_rijndael128_256BitKey.phpt +++ php-src/ext/mcrypt/tests/mcrypt_rijndael128_256BitKey.phpt http://cvs.php.net/viewvc.cgi/php-src/ext/mcrypt/tests/mcrypt_encrypt_variation1.phpt?view=markup&rev=1.1 Index: php-src/ext/mcrypt/tests/mcrypt_encrypt_variation1.phpt +++ php-src/ext/mcrypt/tests/mcrypt_encrypt_variation1.phpt http://cvs.php.net/viewvc.cgi/php-src/ext/mcrypt/tests/mcrypt_decrypt_3des_ecb.phpt?view=markup&rev=1.1 Index: php-src/ext/mcrypt/tests/mcrypt_decrypt_3des_ecb.phpt +++ php-src/ext/mcrypt/tests/mcrypt_decrypt_3des_ecb.phpt http://cvs.php.net/viewvc.cgi/php-src/ext/mcrypt/tests/mcrypt_ecb_error.phpt?view=markup&rev=1.1 Index: php-src/ext/mcrypt/tests/mcrypt_ecb_error.phpt +++ php-src/ext/mcrypt/tests/mcrypt_ecb_error.phpt http://cvs.php.net/viewvc.cgi/php-src/ext/mcrypt/tests/mcrypt
[PHP-CVS] cvs: php-src(PHP_5_3) /ext/mcrypt/tests mcrypt_cbc_3des_decrypt.phpt mcrypt_cbc_3des_encrypt.phpt mcrypt_cbc_error.phpt mcrypt_cbc_variation1.phpt mcrypt_cbc_variation2.phpt mcrypt_cbc_varia
ant Thu Dec 11 10:21:39 2008 UTC Added files: (Branch: PHP_5_3) /php-src/ext/mcrypt/tests mcrypt_decrypt_variation5.phpt mcrypt_ecb_variation4.phpt mcrypt_encrypt_variation4.phpt mcrypt_ecb_error.phpt mcrypt_ecb_3des_encrypt.phpt mcrypt_rijndael128_256BitKey.phpt mcrypt_encrypt_variation5.phpt mcrypt_cbc_variation1.phpt mcrypt_cbc_3des_encrypt.phpt mcrypt_decrypt_variation1.phpt mcrypt_ecb_variation2.phpt mcrypt_cbc_variation5.phpt mcrypt_ecb_3des_decrypt.phpt mcrypt_cbc_variation3.phpt mcrypt_cbc_3des_decrypt.phpt mcrypt_ecb_variation3.phpt mcrypt_encrypt_3des_cbc.phpt mcrypt_decrypt_3des_ecb.phpt mcrypt_decrypt_variation4.phpt mcrypt_encrypt_variation2.phpt mcrypt_cbc_variation4.phpt mcrypt_ecb_variation1.phpt mcrypt_rijndael128_128BitKey.phpt mcrypt_decrypt_variation3.phpt mcrypt_encrypt_error.phpt mcrypt_cbc_variation2.phpt mcrypt_cbc_error.phpt mcrypt_encrypt_3des_ecb.phpt mcrypt_decrypt_variation2.phpt mcrypt_encrypt_variation3.phpt mcrypt_decrypt_error.phpt mcrypt_decrypt_3des_cbc.phpt mcrypt_encrypt_variation1.phpt mcrypt_ecb_variation5.phpt Log: MCrypt tests: checked on PHP 5.2.6, 5.3 and 6.0 (Windows and Linux but not Linux 64 bit or 5.3). http://cvs.php.net/viewvc.cgi/php-src/ext/mcrypt/tests/mcrypt_decrypt_variation5.phpt?view=markup&rev=1.1 Index: php-src/ext/mcrypt/tests/mcrypt_decrypt_variation5.phpt +++ php-src/ext/mcrypt/tests/mcrypt_decrypt_variation5.phpt http://cvs.php.net/viewvc.cgi/php-src/ext/mcrypt/tests/mcrypt_ecb_variation4.phpt?view=markup&rev=1.1 Index: php-src/ext/mcrypt/tests/mcrypt_ecb_variation4.phpt +++ php-src/ext/mcrypt/tests/mcrypt_ecb_variation4.phpt http://cvs.php.net/viewvc.cgi/php-src/ext/mcrypt/tests/mcrypt_encrypt_variation4.phpt?view=markup&rev=1.1 Index: php-src/ext/mcrypt/tests/mcrypt_encrypt_variation4.phpt +++ php-src/ext/mcrypt/tests/mcrypt_encrypt_variation4.phpt http://cvs.php.net/viewvc.cgi/php-src/ext/mcrypt/tests/mcrypt_ecb_error.phpt?view=markup&rev=1.1 Index: php-src/ext/mcrypt/tests/mcrypt_ecb_error.phpt +++ php-src/ext/mcrypt/tests/mcrypt_ecb_error.phpt http://cvs.php.net/viewvc.cgi/php-src/ext/mcrypt/tests/mcrypt_ecb_3des_encrypt.phpt?view=markup&rev=1.1 Index: php-src/ext/mcrypt/tests/mcrypt_ecb_3des_encrypt.phpt +++ php-src/ext/mcrypt/tests/mcrypt_ecb_3des_encrypt.phpt http://cvs.php.net/viewvc.cgi/php-src/ext/mcrypt/tests/mcrypt_rijndael128_256BitKey.phpt?view=markup&rev=1.1 Index: php-src/ext/mcrypt/tests/mcrypt_rijndael128_256BitKey.phpt +++ php-src/ext/mcrypt/tests/mcrypt_rijndael128_256BitKey.phpt http://cvs.php.net/viewvc.cgi/php-src/ext/mcrypt/tests/mcrypt_encrypt_variation5.phpt?view=markup&rev=1.1 Index: php-src/ext/mcrypt/tests/mcrypt_encrypt_variation5.phpt +++ php-src/ext/mcrypt/tests/mcrypt_encrypt_variation5.phpt http://cvs.php.net/viewvc.cgi/php-src/ext/mcrypt/tests/mcrypt_cbc_variation1.phpt?view=markup&rev=1.1 Index: php-src/ext/mcrypt/tests/mcrypt_cbc_variation1.phpt +++ php-src/ext/mcrypt/tests/mcrypt_cbc_variation1.phpt http://cvs.php.net/viewvc.cgi/php-src/ext/mcrypt/tests/mcrypt_cbc_3des_encrypt.phpt?view=markup&rev=1.1 Index: php-src/ext/mcrypt/tests/mcrypt_cbc_3des_encrypt.phpt +++ php-src/ext/mcrypt/tests/mcrypt_cbc_3des_encrypt.phpt http://cvs.php.net/viewvc.cgi/php-src/ext/mcrypt/tests/mcrypt_decrypt_variation1.phpt?view=markup&rev=1.1 Index: php-src/ext/mcrypt/tests/mcrypt_decrypt_variation1.phpt +++ php-src/ext/mcrypt/tests/mcrypt_decrypt_variation1.phpt http://cvs.php.net/viewvc.cgi/php-src/ext/mcrypt/tests/mcrypt_ecb_variation2.phpt?view=markup&rev=1.1 Index: php-src/ext/mcrypt/tests/mcrypt_ecb_variation2.phpt +++ php-src/ext/mcrypt/tests/mcrypt_ecb_variation2.phpt http://cvs.php.net/viewvc.cgi/php-src/ext/mcrypt/tests/mcrypt_cbc_variation5.phpt?view=markup&rev=1.1 Index: php-src/ext/mcrypt/tests/mcrypt_cbc_variation5.phpt +++ php-src/ext/mcrypt/tests/mcrypt_cbc_variation5.phpt http://cvs.ph
