[PHP-CVS-DAILY] cvs: php-src / ChangeLog
changelog Wed Sep 19 01:32:42 2007 UTC Modified files: /php-srcChangeLog Log: ChangeLog update http://cvs.php.net/viewvc.cgi/php-src/ChangeLog?r1=1.2812r2=1.2813diff_format=u Index: php-src/ChangeLog diff -u php-src/ChangeLog:1.2812 php-src/ChangeLog:1.2813 --- php-src/ChangeLog:1.2812Tue Sep 18 01:31:18 2007 +++ php-src/ChangeLog Wed Sep 19 01:32:38 2007 @@ -1,3 +1,62 @@ +2007-09-18 Rui Hirokawa [EMAIL PROTECTED] + +* (PHP_5_2) + ext/mbstring/config.m4 + ext/mbstring/oniguruma/php_onig_compat.h: + MFH: fixed bug #42502 va_* cannot detect. + +* ext/mbstring/config.m4 + ext/mbstring/oniguruma/php_onig_compat.h: + fixed bug #42502 va_* cannot detect. + +* (PHP_5_2) + ext/mbstring/libmbfl/nls/nls_ru.c + ext/mbstring/libmbfl/nls/nls_ru.h: + modified line end CR - CR+NL + +2007-09-18 Stanislav Malyshev [EMAIL PROTECTED] + +* (PHP_5_2) + NEWS: + add dl() limit patch + +* ext/standard/dl.c + ext/standard/dl.c: + limit dl() argument length (patch by Christian Hoffmann) + +2007-09-18 Ilia Alshanetsky [EMAIL PROTECTED] + +* ext/xmlrpc/xmlrpc-epi-php.c + ext/xmlrpc/libxmlrpc/xmlrpc.c + ext/xmlrpc/tests/bug42189.phpt: + + MFB: Fixed bug #42189 (xmlrpc_set_type() crashes php on invalid datetime + values). + +* ext/xmlrpc/tests/bug42189.phpt + ext/xmlrpc/tests/bug42189.phpt: + + file bug42189.phpt was initially added on branch PHP_5_2. + +* (PHP_5_2) + NEWS + ext/xmlrpc/xmlrpc-epi-php.c + ext/xmlrpc/libxmlrpc/xmlrpc.c: + + Fixed bug #42189 (xmlrpc_set_type() crashes php on invalid datetime +values). + +2007-09-18 Jani Taskinen [EMAIL PROTECTED] + +* (PHP_5_2) + NEWS: + BFN + +* ZendEngine2/zend_extensions.c + ZendEngine2/zend_extensions.c: + - Fixed bug #42629 (Dynamically loaded PHP extensions need symbols exported + on MacOSX) + 2007-09-17 Ilia Alshanetsky [EMAIL PROTECTED] * (PHP_5_2)
[PHP-CVS-DAILY] cvs: ZendEngine2 / ChangeLog
changelog Wed Sep 19 01:32:46 2007 UTC Modified files: /ZendEngine2ChangeLog Log: ChangeLog update http://cvs.php.net/viewvc.cgi/ZendEngine2/ChangeLog?r1=1.1168r2=1.1169diff_format=u Index: ZendEngine2/ChangeLog diff -u ZendEngine2/ChangeLog:1.1168 ZendEngine2/ChangeLog:1.1169 --- ZendEngine2/ChangeLog:1.1168Wed Sep 12 01:31:18 2007 +++ ZendEngine2/ChangeLog Wed Sep 19 01:32:46 2007 @@ -1,3 +1,10 @@ +2007-09-18 Jani Taskinen [EMAIL PROTECTED] + +* zend_extensions.c + zend_extensions.c: + - Fixed bug #42629 (Dynamically loaded PHP extensions need symbols exported + on MacOSX) + 2007-09-11 Dmitry Stogov [EMAIL PROTECTED] * zend_builtin_functions.c: @@ -18943,7 +18950,7 @@ 2003-06-10 Jani Taskinen [EMAIL PROTECTED] * zend_multiply.h: - - Missing $Id: ChangeLog,v 1.1168 2007/09/12 01:31:18 changelog Exp $ tag + - Missing $Id: ChangeLog,v 1.1169 2007/09/19 01:32:46 changelog Exp $ tag 2003-06-10 James Cox [EMAIL PROTECTED] @@ -20667,7 +20674,7 @@ zend_types.h zend_variables.c zend_variables.h: - - Added some missing CVS $Id: ChangeLog,v 1.1168 2007/09/12 01:31:18 changelog Exp $ tags, headers and footers. + - Added some missing CVS $Id: ChangeLog,v 1.1169 2007/09/19 01:32:46 changelog Exp $ tags, headers and footers. 2003-01-30 Ilia Alshanetsky [EMAIL PROTECTED]
[PHP-CVS] cvs: php-src(PHP_5_2) / NEWS
janiTue Sep 18 09:25:04 2007 UTC Modified files: (Branch: PHP_5_2) /php-srcNEWS Log: BFN http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.952r2=1.2027.2.547.2.953diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.2027.2.547.2.952 php-src/NEWS:1.2027.2.547.2.953 --- php-src/NEWS:1.2027.2.547.2.952 Mon Sep 17 12:44:16 2007 +++ php-src/NEWSTue Sep 18 09:25:03 2007 @@ -21,6 +21,8 @@ - Fixed imagerectangle regression with 1x1 rectangle (libgd #106). (Pierre) - Fixed bug #42643 (CLI segfaults if using ATTR_PERSISTENT). (Ilia) +- Fixed bug #42629 (Dynamically loaded PHP extensions need symbols exported + on MacOSX). (jdolecek at NetBSD dot org) - Fixed bug #42627 (bz2 extension fails to build with -fno-common). (dolecek at netbsd dot org) - Fixed Bug #42596 (session.save_path MODE option does not work). (Ilia) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) / NEWS /ext/xmlrpc xmlrpc-epi-php.c /ext/xmlrpc/libxmlrpc xmlrpc.c /ext/xmlrpc/tests bug42189.phpt
iliaa Tue Sep 18 19:49:54 2007 UTC Added files: (Branch: PHP_5_2) /php-src/ext/xmlrpc/tests bug42189.phpt Modified files: /php-src/ext/xmlrpc xmlrpc-epi-php.c /php-src/ext/xmlrpc/libxmlrpc xmlrpc.c /php-srcNEWS Log: Fixed bug #42189 (xmlrpc_set_type() crashes php on invalid datetime values). http://cvs.php.net/viewvc.cgi/php-src/ext/xmlrpc/xmlrpc-epi-php.c?r1=1.39.2.5.2.5r2=1.39.2.5.2.6diff_format=u Index: php-src/ext/xmlrpc/xmlrpc-epi-php.c diff -u php-src/ext/xmlrpc/xmlrpc-epi-php.c:1.39.2.5.2.5 php-src/ext/xmlrpc/xmlrpc-epi-php.c:1.39.2.5.2.6 --- php-src/ext/xmlrpc/xmlrpc-epi-php.c:1.39.2.5.2.5Fri Jan 12 12:32:15 2007 +++ php-src/ext/xmlrpc/xmlrpc-epi-php.c Tue Sep 18 19:49:53 2007 @@ -51,7 +51,7 @@ +--+ */ -/* $Id: xmlrpc-epi-php.c,v 1.39.2.5.2.5 2007/01/12 12:32:15 tony2001 Exp $ */ +/* $Id: xmlrpc-epi-php.c,v 1.39.2.5.2.6 2007/09/18 19:49:53 iliaa Exp $ */ /** * BUGS: * @@ -1325,9 +1325,13 @@ if(SUCCESS == zend_hash_update(Z_OBJPROP_P(value), OBJECT_TYPE_ATTR, sizeof(OBJECT_TYPE_ATTR), (void *) type, sizeof(zval *), NULL)) { bSuccess = zend_hash_update(Z_OBJPROP_P(value), OBJECT_VALUE_TS_ATTR, sizeof(OBJECT_VALUE_TS_ATTR), (void *) ztimestamp, sizeof(zval *), NULL); } - } + } else { + zval_ptr_dtor(type); + } XMLRPC_CleanupValue(v); -} +} else { + zval_ptr_dtor(type); + } } else { convert_to_object(value); http://cvs.php.net/viewvc.cgi/php-src/ext/xmlrpc/libxmlrpc/xmlrpc.c?r1=1.8.4.2r2=1.8.4.3diff_format=u Index: php-src/ext/xmlrpc/libxmlrpc/xmlrpc.c diff -u php-src/ext/xmlrpc/libxmlrpc/xmlrpc.c:1.8.4.2 php-src/ext/xmlrpc/libxmlrpc/xmlrpc.c:1.8.4.3 --- php-src/ext/xmlrpc/libxmlrpc/xmlrpc.c:1.8.4.2 Thu Jun 7 09:07:36 2007 +++ php-src/ext/xmlrpc/libxmlrpc/xmlrpc.c Tue Sep 18 19:49:53 2007 @@ -31,7 +31,7 @@ */ -static const char rcsid[] = #(@) $Id: xmlrpc.c,v 1.8.4.2 2007/06/07 09:07:36 tony2001 Exp $; +static const char rcsid[] = #(@) $Id: xmlrpc.c,v 1.8.4.3 2007/09/18 19:49:53 iliaa Exp $; /h* ABOUT/xmlrpc @@ -43,6 +43,11 @@ * 9/1999 - 10/2000 * HISTORY * $Log: xmlrpc.c,v $ + * Revision 1.8.4.3 2007/09/18 19:49:53 iliaa + * + * Fixed bug #42189 (xmlrpc_set_type() crashes php on invalid datetime + * values). + * * Revision 1.8.4.2 2007/06/07 09:07:36 tony2001 * MFH: php_localtime_r() checks * @@ -176,7 +181,7 @@ } p++; } - text = buf; + text = buf; } @@ -186,15 +191,19 @@ return -1; } +#define XMLRPC_IS_NUMBER(x) if (x '0' || x '9') return -1; + n = 1000; tm.tm_year = 0; for(i = 0; i 4; i++) { + XMLRPC_IS_NUMBER(text[i]) tm.tm_year += (text[i]-'0')*n; n /= 10; } n = 10; tm.tm_mon = 0; for(i = 0; i 2; i++) { + XMLRPC_IS_NUMBER(text[i]) tm.tm_mon += (text[i+4]-'0')*n; n /= 10; } @@ -203,6 +212,7 @@ n = 10; tm.tm_mday = 0; for(i = 0; i 2; i++) { + XMLRPC_IS_NUMBER(text[i]) tm.tm_mday += (text[i+6]-'0')*n; n /= 10; } @@ -210,6 +220,7 @@ n = 10; tm.tm_hour = 0; for(i = 0; i 2; i++) { + XMLRPC_IS_NUMBER(text[i]) tm.tm_hour += (text[i+9]-'0')*n; n /= 10; } @@ -217,6 +228,7 @@ n = 10; tm.tm_min = 0; for(i = 0; i 2; i++) { + XMLRPC_IS_NUMBER(text[i]) tm.tm_min += (text[i+12]-'0')*n; n /= 10; } @@ -224,6 +236,7 @@ n = 10; tm.tm_sec = 0; for(i = 0; i 2; i++) { + XMLRPC_IS_NUMBER(text[i]) tm.tm_sec += (text[i+15]-'0')*n; n /= 10; } http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.953r2=1.2027.2.547.2.954diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.2027.2.547.2.953 php-src/NEWS:1.2027.2.547.2.954 --- php-src/NEWS:1.2027.2.547.2.953 Tue Sep 18 09:25:03 2007 +++ php-src/NEWSTue Sep 18 19:49:53 2007 @@ -50,6 +50,8 @@ - Fixed bug #42359 (xsd:list type not parsed). (Dmitry) - Fixed bug #42326 (SoapServer crash). (Dmitry) - Fixed bug #42214 (SoapServer sends clients internal PHP errors). (Dmitry) +- Fixed bug #42189 (xmlrpc_set_type() crashes php on invalid datetime + values). (Ilia) - Fixed bug #42086 (SoapServer return Procedure '' not present for WSIBasic compliant wsdl). (Dmitry) - Fixed bug #41561 (Values set with php_admin_* in httpd.conf can be overwritten http://cvs.php.net/viewvc.cgi/php-src/ext/xmlrpc/tests/bug42189.phpt?view=markuprev=1.1 Index:
[PHP-CVS] cvs: php-src /ext/xmlrpc xmlrpc-epi-php.c /ext/xmlrpc/libxmlrpc xmlrpc.c /ext/xmlrpc/tests bug42189.phpt
iliaa Tue Sep 18 19:52:28 2007 UTC Modified files: /php-src/ext/xmlrpc xmlrpc-epi-php.c /php-src/ext/xmlrpc/libxmlrpc xmlrpc.c /php-src/ext/xmlrpc/tests bug42189.phpt Log: MFB: Fixed bug #42189 (xmlrpc_set_type() crashes php on invalid datetime values). http://cvs.php.net/viewvc.cgi/php-src/ext/xmlrpc/xmlrpc-epi-php.c?r1=1.50r2=1.51diff_format=u Index: php-src/ext/xmlrpc/xmlrpc-epi-php.c diff -u php-src/ext/xmlrpc/xmlrpc-epi-php.c:1.50 php-src/ext/xmlrpc/xmlrpc-epi-php.c:1.51 --- php-src/ext/xmlrpc/xmlrpc-epi-php.c:1.50Thu Jul 12 10:04:42 2007 +++ php-src/ext/xmlrpc/xmlrpc-epi-php.c Tue Sep 18 19:52:27 2007 @@ -51,7 +51,7 @@ +--+ */ -/* $Id: xmlrpc-epi-php.c,v 1.50 2007/07/12 10:04:42 tony2001 Exp $ */ +/* $Id: xmlrpc-epi-php.c,v 1.51 2007/09/18 19:52:27 iliaa Exp $ */ /** * BUGS: * @@ -1313,8 +1313,12 @@ if(SUCCESS == zend_hash_update(Z_OBJPROP_P(value), OBJECT_TYPE_ATTR, sizeof(OBJECT_TYPE_ATTR), (void *) type, sizeof(zval *), NULL)) { bSuccess = zend_hash_update(Z_OBJPROP_P(value), OBJECT_VALUE_TS_ATTR, sizeof(OBJECT_VALUE_TS_ATTR), (void *) ztimestamp, sizeof(zval *), NULL); } + } else { + zval_ptr_dtor(type); } XMLRPC_CleanupValue(v); + } else { + zval_ptr_dtor(type); } } else { http://cvs.php.net/viewvc.cgi/php-src/ext/xmlrpc/libxmlrpc/xmlrpc.c?r1=1.11r2=1.12diff_format=u Index: php-src/ext/xmlrpc/libxmlrpc/xmlrpc.c diff -u php-src/ext/xmlrpc/libxmlrpc/xmlrpc.c:1.11 php-src/ext/xmlrpc/libxmlrpc/xmlrpc.c:1.12 --- php-src/ext/xmlrpc/libxmlrpc/xmlrpc.c:1.11 Thu Jun 7 09:07:12 2007 +++ php-src/ext/xmlrpc/libxmlrpc/xmlrpc.c Tue Sep 18 19:52:27 2007 @@ -31,7 +31,7 @@ */ -static const char rcsid[] = #(@) $Id: xmlrpc.c,v 1.11 2007/06/07 09:07:12 tony2001 Exp $; +static const char rcsid[] = #(@) $Id: xmlrpc.c,v 1.12 2007/09/18 19:52:27 iliaa Exp $; /h* ABOUT/xmlrpc @@ -43,6 +43,11 @@ * 9/1999 - 10/2000 * HISTORY * $Log: xmlrpc.c,v $ + * Revision 1.12 2007/09/18 19:52:27 iliaa + * + * MFB: Fixed bug #42189 (xmlrpc_set_type() crashes php on invalid datetime + * values). + * * Revision 1.11 2007/06/07 09:07:12 tony2001 * php_localtime_r() checks * @@ -179,7 +184,7 @@ } p++; } - text = buf; + text = buf; } @@ -189,15 +194,19 @@ return -1; } +#define XMLRPC_IS_NUMBER(x) if (x '0' || x '9') return -1; + n = 1000; tm.tm_year = 0; for(i = 0; i 4; i++) { + XMLRPC_IS_NUMBER(text[i]) tm.tm_year += (text[i]-'0')*n; n /= 10; } n = 10; tm.tm_mon = 0; for(i = 0; i 2; i++) { + XMLRPC_IS_NUMBER(text[i]) tm.tm_mon += (text[i+4]-'0')*n; n /= 10; } @@ -206,6 +215,7 @@ n = 10; tm.tm_mday = 0; for(i = 0; i 2; i++) { + XMLRPC_IS_NUMBER(text[i]) tm.tm_mday += (text[i+6]-'0')*n; n /= 10; } @@ -213,6 +223,7 @@ n = 10; tm.tm_hour = 0; for(i = 0; i 2; i++) { + XMLRPC_IS_NUMBER(text[i]) tm.tm_hour += (text[i+9]-'0')*n; n /= 10; } @@ -220,6 +231,7 @@ n = 10; tm.tm_min = 0; for(i = 0; i 2; i++) { + XMLRPC_IS_NUMBER(text[i]) tm.tm_min += (text[i+12]-'0')*n; n /= 10; } @@ -227,6 +239,7 @@ n = 10; tm.tm_sec = 0; for(i = 0; i 2; i++) { + XMLRPC_IS_NUMBER(text[i]) tm.tm_sec += (text[i+15]-'0')*n; n /= 10; } http://cvs.php.net/viewvc.cgi/php-src/ext/xmlrpc/tests/bug42189.phpt?r1=1.1r2=1.2diff_format=u Index: php-src/ext/xmlrpc/tests/bug42189.phpt diff -u /dev/null php-src/ext/xmlrpc/tests/bug42189.phpt:1.2 --- /dev/null Tue Sep 18 19:52:28 2007 +++ php-src/ext/xmlrpc/tests/bug42189.phpt Tue Sep 18 19:52:27 2007 @@ -0,0 +1,15 @@ +--TEST-- +Bug #42189 (xmlrpc_get_type() crashes PHP on invalid dates) +--SKIPIF-- +?php if (!extension_loaded(xmlrpc)) print skip; ? +--FILE-- +?php +$a = '~~'; +$ok = xmlrpc_set_type($a, 'datetime'); +var_dump($ok); + +echo Done\n; +? +--EXPECT-- +bool(false) +Done -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/standard dl.c