[PHP-CVS] cvs: php-src(PHP_5_3) /sapi/cgi fastcgi.c
pajoye Thu Dec 11 10:22:13 2008 UTC Modified files: (Branch: PHP_5_3) /php-src/sapi/cgi fastcgi.c Log: - WS http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/fastcgi.c?r1=1.4.2.13.2.28.2.9&r2=1.4.2.13.2.28.2.10&diff_format=u Index: php-src/sapi/cgi/fastcgi.c diff -u php-src/sapi/cgi/fastcgi.c:1.4.2.13.2.28.2.9 php-src/sapi/cgi/fastcgi.c:1.4.2.13.2.28.2.10 --- php-src/sapi/cgi/fastcgi.c:1.4.2.13.2.28.2.9Thu Dec 11 00:13:48 2008 +++ php-src/sapi/cgi/fastcgi.c Thu Dec 11 10:22:12 2008 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: fastcgi.c,v 1.4.2.13.2.28.2.9 2008/12/11 00:13:48 pajoye Exp $ */ +/* $Id: fastcgi.c,v 1.4.2.13.2.28.2.10 2008/12/11 10:22:12 pajoye Exp $ */ #include "php.h" #include "fastcgi.h" @@ -267,63 +267,63 @@ */ static PACL prepare_named_pipe_acl(PSECURITY_DESCRIPTOR sd, LPSECURITY_ATTRIBUTES sa) { - DWORD req_acl_size; - char everyone_buf[32], owner_buf[32]; - PSID sid_everyone, sid_owner; - SID_IDENTIFIER_AUTHORITY -siaWorld = SECURITY_WORLD_SID_AUTHORITY, -siaCreator = SECURITY_CREATOR_SID_AUTHORITY; - PACL acl; - - sid_everyone = (PSID)&everyone_buf; - sid_owner = (PSID)&owner_buf; - - req_acl_size = sizeof(ACL) + -(2 * ((sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD)) + GetSidLengthRequired(1))); - - acl = malloc(req_acl_size); - - if (acl == NULL) { -return NULL; - } - - if (!InitializeSid(sid_everyone, &siaWorld, 1)) { -goto out_fail; - } - *GetSidSubAuthority(sid_everyone, 0) = SECURITY_WORLD_RID; - - if (!InitializeSid(sid_owner, &siaCreator, 1)) { -goto out_fail; - } - *GetSidSubAuthority(sid_owner, 0) = SECURITY_CREATOR_OWNER_RID; - - if (!InitializeAcl(acl, req_acl_size, ACL_REVISION)) { -goto out_fail; - } - - if (!AddAccessAllowedAce(acl, ACL_REVISION, FILE_GENERIC_READ | FILE_GENERIC_WRITE, sid_everyone)) { -goto out_fail; - } - - if (!AddAccessAllowedAce(acl, ACL_REVISION, FILE_ALL_ACCESS, sid_owner)) { -goto out_fail; - } - - if (!InitializeSecurityDescriptor(sd, SECURITY_DESCRIPTOR_REVISION)) { -goto out_fail; - } - - if (!SetSecurityDescriptorDacl(sd, TRUE, acl, FALSE)) { -goto out_fail; - } + DWORD req_acl_size; + char everyone_buf[32], owner_buf[32]; + PSID sid_everyone, sid_owner; + SID_IDENTIFIER_AUTHORITY + siaWorld = SECURITY_WORLD_SID_AUTHORITY, + siaCreator = SECURITY_CREATOR_SID_AUTHORITY; + PACL acl; - sa->lpSecurityDescriptor = sd; + sid_everyone = (PSID)&everyone_buf; + sid_owner = (PSID)&owner_buf; - return acl; + req_acl_size = sizeof(ACL) + + (2 * ((sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD)) + GetSidLengthRequired(1))); + + acl = malloc(req_acl_size); + + if (acl == NULL) { + return NULL; + } + + if (!InitializeSid(sid_everyone, &siaWorld, 1)) { + goto out_fail; + } + *GetSidSubAuthority(sid_everyone, 0) = SECURITY_WORLD_RID; + + if (!InitializeSid(sid_owner, &siaCreator, 1)) { + goto out_fail; + } + *GetSidSubAuthority(sid_owner, 0) = SECURITY_CREATOR_OWNER_RID; + + if (!InitializeAcl(acl, req_acl_size, ACL_REVISION)) { + goto out_fail; + } + + if (!AddAccessAllowedAce(acl, ACL_REVISION, FILE_GENERIC_READ | FILE_GENERIC_WRITE, sid_everyone)) { + goto out_fail; + } + + if (!AddAccessAllowedAce(acl, ACL_REVISION, FILE_ALL_ACCESS, sid_owner)) { + goto out_fail; + } + + if (!InitializeSecurityDescriptor(sd, SECURITY_DESCRIPTOR_REVISION)) { + goto out_fail; + } + + if (!SetSecurityDescriptorDacl(sd, TRUE, acl, FALSE)) { + goto out_fail; + } + + sa->lpSecurityDescriptor = sd; + + return acl; out_fail: - free(acl); - return NULL; + free(acl); + return NULL; } #endif @@ -397,9 +397,9 @@ } } else { #ifdef _WIN32 - SECURITY_DESCRIPTOR sd; - SECURITY_ATTRIBUTES sa; - PACL acl; + SECURITY_DESCRIPTOR sd; + SECURITY_ATTRIBUTES sa; + PACL acl; HANDLE namedPipe; memset(&sa, 0, sizeof(sa)); @@ -514,8 +514,8 @@ req->in_len = 0; req->in_pad = 0; - req->out_hdr = NULL; - req->out_pos = req->out_buf; + req->out_hdr = NULL; + req->out_pos = req->out_buf; #ifdef _WIN32 req->tcp = !GetNamedPipeInfo((HANDLE)_get_osfhandle(req->listen_socket), NULL, NULL, NULL, NULL); @@ -960,13 +960,13 @@ int n = 0; int allowed = 0; - while (allowed_clients[n] != INADDR_NONE) { -
[PHP-CVS] cvs: php-src(PHP_5_3) /ext/standard/tests/directory .cvsignore
tony2001Thu Dec 11 10:59:31 2008 UTC Added files: (Branch: PHP_5_3) /php-src/ext/standard/tests/directory .cvsignore Log: add missing .cvsignore http://cvs.php.net/viewvc.cgi/php-src/ext/standard/tests/directory/.cvsignore?view=markup&rev=1.1 Index: php-src/ext/standard/tests/directory/.cvsignore +++ php-src/ext/standard/tests/directory/.cvsignore -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/standard/tests/directory .cvsignore