stasTue Sep 18 20:19:34 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/standard dl.c Log: limit dl() argument length (patch by Christian Hoffmann) http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dl.c?r1=1.106.2.1.2.4r2=1.106.2.1.2.5diff_format=u Index: php-src/ext/standard/dl.c diff -u php-src/ext/standard/dl.c:1.106.2.1.2.4 php-src/ext/standard/dl.c:1.106.2.1.2.5 --- php-src/ext/standard/dl.c:1.106.2.1.2.4 Thu Sep 13 07:42:12 2007 +++ php-src/ext/standard/dl.c Tue Sep 18 20:19:34 2007 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: dl.c,v 1.106.2.1.2.4 2007/09/13 07:42:12 jani Exp $ */ +/* $Id: dl.c,v 1.106.2.1.2.5 2007/09/18 20:19:34 stas Exp $ */ #include php.h #include dl.h @@ -73,6 +73,11 @@ RETURN_FALSE; } + if (Z_STRLEN_PP(file) = MAXPATHLEN) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, File name exceeds the maximum allowed length of %d characters, MAXPATHLEN); + RETURN_FALSE; + } + if ((strncmp(sapi_module.name, cgi, 3)!=0) (strcmp(sapi_module.name, cli)!=0) (strncmp(sapi_module.name, embed, 5)!=0)) { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/standard dl.c
stasTue Sep 18 20:21:04 2007 UTC Modified files: /php-src/ext/standard dl.c Log: limit dl() argument length (patch by Christian Hoffmann) http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dl.c?r1=1.116r2=1.117diff_format=u Index: php-src/ext/standard/dl.c diff -u php-src/ext/standard/dl.c:1.116 php-src/ext/standard/dl.c:1.117 --- php-src/ext/standard/dl.c:1.116 Thu Sep 13 07:41:59 2007 +++ php-src/ext/standard/dl.c Tue Sep 18 20:21:04 2007 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: dl.c,v 1.116 2007/09/13 07:41:59 jani Exp $ */ +/* $Id: dl.c,v 1.117 2007/09/18 20:21:04 stas Exp $ */ #include php.h #include dl.h @@ -63,6 +63,11 @@ return; } + if (Z_STRLEN_PP(file) = MAXPATHLEN) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, File name exceeds the maximum allowed length of %d characters, MAXPATHLEN); + RETURN_FALSE; + } + php_dl(filename, MODULE_TEMPORARY, return_value, 0 TSRMLS_CC); EG(full_tables_cleanup) = 1; } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) / NEWS
stasTue Sep 18 20:25:08 2007 UTC Modified files: (Branch: PHP_5_2) /php-srcNEWS Log: add dl() limit patch http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.954r2=1.2027.2.547.2.955diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.2027.2.547.2.954 php-src/NEWS:1.2027.2.547.2.955 --- php-src/NEWS:1.2027.2.547.2.954 Tue Sep 18 19:49:53 2007 +++ php-src/NEWSTue Sep 18 20:25:07 2007 @@ -10,6 +10,8 @@ (Stas) - Fixed PDO crash when driver returns empty LOB stream. (Stas) - Fixed dl() to only accept filenames - reported by Laurent Gaffie. (Stas) +- Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887). + (Christian Hoffmann) - Fixed missing brackets leading to build warning and error in the log. Win32 code). (Andrey) - Fixed leaks with multiple connects on one mysqli object. (Andrey) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/mbstring/libmbfl/nls nls_ru.c nls_ru.h
hirokawaTue Sep 18 21:33:30 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/mbstring/libmbfl/nls nls_ru.c nls_ru.h Log: modified line end CR - CR+NL http://cvs.php.net/viewvc.cgi/php-src/ext/mbstring/libmbfl/nls/nls_ru.c?r1=1.1r2=1.1.8.1diff_format=u Index: php-src/ext/mbstring/libmbfl/nls/nls_ru.c diff -u php-src/ext/mbstring/libmbfl/nls/nls_ru.c:1.1 php-src/ext/mbstring/libmbfl/nls/nls_ru.c:1.1.8.1 --- php-src/ext/mbstring/libmbfl/nls/nls_ru.c:1.1 Sat Aug 23 06:18:39 2003 +++ php-src/ext/mbstring/libmbfl/nls/nls_ru.c Tue Sep 18 21:33:29 2007 @@ -1,20 +1,22 @@ -#ifdef HAVE_CONFIG_H -#include config.h -#endif - -#ifdef HAVE_STDDEF_H -#include stddef.h -#endif - -#include mbfilter.h -#include nls_ru.h - -const mbfl_language mbfl_language_russian = { - mbfl_no_language_russian, - Russian, - ru, - NULL, - mbfl_no_encoding_koi8r, - mbfl_no_encoding_qprint, - mbfl_no_encoding_8bit -}; +#ifdef HAVE_CONFIG_H +#include config.h +#endif + + +#ifdef HAVE_STDDEF_H +#include stddef.h +#endif + + +#include mbfilter.h +#include nls_ru.h + +const mbfl_language mbfl_language_russian = { + mbfl_no_language_russian, + Russian, + ru, + NULL, + mbfl_no_encoding_koi8r, + mbfl_no_encoding_qprint, + mbfl_no_encoding_8bit +}; http://cvs.php.net/viewvc.cgi/php-src/ext/mbstring/libmbfl/nls/nls_ru.h?r1=1.1r2=1.1.8.1diff_format=u Index: php-src/ext/mbstring/libmbfl/nls/nls_ru.h diff -u php-src/ext/mbstring/libmbfl/nls/nls_ru.h:1.1 php-src/ext/mbstring/libmbfl/nls/nls_ru.h:1.1.8.1 --- php-src/ext/mbstring/libmbfl/nls/nls_ru.h:1.1 Sat Aug 23 06:18:39 2003 +++ php-src/ext/mbstring/libmbfl/nls/nls_ru.h Tue Sep 18 21:33:29 2007 @@ -1,9 +1,9 @@ -#ifndef MBFL_NLS_RU_H -#define MBFL_NLS_RU_H - -#include mbfilter.h -#include nls_ru.h - -extern const mbfl_language mbfl_language_russian; - -#endif /* MBFL_NLS_RU_H */ +#ifndef MBFL_NLS_RU_H +#define MBFL_NLS_RU_H + +#include mbfilter.h +#include nls_ru.h + +extern const mbfl_language mbfl_language_russian; + +#endif /* MBFL_NLS_RU_H */ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/mbstring config.m4 /ext/mbstring/oniguruma php_onig_compat.h
hirokawaTue Sep 18 21:35:13 2007 UTC Modified files: /php-src/ext/mbstring config.m4 /php-src/ext/mbstring/oniguruma php_onig_compat.h Log: fixed bug #42502 va_* cannot detect. http://cvs.php.net/viewvc.cgi/php-src/ext/mbstring/config.m4?r1=1.66r2=1.67diff_format=u Index: php-src/ext/mbstring/config.m4 diff -u php-src/ext/mbstring/config.m4:1.66 php-src/ext/mbstring/config.m4:1.67 --- php-src/ext/mbstring/config.m4:1.66 Tue Jul 31 12:23:42 2007 +++ php-src/ext/mbstring/config.m4 Tue Sep 18 21:35:12 2007 @@ -1,5 +1,5 @@ dnl -dnl $Id: config.m4,v 1.66 2007/07/31 12:23:42 tony2001 Exp $ +dnl $Id: config.m4,v 1.67 2007/09/18 21:35:12 hirokawa Exp $ dnl AC_DEFUN([PHP_MBSTRING_ADD_SOURCES], [ @@ -75,7 +75,7 @@ ], [cv_php_mbstring_stdarg=yes], [cv_php_mbstring_stdarg=no], [cv_php_mbstring_stdarg=no]) ]) -AC_CHECK_HEADERS([stdlib.h string.h strings.h unistd.h sys/time.h sys/times.h]) +AC_CHECK_HEADERS([stdlib.h string.h strings.h unistd.h sys/time.h sys/times.h stdarg.h]) AC_CHECK_SIZEOF(int, 4) AC_CHECK_SIZEOF(short, 2) AC_CHECK_SIZEOF(long, 4) @@ -84,9 +84,6 @@ AC_FUNC_ALLOCA AC_FUNC_MEMCMP -if test $cv_php_mbstring_stdarg = yes; then - AC_DEFINE([HAVE_STDARG_PROTOTYPES], 1, [Define if stdarg.h is available]) -fi AC_DEFINE([HAVE_MBREGEX], 1, [whether to have multibyte regex support]) PHP_MBSTRING_ADD_CFLAG([-DNOT_RUBY]) http://cvs.php.net/viewvc.cgi/php-src/ext/mbstring/oniguruma/php_onig_compat.h?r1=1.2r2=1.3diff_format=u Index: php-src/ext/mbstring/oniguruma/php_onig_compat.h diff -u php-src/ext/mbstring/oniguruma/php_onig_compat.h:1.2 php-src/ext/mbstring/oniguruma/php_onig_compat.h:1.3 --- php-src/ext/mbstring/oniguruma/php_onig_compat.h:1.2Mon Feb 21 09:43:55 2005 +++ php-src/ext/mbstring/oniguruma/php_onig_compat.hTue Sep 18 21:35:13 2007 @@ -5,4 +5,10 @@ #define regex_t php_mb_regex_t #define re_registersphp_mb_re_registers +#ifdef HAVE_STDARG_H +#ifndef HAVE_STDARG_PROTOTYPES +#define HAVE_STDARG_PROTOTYPES 1 +#endif +#endif + #endif /* _PHP_MBREGEX_COMPAT_H */ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/mbstring config.m4 /ext/mbstring/oniguruma php_onig_compat.h