tony2001Thu Dec 11 11:00:03 2008 UTC Modified files: /php-src/ext/standard/tests/directory .cvsignore Log: add missing .cvsignore http://cvs.php.net/viewvc.cgi/php-src/ext/standard/tests/directory/.cvsignore?r1=1.1&r2=1.2&diff_format=u Index: php-src/ext/standard/tests/directory/.cvsignore diff -u /dev/null php-src/ext/standard/tests/directory/.cvsignore:1.2 --- /dev/null Thu Dec 11 11:00:03 2008 +++ php-src/ext/standard/tests/directory/.cvsignore Thu Dec 11 11:00:03 2008 @@ -0,0 +1,9 @@ +phpt.* +*.mem +*.diff +*.log +*.exp +*.out +*.php +*.gcda +*.gcno -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_3) /tests/security magic_quotes_gpc.phpt
sesser Thu Dec 11 13:05:52 2008 UTC Added files: (Branch: PHP_5_3) /php-src/tests/security magic_quotes_gpc.phpt Log: Added test for magic_quotes_gpc http://cvs.php.net/viewvc.cgi/php-src/tests/security/magic_quotes_gpc.phpt?view=markup&rev=1.1 Index: php-src/tests/security/magic_quotes_gpc.phpt +++ php-src/tests/security/magic_quotes_gpc.phpt -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /tests/security magic_quotes_gpc.phpt
sesser Thu Dec 11 13:06:29 2008 UTC Added files: (Branch: PHP_5_2) /php-src/tests/security magic_quotes_gpc.phpt Log: Added test for magic_quotes_gpc http://cvs.php.net/viewvc.cgi/php-src/tests/security/magic_quotes_gpc.phpt?view=markup&rev=1.1 Index: php-src/tests/security/magic_quotes_gpc.phpt +++ php-src/tests/security/magic_quotes_gpc.phpt -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/date/lib timelib_structs.h
pajoye Thu Dec 11 13:11:56 2008 UTC Modified files: /php-src/ext/date/lib timelib_structs.h Log: - fix build (was never used like that before recent commit to session) > local include use quotes not <> (nb: please test before commit) http://cvs.php.net/viewvc.cgi/php-src/ext/date/lib/timelib_structs.h?r1=1.29&r2=1.30&diff_format=u Index: php-src/ext/date/lib/timelib_structs.h diff -u php-src/ext/date/lib/timelib_structs.h:1.29 php-src/ext/date/lib/timelib_structs.h:1.30 --- php-src/ext/date/lib/timelib_structs.h:1.29 Fri Jul 18 14:33:27 2008 +++ php-src/ext/date/lib/timelib_structs.h Thu Dec 11 13:11:56 2008 @@ -16,12 +16,12 @@ +--+ */ -/* $Id: timelib_structs.h,v 1.29 2008/07/18 14:33:27 derick Exp $ */ +/* $Id: timelib_structs.h,v 1.30 2008/12/11 13:11:56 pajoye Exp $ */ #ifndef __TIMELIB_STRUCTS_H__ #define __TIMELIB_STRUCTS_H__ -#include +#include "timelib_config.h" #ifdef HAVE_SYS_TYPES_H #include -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_3) /ext/date/lib timelib_structs.h
pajoye Thu Dec 11 13:12:22 2008 UTC Modified files: (Branch: PHP_5_3) /php-src/ext/date/lib timelib_structs.h Log: - MFH: fix build (was never used like that before recent commit to session) > local include use quotes not <> http://cvs.php.net/viewvc.cgi/php-src/ext/date/lib/timelib_structs.h?r1=1.13.2.6.2.3.2.6&r2=1.13.2.6.2.3.2.7&diff_format=u Index: php-src/ext/date/lib/timelib_structs.h diff -u php-src/ext/date/lib/timelib_structs.h:1.13.2.6.2.3.2.6 php-src/ext/date/lib/timelib_structs.h:1.13.2.6.2.3.2.7 --- php-src/ext/date/lib/timelib_structs.h:1.13.2.6.2.3.2.6 Fri Jul 18 14:33:53 2008 +++ php-src/ext/date/lib/timelib_structs.h Thu Dec 11 13:12:22 2008 @@ -16,12 +16,12 @@ +--+ */ -/* $Id: timelib_structs.h,v 1.13.2.6.2.3.2.6 2008/07/18 14:33:53 derick Exp $ */ +/* $Id: timelib_structs.h,v 1.13.2.6.2.3.2.7 2008/12/11 13:12:22 pajoye Exp $ */ #ifndef __TIMELIB_STRUCTS_H__ #define __TIMELIB_STRUCTS_H__ -#include +#include "timelib_config.h" #ifdef HAVE_SYS_TYPES_H #include -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/date/lib timelib_structs.h
pajoye Thu Dec 11 13:12:54 2008 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/date/lib timelib_structs.h Log: - MFH: fix build (was never used like that before recent commit to session) > local include use quotes not <> http://cvs.php.net/viewvc.cgi/php-src/ext/date/lib/timelib_structs.h?r1=1.13.2.6.2.4&r2=1.13.2.6.2.5&diff_format=u Index: php-src/ext/date/lib/timelib_structs.h diff -u php-src/ext/date/lib/timelib_structs.h:1.13.2.6.2.4 php-src/ext/date/lib/timelib_structs.h:1.13.2.6.2.5 --- php-src/ext/date/lib/timelib_structs.h:1.13.2.6.2.4 Mon Dec 31 07:20:05 2007 +++ php-src/ext/date/lib/timelib_structs.h Thu Dec 11 13:12:54 2008 @@ -16,12 +16,12 @@ +--+ */ -/* $Id: timelib_structs.h,v 1.13.2.6.2.4 2007/12/31 07:20:05 sebastian Exp $ */ +/* $Id: timelib_structs.h,v 1.13.2.6.2.5 2008/12/11 13:12:54 pajoye Exp $ */ #ifndef __TIMELIB_STRUCTS_H__ #define __TIMELIB_STRUCTS_H__ -#include +#include "timelib_config.h" #ifdef HAVE_SYS_TYPES_H #include -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] Re: cvs: php-src(PHP_5_3) /tests/security magic_quotes_gpc.phpt
A test is already there for this in tests/basic/bug46759.phpt Scott Stefan Esser wrote: > sesserThu Dec 11 13:05:52 2008 UTC > > Added files: (Branch: PHP_5_3) > /php-src/tests/security magic_quotes_gpc.phpt > Log: > Added test for magic_quotes_gpc > > > > > http://cvs.php.net/viewvc.cgi/php-src/tests/security/magic_quotes_gpc.phpt?view=markup&rev=1.1 > Index: php-src/tests/security/magic_quotes_gpc.phpt > +++ php-src/tests/security/magic_quotes_gpc.phpt > > -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src(PHP_5_3) /ext/mbstring mbstring.c
Can you MFH this to 5.2 as well. On 10-Dec-08, at 9:56 PM, Scott MacVicar wrote: scottmacThu Dec 11 02:56:46 2008 UTC Modified files: (Branch: PHP_5_3) /php-src/ext/mbstringmbstring.c Log: MFH Fix bug #46738 - Segfault when mb_detect_encoding() fails. http://cvs.php.net/viewvc.cgi/php-src/ext/mbstring/mbstring.c?r1=1.224.2.22.2.25.2.38&r2=1.224.2.22.2.25.2.39&diff_format=u Index: php-src/ext/mbstring/mbstring.c diff -u php-src/ext/mbstring/mbstring.c:1.224.2.22.2.25.2.38 php-src/ ext/mbstring/mbstring.c:1.224.2.22.2.25.2.39 --- php-src/ext/mbstring/mbstring.c:1.224.2.22.2.25.2.38 Mon Nov 17 11:27:56 2008 +++ php-src/ext/mbstring/mbstring.c Thu Dec 11 02:56:45 2008 @@ -17,7 +17,7 @@ + --+ */ -/* $Id: mbstring.c,v 1.224.2.22.2.25.2.38 2008/11/17 11:27:56 felipe Exp $ */ +/* $Id: mbstring.c,v 1.224.2.22.2.25.2.39 2008/12/11 02:56:45 scottmac Exp $ */ /* * PHP 4 Multibyte String module "mbstring" @@ -3227,7 +3227,7 @@ } if (ret == NULL) { - RETVAL_FALSE; + RETURN_FALSE; } RETVAL_STRING((char *)ret, 1); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Ilia Alshanetsky -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src(PHP_5_3) /ext/mbstring mbstring.c
5.2 isn't affected. Scott Ilia Alshanetsky wrote: > Can you MFH this to 5.2 as well. > > On 10-Dec-08, at 9:56 PM, Scott MacVicar wrote: > >> scottmacThu Dec 11 02:56:46 2008 UTC >> >> Modified files: (Branch: PHP_5_3) >>/php-src/ext/mbstringmbstring.c >> Log: >> MFH Fix bug #46738 - Segfault when mb_detect_encoding() fails. >> >> >> >> http://cvs.php.net/viewvc.cgi/php-src/ext/mbstring/mbstring.c?r1=1.224.2.22.2.25.2.38&r2=1.224.2.22.2.25.2.39&diff_format=u >> >> Index: php-src/ext/mbstring/mbstring.c >> diff -u php-src/ext/mbstring/mbstring.c:1.224.2.22.2.25.2.38 >> php-src/ext/mbstring/mbstring.c:1.224.2.22.2.25.2.39 >> --- php-src/ext/mbstring/mbstring.c:1.224.2.22.2.25.2.38Mon Nov 17 >> 11:27:56 2008 >> +++ php-src/ext/mbstring/mbstring.cThu Dec 11 02:56:45 2008 >> @@ -17,7 +17,7 @@ >> >> +--+ >> */ >> >> -/* $Id: mbstring.c,v 1.224.2.22.2.25.2.38 2008/11/17 11:27:56 felipe >> Exp $ */ >> +/* $Id: mbstring.c,v 1.224.2.22.2.25.2.39 2008/12/11 02:56:45 >> scottmac Exp $ */ >> >> /* >> * PHP 4 Multibyte String module "mbstring" >> @@ -3227,7 +3227,7 @@ >> } >> >> if (ret == NULL) { >> -RETVAL_FALSE; >> +RETURN_FALSE; >> } >> >> RETVAL_STRING((char *)ret, 1); >> >> >> >> -- >> PHP CVS Mailing List (http://www.php.net/) >> To unsubscribe, visit: http://www.php.net/unsub.php >> > > Ilia Alshanetsky > > > > -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/mssql php_mssql.c
pajoye Thu Dec 11 15:30:18 2008 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/mssql php_mssql.c Log: - fix build (all platforms) http://cvs.php.net/viewvc.cgi/php-src/ext/mssql/php_mssql.c?r1=1.152.2.13.2.9&r2=1.152.2.13.2.10&diff_format=u Index: php-src/ext/mssql/php_mssql.c diff -u php-src/ext/mssql/php_mssql.c:1.152.2.13.2.9 php-src/ext/mssql/php_mssql.c:1.152.2.13.2.10 --- php-src/ext/mssql/php_mssql.c:1.152.2.13.2.9Wed Dec 10 20:54:47 2008 +++ php-src/ext/mssql/php_mssql.c Thu Dec 11 15:30:18 2008 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: php_mssql.c,v 1.152.2.13.2.9 2008/12/10 20:54:47 iliaa Exp $ */ +/* $Id: php_mssql.c,v 1.152.2.13.2.10 2008/12/11 15:30:18 pajoye Exp $ */ #ifdef COMPILE_DL_MSSQL #define HAVE_MSSQL 1 @@ -885,6 +885,7 @@ res_buf[res_length] = '\0'; ZVAL_STRINGL(result, res_buf, res_length, 0); } + } break; case SQLNUMERIC: default: { @@ -937,7 +938,7 @@ } } -static void php_mssql_get_column_content_without_type(mssql_link *mssql_ptr,int offset,zval *result, int column_type TSRMLS_DC) +static void php_mssql_get_column_content_without_type(mssql_link *mssql_ptr, int offset,zval *result, int column_type TSRMLS_DC) { if (dbdatlen(mssql_ptr->link,offset) == 0) { ZVAL_NULL(result); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_3) /ext/pdo pdo_stmt.c