hirokawaTue Sep 18 21:35:39 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/mbstring config.m4 /php-src/ext/mbstring/oniguruma php_onig_compat.h Log: MFH: fixed bug #42502 va_* cannot detect. http://cvs.php.net/viewvc.cgi/php-src/ext/mbstring/config.m4?r1=1.58.2.4.2.10r2=1.58.2.4.2.11diff_format=u Index: php-src/ext/mbstring/config.m4 diff -u php-src/ext/mbstring/config.m4:1.58.2.4.2.10 php-src/ext/mbstring/config.m4:1.58.2.4.2.11 --- php-src/ext/mbstring/config.m4:1.58.2.4.2.10Tue Jul 31 12:23:50 2007 +++ php-src/ext/mbstring/config.m4 Tue Sep 18 21:35:39 2007 @@ -1,5 +1,5 @@ dnl -dnl $Id: config.m4,v 1.58.2.4.2.10 2007/07/31 12:23:50 tony2001 Exp $ +dnl $Id: config.m4,v 1.58.2.4.2.11 2007/09/18 21:35:39 hirokawa Exp $ dnl AC_DEFUN([PHP_MBSTRING_ADD_SOURCES], [ @@ -87,7 +87,7 @@ ) ]) -AC_CHECK_HEADERS([stdlib.h string.h strings.h unistd.h sys/time.h sys/times.h]) +AC_CHECK_HEADERS([stdlib.h string.h strings.h unistd.h sys/time.h sys/times.h stdarg.h]) AC_CHECK_SIZEOF(int, 4) AC_CHECK_SIZEOF(short, 2) AC_CHECK_SIZEOF(long, 4) @@ -96,9 +96,6 @@ AC_FUNC_ALLOCA AC_FUNC_MEMCMP -if test $cv_php_mbstring_stdarg = yes; then - AC_DEFINE([HAVE_STDARG_PROTOTYPES], 1, [Define if stdarg.h is available]) -fi AC_DEFINE([HAVE_MBREGEX], 1, [whether to have multibyte regex support]) http://cvs.php.net/viewvc.cgi/php-src/ext/mbstring/oniguruma/php_onig_compat.h?r1=1.2r2=1.2.4.1diff_format=u Index: php-src/ext/mbstring/oniguruma/php_onig_compat.h diff -u php-src/ext/mbstring/oniguruma/php_onig_compat.h:1.2 php-src/ext/mbstring/oniguruma/php_onig_compat.h:1.2.4.1 --- php-src/ext/mbstring/oniguruma/php_onig_compat.h:1.2Mon Feb 21 09:43:55 2005 +++ php-src/ext/mbstring/oniguruma/php_onig_compat.hTue Sep 18 21:35:39 2007 @@ -5,4 +5,10 @@ #define regex_t php_mb_regex_t #define re_registersphp_mb_re_registers +#ifdef HAVE_STDARG_H +#ifndef HAVE_STDARG_PROTOTYPES +#define HAVE_STDARG_PROTOTYPES 1 +#endif +#endif + #endif /* _PHP_MBREGEX_COMPAT_H */ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/iconv iconv.c php_iconv.h
stasWed Sep 19 00:37:43 2007 UTC Modified files: /php-src/ext/iconv iconv.c php_iconv.h Log: limit iconv parameter sizes - workaround for libc bug http://cvs.php.net/viewvc.cgi/php-src/ext/iconv/iconv.c?r1=1.153r2=1.154diff_format=u Index: php-src/ext/iconv/iconv.c diff -u php-src/ext/iconv/iconv.c:1.153 php-src/ext/iconv/iconv.c:1.154 --- php-src/ext/iconv/iconv.c:1.153 Mon May 28 23:52:13 2007 +++ php-src/ext/iconv/iconv.c Wed Sep 19 00:37:43 2007 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: iconv.c,v 1.153 2007/05/28 23:52:13 iliaa Exp $ */ +/* $Id: iconv.c,v 1.154 2007/09/19 00:37:43 stas Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -230,12 +230,21 @@ #define GENERIC_SUPERSET_NBYTES 4 /* }}} */ +static PHP_INI_MH(OnUpdateStringIconvCharset) +{ + if(new_value_length = ICONV_CSNMAXLEN) { + return FAILURE; + } + OnUpdateString(entry, new_value, new_value_length, mh_arg1, mh_arg2, mh_arg3, stage TSRMLS_CC); + return SUCCESS; +} + /* {{{ PHP_INI */ PHP_INI_BEGIN() - STD_PHP_INI_ENTRY(iconv.input_encoding,ICONV_INPUT_ENCODING, PHP_INI_ALL, OnUpdateString, input_encoding,zend_iconv_globals, iconv_globals) - STD_PHP_INI_ENTRY(iconv.output_encoding, ICONV_OUTPUT_ENCODING, PHP_INI_ALL, OnUpdateString, output_encoding, zend_iconv_globals, iconv_globals) - STD_PHP_INI_ENTRY(iconv.internal_encoding, ICONV_INTERNAL_ENCODING, PHP_INI_ALL, OnUpdateString, internal_encoding, zend_iconv_globals, iconv_globals) + STD_PHP_INI_ENTRY(iconv.input_encoding,ICONV_INPUT_ENCODING, PHP_INI_ALL, OnUpdateStringIconvCharset, input_encoding,zend_iconv_globals, iconv_globals) + STD_PHP_INI_ENTRY(iconv.output_encoding, ICONV_OUTPUT_ENCODING, PHP_INI_ALL, OnUpdateStringIconvCharset, output_encoding, zend_iconv_globals, iconv_globals) + STD_PHP_INI_ENTRY(iconv.internal_encoding, ICONV_INTERNAL_ENCODING, PHP_INI_ALL, OnUpdateStringIconvCharset, internal_encoding, zend_iconv_globals, iconv_globals) PHP_INI_END() /* }}} */ @@ -1921,7 +1930,7 @@ PHP_FUNCTION(iconv_strlen) { char *charset; - int charset_len; + int charset_len = 0; char *str; int str_len; @@ -1936,6 +1945,11 @@ RETURN_FALSE; } + if (charset_len = ICONV_CSNMAXLEN) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, Charset parameter exceeds the maximum allowed length of %d characters, ICONV_CSNMAXLEN); + RETURN_FALSE; + } + err = _php_iconv_strlen(retval, str, str_len, charset); _php_iconv_show_error(err, GENERIC_SUPERSET_NAME, charset