iliaa Thu Dec 11 15:32:24 2008 UTC Modified files: (Branch: PHP_5_3) /php-src/ext/pdopdo_stmt.c Log: Fixed a possible corruption inside PDOStatement::debugDumpParams() http://cvs.php.net/viewvc.cgi/php-src/ext/pdo/pdo_stmt.c?r1=1.118.2.38.2.24.2.39&r2=1.118.2.38.2.24.2.40&diff_format=u Index: php-src/ext/pdo/pdo_stmt.c diff -u php-src/ext/pdo/pdo_stmt.c:1.118.2.38.2.24.2.39 php-src/ext/pdo/pdo_stmt.c:1.118.2.38.2.24.2.40 --- php-src/ext/pdo/pdo_stmt.c:1.118.2.38.2.24.2.39 Wed Dec 3 10:18:42 2008 +++ php-src/ext/pdo/pdo_stmt.c Thu Dec 11 15:32:24 2008 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: pdo_stmt.c,v 1.118.2.38.2.24.2.39 2008/12/03 10:18:42 tony2001 Exp $ */ +/* $Id: pdo_stmt.c,v 1.118.2.38.2.24.2.40 2008/12/11 15:32:24 iliaa Exp $ */ /* The PDO Statement Handle Class */ @@ -2209,7 +2209,9 @@ if (res == HASH_KEY_IS_LONG) { php_stream_printf(out TSRMLS_CC, "Key: Position #%ld:\n", num); } else if (res == HASH_KEY_IS_STRING) { - php_stream_printf(out TSRMLS_CC, "Key: Name: [%d] %.*s\n", len, len, str); + char *s = estrndup(str, len); + php_stream_printf(out TSRMLS_CC, "Key: Name: [%d] %.*s\n", len, len, s); + efree(s); } php_stream_printf(out TSRMLS_CC, "paramno=%d\nname=[%d] \"%.*s\"\nis_param=%d\nparam_type=%d\n", -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/mssql php_mssql.c
pajoye Thu Dec 11 15:33:18 2008 UTC Modified files: /php-src/ext/mssql php_mssql.c Log: - MFB: fix build http://cvs.php.net/viewvc.cgi/php-src/ext/mssql/php_mssql.c?r1=1.183&r2=1.184&diff_format=u Index: php-src/ext/mssql/php_mssql.c diff -u php-src/ext/mssql/php_mssql.c:1.183 php-src/ext/mssql/php_mssql.c:1.184 --- php-src/ext/mssql/php_mssql.c:1.183 Wed Dec 10 20:53:58 2008 +++ php-src/ext/mssql/php_mssql.c Thu Dec 11 15:33:18 2008 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: php_mssql.c,v 1.183 2008/12/10 20:53:58 iliaa Exp $ */ +/* $Id: php_mssql.c,v 1.184 2008/12/11 15:33:18 pajoye Exp $ */ #ifdef COMPILE_DL_MSSQL #define HAVE_MSSQL 1 @@ -986,6 +986,7 @@ res_buf[res_length] = '\0'; ZVAL_STRINGL(result, res_buf, res_length, 0); } + } break; case SQLNUMERIC: default: { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src(PHP_5_3) /ext/pdo pdo_stmt.c
Modified files: (Branch: PHP_5_3) /php-src/ext/pdo pdo_stmt.c Log: Fixed a possible corruption inside PDOStatement::debugDumpParams() http://cvs.php.net/viewvc.cgi/php-src/ext/pdo/pdo_stmt.c?r1=1.118.2.38.2.24.2.39&r2=1.118.2.38.2.24.2.40&diff_format=u Index: php-src/ext/pdo/pdo_stmt.c diff -u php-src/ext/pdo/pdo_stmt.c:1.118.2.38.2.24.2.39 php-src/ext/pdo/pdo_stmt.c:1.118.2.38.2.24.2.40 @@ -2209,7 +2209,9 @@ if (res == HASH_KEY_IS_LONG) { php_stream_printf(out TSRMLS_CC, "Key: Position #%ld:\n", num); } else if (res == HASH_KEY_IS_STRING) { - php_stream_printf(out TSRMLS_CC, "Key: Name: [%d] %.*s\n", len, len, str); + char *s = estrndup(str, len); + php_stream_printf(out TSRMLS_CC, "Key: Name: [%d] %.*s\n", len, len, s); + efree(s); } Sorry for my ignorance, but isn't the new code exactly equivalent to the old one, albeit a bit slower? I can't really see how a strndup() can fix a corruption there.. If there's some problem, probably it's deeper than this.. Nuno -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src(PHP_5_3) /ext/pdo pdo_stmt.c
The patch was already n 5.2, the issue is that the str (key) is not guaranteed to be NULL terminated (nor does it need to be), so when strlen() is attempted on top of it you could end up reading more data then necessary. On 11-Dec-08, at 10:43 AM, Nuno Lopes wrote: Modified files: (Branch: PHP_5_3) /php-src/ext/pdo pdo_stmt.c Log: Fixed a possible corruption inside PDOStatement::debugDumpParams() http://cvs.php.net/viewvc.cgi/php-src/ext/pdo/pdo_stmt.c?r1=1.118.2.38.2.24.2.39&r2=1.118.2.38.2.24.2.40&diff_format=u Index: php-src/ext/pdo/pdo_stmt.c diff -u php-src/ext/pdo/pdo_stmt.c:1.118.2.38.2.24.2.39 php-src/ext/ pdo/pdo_stmt.c:1.118.2.38.2.24.2.40 @@ -2209,7 +2209,9 @@ if (res == HASH_KEY_IS_LONG) { php_stream_printf(out TSRMLS_CC, "Key: Position #%ld:\n", num); } else if (res == HASH_KEY_IS_STRING) { - php_stream_printf(out TSRMLS_CC, "Key: Name: [%d] %.*s\n", len, len, str); + char *s = estrndup(str, len); + php_stream_printf(out TSRMLS_CC, "Key: Name: [%d] %.*s\n", len, len, s); + efree(s); } Sorry for my ignorance, but isn't the new code exactly equivalent to the old one, albeit a bit slower? I can't really see how a strndup() can fix a corruption there.. If there's some problem, probably it's deeper than this.. Nuno Ilia Alshanetsky -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_3) /ext/mssql php_mssql.c
pajoye Thu Dec 11 15:31:31 2008 UTC Modified files: (Branch: PHP_5_3) /php-src/ext/mssql php_mssql.c Log: - MFB: fix build http://cvs.php.net/viewvc.cgi/php-src/ext/mssql/php_mssql.c?r1=1.152.2.13.2.4.2.15&r2=1.152.2.13.2.4.2.16&diff_format=u Index: php-src/ext/mssql/php_mssql.c diff -u php-src/ext/mssql/php_mssql.c:1.152.2.13.2.4.2.15 php-src/ext/mssql/php_mssql.c:1.152.2.13.2.4.2.16 --- php-src/ext/mssql/php_mssql.c:1.152.2.13.2.4.2.15 Wed Dec 10 20:53:44 2008 +++ php-src/ext/mssql/php_mssql.c Thu Dec 11 15:31:31 2008 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: php_mssql.c,v 1.152.2.13.2.4.2.15 2008/12/10 20:53:44 iliaa Exp $ */ +/* $Id: php_mssql.c,v 1.152.2.13.2.4.2.16 2008/12/11 15:31:31 pajoye Exp $ */ #ifdef COMPILE_DL_MSSQL #define HAVE_MSSQL 1 @@ -986,6 +986,7 @@ res_buf[res_length] = '\0'; ZVAL_STRINGL(result, res_buf, res_length, 0); } + } break; case SQLNUMERIC: default: { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src(PHP_5_3) /ext/pdo pdo_stmt.c