TSRMLS_CC); if (err == PHP_ICONV_ERR_SUCCESS) { @@ -1951,7 +1965,7 @@ PHP_FUNCTION(iconv_substr) { char *charset; - int charset_len; + int charset_len = 0; char *str; int str_len; long offset, length; @@ -1968,6 +1982,11 @@ RETURN_FALSE; } + if (charset_len = ICONV_CSNMAXLEN) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, Charset parameter exceeds the maximum allowed length of %d characters, ICONV_CSNMAXLEN); + RETURN_FALSE; + } + if (ZEND_NUM_ARGS() 3) { length = str_len; } @@ -1993,7 +2012,7 @@ PHP_FUNCTION(iconv_strpos) { char *charset; - int charset_len; + int charset_len = 0; char *haystk; int haystk_len; char *ndl; @@ -2013,6 +2032,11 @@ RETURN_FALSE; } + if (charset_len = ICONV_CSNMAXLEN) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, Charset parameter exceeds the maximum allowed length of %d characters, ICONV_CSNMAXLEN); + RETURN_FALSE; + } + if (offset 0) { php_error_docref(NULL TSRMLS_CC, E_WARNING, Offset not contained in string); RETURN_FALSE; @@ -2039,7 +2063,7 @@ PHP_FUNCTION(iconv_strrpos) { char *charset; - int charset_len; + int charset_len = 0; char *haystk; int haystk_len; char *ndl; @@ -2061,6 +2085,11 @@ RETURN_FALSE; } + if (charset_len = ICONV_CSNMAXLEN) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, Charset parameter exceeds the maximum allowed length of %d characters, ICONV_CSNMAXLEN); + RETURN_FALSE; + } + err = _php_iconv_strpos(retval, haystk, haystk_len, ndl, ndl_len, -1, charset); _php_iconv_show_error(err, GENERIC_SUPERSET_NAME, charset TSRMLS_CC); @@ -2117,6 +2146,11 @@ } if (zend_hash_find(Z_ARRVAL_P(pref), input-charset, sizeof(input-charset), (void **)ppval) == SUCCESS) { + if (Z_STRLEN_PP(ppval) =
[PHP-CVS] cvs: php-src /ext/xmlrpc/libxmlrpc encodings.c
stasWed Sep 19 00:38:48 2007 UTC Modified files: /php-src/ext/xmlrpc/libxmlrpc encodings.c Log: MFB: limit iconv parameters here too http://cvs.php.net/viewvc.cgi/php-src/ext/xmlrpc/libxmlrpc/encodings.c?r1=1.7r2=1.8diff_format=u Index: php-src/ext/xmlrpc/libxmlrpc/encodings.c diff -u php-src/ext/xmlrpc/libxmlrpc/encodings.c:1.7 php-src/ext/xmlrpc/libxmlrpc/encodings.c:1.8 --- php-src/ext/xmlrpc/libxmlrpc/encodings.c:1.7Mon Mar 8 23:04:33 2004 +++ php-src/ext/xmlrpc/libxmlrpc/encodings.cWed Sep 19 00:38:48 2007 @@ -41,7 +41,7 @@ #include stdlib.h #endif -static const char rcsid[] = #(@) $Id: encodings.c,v 1.7 2004/03/08 23:04:33 abies Exp $; +static const char rcsid[] = #(@) $Id: encodings.c,v 1.8 2007/09/19 00:38:48 stas Exp $; #include errno.h @@ -53,6 +53,10 @@ #include encodings.h +#ifndef ICONV_CSNMAXLEN +#define ICONV_CSNMAXLEN 64 +#endif + static char* convert(const char* src, int src_len, int *new_len, const char* from_enc, const char* to_enc) { char* outbuf = 0; @@ -60,9 +64,13 @@ size_t outlenleft = src_len; size_t inlenleft = src_len; int outlen = src_len; - iconv_t ic = iconv_open(to_enc, from_enc); + iconv_t ic; char* out_ptr = 0; + if(strlen(to_enc) = ICONV_CSNMAXLEN || strlen(from_enc) = ICONV_CSNMAXLEN) { + return NULL; + } + ic = iconv_open(to_enc, from_enc); if(ic != (iconv_t)-1) { size_t st; outbuf = (char*)malloc(outlen + 1); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) / NEWS
stasWed Sep 19 00:41:11 2007 UTC Modified files: (Branch: PHP_5_2) /php-srcNEWS Log: report iconv fix http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.955r2=1.2027.2.547.2.956diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.2027.2.547.2.955 php-src/NEWS:1.2027.2.547.2.956 --- php-src/NEWS:1.2027.2.547.2.955 Tue Sep 18 20:25:07 2007 +++ php-src/NEWSWed Sep 19 00:41:10 2007 @@ -12,6 +12,8 @@ - Fixed dl() to only accept filenames - reported by Laurent Gaffie. (Stas) - Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887). (Christian Hoffmann) +- Fixed iconv_*() functions to limit argument sizes as workaround to libc + bug (CVE-2007-4783, CVE-2007-4840). (Christian Hoffmann, Stas) - Fixed missing brackets leading to build warning and error in the log. Win32 code). (Andrey) - Fixed leaks with multiple connects on one mysqli object. (Andrey) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/iconv/tests iconv-charset-length-cve-2007-4840.phpt iconv_mime_decode-charset-length-cve-2007-4840.phpt iconv_mime_decode_headers-charset-length-cve-2007-4840.phpt iconv_se