Weird.. Isn't that a bug in php_stream_printf() then? I would say it shouldn't read past the specified length.. otherwise the same bug may appear in other places. What do you think? Nuno - Original Message - The patch was already n 5.2, the issue is that the str (key) is not guaranteed to be NULL terminated (nor does it need to be), so when strlen() is attempted on top of it you could end up reading more data then necessary. On 11-Dec-08, at 10:43 AM, Nuno Lopes wrote: Modified files: (Branch: PHP_5_3) /php-src/ext/pdo pdo_stmt.c Log: Fixed a possible corruption inside PDOStatement::debugDumpParams() http://cvs.php.net/viewvc.cgi/php-src/ext/pdo/pdo_stmt.c?r1=1.118.2.38.2.24.2.39&r2=1.118.2.38.2.24.2.40&diff_format=u Index: php-src/ext/pdo/pdo_stmt.c diff -u php-src/ext/pdo/pdo_stmt.c:1.118.2.38.2.24.2.39 php-src/ext/ pdo/pdo_stmt.c:1.118.2.38.2.24.2.40 @@ -2209,7 +2209,9 @@ if (res == HASH_KEY_IS_LONG) { php_stream_printf(out TSRMLS_CC, "Key: Position #%ld:\n", num); } else if (res == HASH_KEY_IS_STRING) { - php_stream_printf(out TSRMLS_CC, "Key: Name: [%d] %.*s\n", len, len, str); + char *s = estrndup(str, len); + php_stream_printf(out TSRMLS_CC, "Key: Name: [%d] %.*s\n", len, len, s); + efree(s); } Sorry for my ignorance, but isn't the new code exactly equivalent to the old one, albeit a bit slower? I can't really see how a strndup() can fix a corruption there.. If there's some problem, probably it's deeper than this.. Nuno Ilia Alshanetsky -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src(PHP_5_3) /ext/pdo pdo_stmt.c
It does not really read past it, but internally it does a strlen() on the %s argument, which is where the valgrind shows the message. Technically that code needs to be reviewed, but just from general use case I think its safer not to pass non-terminated char pointers around. On 11-Dec-08, at 11:50 AM, Nuno Lopes wrote: Weird.. Isn't that a bug in php_stream_printf() then? I would say it shouldn't read past the specified length.. otherwise the same bug may appear in other places. What do you think? Nuno - Original Message - The patch was already n 5.2, the issue is that the str (key) is not guaranteed to be NULL terminated (nor does it need to be), so when strlen() is attempted on top of it you could end up reading more data then necessary. On 11-Dec-08, at 10:43 AM, Nuno Lopes wrote: Modified files: (Branch: PHP_5_3) /php-src/ext/pdo pdo_stmt.c Log: Fixed a possible corruption inside PDOStatement::debugDumpParams() http://cvs.php.net/viewvc.cgi/php-src/ext/pdo/pdo_stmt.c?r1=1.118.2.38.2.24.2.39&r2=1.118.2.38.2.24.2.40&diff_format=u Index: php-src/ext/pdo/pdo_stmt.c diff -u php-src/ext/pdo/pdo_stmt.c:1.118.2.38.2.24.2.39 php-src/ ext/ pdo/pdo_stmt.c:1.118.2.38.2.24.2.40 @@ -2209,7 +2209,9 @@ if (res == HASH_KEY_IS_LONG) { php_stream_printf(out TSRMLS_CC, "Key: Position #%ld:\n", num); } else if (res == HASH_KEY_IS_STRING) { - php_stream_printf(out TSRMLS_CC, "Key: Name: [%d] %.*s\n", len, len, str); + char *s = estrndup(str, len); + php_stream_printf(out TSRMLS_CC, "Key: Name: [%d] %.*s\n", len, len, s); + efree(s); } Sorry for my ignorance, but isn't the new code exactly equivalent to the old one, albeit a bit slower? I can't really see how a strndup() can fix a corruption there.. If there's some problem, probably it's deeper than this.. Nuno Ilia Alshanetsky Ilia Alshanetsky -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/xml compat.c /ext/xml/tests bug46699.phpt
rrichards Fri Dec 12 04:15:14 2008 UTC Added files: /php-src/ext/xml/tests bug46699.phpt Modified files: /php-src/ext/xmlcompat.c Log: fix bug #46699: (xml_parse crash when parser is namespace aware) fix a couple warnings add test http://cvs.php.net/viewvc.cgi/php-src/ext/xml/compat.c?r1=1.50&r2=1.51&diff_format=u Index: php-src/ext/xml/compat.c diff -u php-src/ext/xml/compat.c:1.50 php-src/ext/xml/compat.c:1.51 --- php-src/ext/xml/compat.c:1.50 Mon Dec 31 07:12:17 2007 +++ php-src/ext/xml/compat.cFri Dec 12 04:15:14 2008 @@ -40,7 +40,7 @@ /* Use libxml functions otherwise its memory deallocation is screwed up */ *qualified = xmlStrdup(URI); *qualified = xmlStrncat(*qualified, parser->_ns_seperator, 1); - *qualified = xmlStrncat(*qualified, name, strlen(name)); + *qualified = xmlStrncat(*qualified, name, xmlStrlen(name)); } else { *qualified = xmlStrdup(name); } @@ -104,7 +104,66 @@ y = 0; } - if (parser->h_start_element == NULL && parser->h_default == NULL) { + if (parser->h_start_element == NULL) { + if (parser->h_default) { + + if (prefix) { + qualified_name = xmlStrncatNew((xmlChar *)"<", prefix, xmlStrlen(prefix)); + qualified_name = xmlStrncat(qualified_name, (xmlChar *)":", 1); + qualified_name = xmlStrncat(qualified_name, name, xmlStrlen(name)); + } else { + qualified_name = xmlStrncatNew((xmlChar *)"<", name, xmlStrlen(name)); + } + + if (namespaces) { + int i, j; + for (i = 0,j = 0;j < nb_namespaces;j++) { + int ns_len; + char *ns_string, *ns_prefix, *ns_url; + + ns_prefix = (char *) namespaces[i++]; + ns_url = (char *) namespaces[i++]; + + if (ns_prefix) { + ns_len = spprintf(&ns_string, 0, " xmlns:%s=\"%s\"", ns_prefix, ns_url); + } else { + ns_len = spprintf(&ns_string, 0, " xmlns=\"%s\"", ns_url); + } + qualified_name = xmlStrncat(qualified_name, (xmlChar *)ns_string, ns_len); + + efree(ns_string); + } + } + + if (attributes) { + for (i = 0; i < nb_attributes; i += 1) { + int att_len; + char *att_string, *att_name, *att_value, *att_prefix, *att_valueend; + + att_name = (char *) attributes[y++]; + att_prefix = (char *)attributes[y++]; + y++; + att_value = (char *)attributes[y++]; + att_valueend = (char *)attributes[y++]; + + if (att_prefix) { + att_len = spprintf(&att_string, 0, " %s:%s=\"", att_prefix, att_name); + } else { + att_len = spprintf(&att_string, 0, " %s=\"", att_name); + } + + qualified_name = xmlStrncat(qualified_name, (xmlChar *)att_string, att_len); + qualified_name = xmlStrncat(qualified_name, (xmlChar *)att_value, att_valueend - att_value); + qualified_name = xmlStrncat(qualified_name, (xmlChar *)"\"", 1); + + efree(att_string); + } + + } + qualified_name = xmlStrncat(qualified_name, (xmlChar *)">", 1); + parser->h_default(parser->user, (const XML_Char *) qualified_name, xmlStrlen(qualified_name)); + xmlFree(qualified_name); + } return; } _qualify_namespace(parser, name, URI, &qualified_name); @@ -178,6 +
[PHP-CVS] cvs: php-src(PHP_5_3) /ext/xml compat.c /ext/xml/tests bug46699.phpt
rrichards Fri Dec 12 04:16:21 2008 UTC Added files: (Branch: PHP_5_3) /php-src/ext/xml/tests bug46699.phpt Modified files: /php-src/ext/xmlcompat.c Log: MFH: fix bug #46699: (xml_parse crash when parser is namespace aware) fix a couple warnings add test http://cvs.php.net/viewvc.cgi/php-src/ext/xml/compat.c?r1=1.44.2.4.2.1.2.1&r2=1.44.2.4.2.1.2.2&diff_format=u Index: php-src/ext/xml/compat.c diff -u php-src/ext/xml/compat.c:1.44.2.4.2.1.2.1 php-src/ext/xml/compat.c:1.44.2.4.2.1.2.2 --- php-src/ext/xml/compat.c:1.44.2.4.2.1.2.1 Mon Dec 31 07:17:16 2007 +++ php-src/ext/xml/compat.cFri Dec 12 04:16:21 2008 @@ -40,7 +40,7 @@ /* Use libxml functions otherwise its memory deallocation is screwed up */ *qualified = xmlStrdup(URI); *qualified = xmlStrncat(*qualified, parser->_ns_seperator, 1); - *qualified = xmlStrncat(*qualified, name, strlen(name)); + *qualified = xmlStrncat(*qualified, name, xmlStrlen(name)); } else { *qualified = xmlStrdup(name); } @@ -104,7 +104,66 @@ y = 0; } - if (parser->h_start_element == NULL && parser->h_default == NULL) { + if (parser->h_start_element == NULL) { + if (parser->h_default) { + + if (prefix) { + qualified_name = xmlStrncatNew((xmlChar *)"<", prefix, xmlStrlen(prefix)); + qualified_name = xmlStrncat(qualified_name, (xmlChar *)":", 1); + qualified_name = xmlStrncat(qualified_name, name, xmlStrlen(name)); + } else { + qualified_name = xmlStrncatNew((xmlChar *)"<", name, xmlStrlen(name)); + } + + if (namespaces) { + int i, j; + for (i = 0,j = 0;j < nb_namespaces;j++) { + int ns_len; + char *ns_string, *ns_prefix, *ns_url; + + ns_prefix = (char *) namespaces[i++]; + ns_url = (char *) namespaces[i++]; + + if (ns_prefix) { + ns_len = spprintf(&ns_string, 0, " xmlns:%s=\"%s\"", ns_prefix, ns_url); + } else { + ns_len = spprintf(&ns_string, 0, " xmlns=\"%s\"", ns_url); + } + qualified_name = xmlStrncat(qualified_name, (xmlChar *)ns_string, ns_len); + + efree(ns_string); + } + } + + if (attributes) { + for (i = 0; i < nb_attributes; i += 1) { + int att_len; + char *att_string, *att_name, *att_value, *att_prefix, *att_valueend; + + att_name = (char *) attributes[y++]; + att_prefix = (char *)attributes[y++]; + y++; + att_value = (char *)attributes[y++]; + att_valueend = (char *)attributes[y++]; + + if (att_prefix) { + att_len = spprintf(&att_string, 0, " %s:%s=\"", att_prefix, att_name); + } else { + att_len = spprintf(&att_string, 0, " %s=\"", att_name); + } + + qualified_name = xmlStrncat(qualified_name, (xmlChar *)att_string, att_len); + qualified_name = xmlStrncat(qualified_name, (xmlChar *)att_value, att_valueend - att_value); + qualified_name = xmlStrncat(qualified_name, (xmlChar *)"\"", 1); + + efree(att_string); + } + + } + qualified_name = xmlStrncat(qualified_name, (xmlChar *)">", 1); + parser->h_default(parser->user, (const XML_Char *) qualified_name, xmlStrlen(qualified_name)); + xmlFree(qualified_name); + } return;
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/xml compat.c /ext/xml/tests bug46699.phpt
rrichards Fri Dec 12 04:17:26 2008 UTC Added files: (Branch: PHP_5_2) /php-src/ext/xml/tests bug46699.phpt Modified files: /php-src/ext/xmlcompat.c Log: MFH: fix bug #46699: (xml_parse crash when parser is namespace aware) fix a couple warnings add test http://cvs.php.net/viewvc.cgi/php-src/ext/xml/compat.c?r1=1.44.2.4.2.2&r2=1.44.2.4.2.3&diff_format=u Index: php-src/ext/xml/compat.c diff -u php-src/ext/xml/compat.c:1.44.2.4.2.2 php-src/ext/xml/compat.c:1.44.2.4.2.3 --- php-src/ext/xml/compat.c:1.44.2.4.2.2 Mon Dec 31 07:20:14 2007 +++ php-src/ext/xml/compat.cFri Dec 12 04:17:26 2008 @@ -40,7 +40,7 @@ /* Use libxml functions otherwise its memory deallocation is screwed up */ *qualified = xmlStrdup(URI); *qualified = xmlStrncat(*qualified, parser->_ns_seperator, 1); - *qualified = xmlStrncat(*qualified, name, strlen(name)); + *qualified = xmlStrncat(*qualified, name, xmlStrlen(name)); } else { *qualified = xmlStrdup(name); } @@ -104,7 +104,66 @@ y = 0; } - if (parser->h_start_element == NULL && parser->h_default == NULL) { + if (parser->h_start_element == NULL) { + if (parser->h_default) { + + if (prefix) { + qualified_name = xmlStrncatNew((xmlChar *)"<", prefix, xmlStrlen(prefix)); + qualified_name = xmlStrncat(qualified_name, (xmlChar *)":", 1); + qualified_name = xmlStrncat(qualified_name, name, xmlStrlen(name)); + } else { + qualified_name = xmlStrncatNew((xmlChar *)"<", name, xmlStrlen(name)); + } + + if (namespaces) { + int i, j; + for (i = 0,j = 0;j < nb_namespaces;j++) { + int ns_len; + char *ns_string, *ns_prefix, *ns_url; + + ns_prefix = (char *) namespaces[i++]; + ns_url = (char *) namespaces[i++]; + + if (ns_prefix) { + ns_len = spprintf(&ns_string, 0, " xmlns:%s=\"%s\"", ns_prefix, ns_url); + } else { + ns_len = spprintf(&ns_string, 0, " xmlns=\"%s\"", ns_url); + } + qualified_name = xmlStrncat(qualified_name, (xmlChar *)ns_string, ns_len); + + efree(ns_string); + } + } + + if (attributes) { + for (i = 0; i < nb_attributes; i += 1) { + int att_len; + char *att_string, *att_name, *att_value, *att_prefix, *att_valueend; + + att_name = (char *) attributes[y++]; + att_prefix = (char *)attributes[y++]; + y++; + att_value = (char *)attributes[y++]; + att_valueend = (char *)attributes[y++]; + + if (att_prefix) { + att_len = spprintf(&att_string, 0, " %s:%s=\"", att_prefix, att_name); + } else { + att_len = spprintf(&att_string, 0, " %s=\"", att_name); + } + + qualified_name = xmlStrncat(qualified_name, (xmlChar *)att_string, att_len); + qualified_name = xmlStrncat(qualified_name, (xmlChar *)att_value, att_valueend - att_value); + qualified_name = xmlStrncat(qualified_name, (xmlChar *)"\"", 1); + + efree(att_string); + } + + } + qualified_name = xmlStrncat(qualified_name, (xmlChar *)">", 1); + parser->h_default(parser->user, (const XML_Char *) qualified_name, xmlStrlen(qualified_name)); + xmlFree(qualified_name); + } return; } _qua
[PHP-CVS] cvs: php-src(PHP_5_2) / NEWS
rrichards Fri Dec 12 04:18:13 2008 UTC Modified files: (Branch: PHP_5_2) /php-srcNEWS Log: BFN http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1357&r2=1.2027.2.547.2.1358&diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.2027.2.547.2.1357 php-src/NEWS:1.2027.2.547.2.1358 --- php-src/NEWS:1.2027.2.547.2.1357Thu Dec 11 01:23:40 2008 +++ php-src/NEWSFri Dec 12 04:18:12 2008 @@ -10,6 +10,7 @@ - Fixed bug #46748 (Segfault when an SSL error has more than one error). (Scott) - Fixed bug #46739 (array returned by curl_getinfo should contain content_type key). (Mikko) +- Fixed bug #46699: (xml_parse crash when parser is namespace aware). (Rob) - Fixed bug #35975 (Session cookie expires date format isn't the most compatible. Now matches that of setcookie()). (Scott) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) / NEWS
rrichards Fri Dec 12 04:21:02 2008 UTC Modified files: (Branch: PHP_5_2) /php-srcNEWS Log: fix entry http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1358&r2=1.2027.2.547.2.1359&diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.2027.2.547.2.1358 php-src/NEWS:1.2027.2.547.2.1359 --- php-src/NEWS:1.2027.2.547.2.1358Fri Dec 12 04:18:12 2008 +++ php-src/NEWSFri Dec 12 04:21:01 2008 @@ -10,7 +10,7 @@ - Fixed bug #46748 (Segfault when an SSL error has more than one error). (Scott) - Fixed bug #46739 (array returned by curl_getinfo should contain content_type key). (Mikko) -- Fixed bug #46699: (xml_parse crash when parser is namespace aware). (Rob) +- Fixed bug #46699 (xml_parse crash when parser is namespace aware). (Rob) - Fixed bug #35975 (Session cookie expires date format isn't the most compatible. Now matches that of setcookie()). (Scott) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php