stasWed Sep 19 00:42:20 2007 UTC Modified files: /php-src/ext/iconv/testsiconv-charset-length-cve-2007-4840.phpt iconv_mime_decode-charset-length-cve-2007-4840.phpt iconv_mime_decode_headers-charset-length-cve-2007-4840.phpt iconv_set_encoding-charset-length-cve-2007-4840.phpt iconv_strlen-charset-length-cve-2007-4840.phpt iconv_strpos-charset-length-cve-2007-4840.phpt iconv_strrpos-charset-length-cve-2007-4840.phpt iconv_substr-charset-length-cve-2007-4783.phpt Log: MFB length tests http://cvs.php.net/viewvc.cgi/php-src/ext/iconv/tests/iconv-charset-length-cve-2007-4840.phpt?r1=1.1r2=1.2diff_format=u Index: php-src/ext/iconv/tests/iconv-charset-length-cve-2007-4840.phpt diff -u /dev/null php-src/ext/iconv/tests/iconv-charset-length-cve-2007-4840.phpt:1.2 --- /dev/null Wed Sep 19 00:42:20 2007 +++ php-src/ext/iconv/tests/iconv-charset-length-cve-2007-4840.phpt Wed Sep 19 00:42:20 2007 @@ -0,0 +1,17 @@ +--TEST-- +iconv() charset parameter length checks (CVE-2007-4840) +--SKIPIF-- +?php extension_loaded('iconv') or die('skip iconv extension is not available'); ? +--FILE-- +?php +$a = str_repeat(/, 900); +var_dump(iconv($a, b, test)); +var_dump(iconv(x, $a, test)); +? +--EXPECTF-- + +Warning: iconv(): Charset parameter exceeds the maximum allowed length of %d characters in %s on line %d +bool(false) + +Warning: iconv(): Charset parameter exceeds the maximum allowed length of %d characters in %s on line %d +bool(false) http://cvs.php.net/viewvc.cgi/php-src/ext/iconv/tests/iconv_mime_decode-charset-length-cve-2007-4840.phpt?r1=1.1r2=1.2diff_format=u Index: php-src/ext/iconv/tests/iconv_mime_decode-charset-length-cve-2007-4840.phpt diff -u /dev/null php-src/ext/iconv/tests/iconv_mime_decode-charset-length-cve-2007-4840.phpt:1.2 --- /dev/null Wed Sep 19 00:42:20 2007 +++ php-src/ext/iconv/tests/iconv_mime_decode-charset-length-cve-2007-4840.phpt Wed Sep 19 00:42:20 2007 @@ -0,0 +1,13 @@ +--TEST-- +iconv_mime_decode() charset parameter length checks (CVE-2007-4840) +--SKIPIF-- +?php extension_loaded('iconv') or die('skip iconv extension is not available'); ? +--FILE-- +?php +$a = str_repeat(/, 900); +var_dump(iconv_mime_decode(a, null, $a)); +? +--EXPECTF-- + +Warning: iconv_mime_decode(): Charset parameter exceeds the maximum allowed length of %d characters in %s on line %d +bool(false) http://cvs.php.net/viewvc.cgi/php-src/ext/iconv/tests/iconv_mime_decode_headers-charset-length-cve-2007-4840.phpt?r1=1.1r2=1.2diff_format=u Index: php-src/ext/iconv/tests/iconv_mime_decode_headers-charset-length-cve-2007-4840.phpt diff -u /dev/null php-src/ext/iconv/tests/iconv_mime_decode_headers-charset-length-cve-2007-4840.phpt:1.2 --- /dev/null Wed Sep 19 00:42:20 2007 +++ php-src/ext/iconv/tests/iconv_mime_decode_headers-charset-length-cve-2007-4840.phpt Wed Sep 19 00:42:20 2007 @@ -0,0 +1,13 @@ +--TEST-- +iconv_mime_decode_headers() charset parameter length checks (CVE-2007-4840) +--SKIPIF-- +?php extension_loaded('iconv') or die('skip iconv extension is not available'); ? +--FILE-- +?php +$a = str_repeat(/, 900); +var_dump(iconv_mime_decode_headers(a, null, $a)); +? +--EXPECTF-- + +Warning: iconv_mime_decode_headers(): Charset parameter exceeds the maximum allowed length of %d characters in %s on line %d +bool(false) http://cvs.php.net/viewvc.cgi/php-src/ext/iconv/tests/iconv_set_encoding-charset-length-cve-2007-4840.phpt?r1=1.1r2=1.2diff_format=u Index: php-src/ext/iconv/tests/iconv_set_encoding-charset-length-cve-2007-4840.phpt diff -u /dev/null php-src/ext/iconv/tests/iconv_set_encoding-charset-length-cve-2007-4840.phpt:1.2 --- /dev/null Wed Sep 19 00:42:20 2007 +++ php-src/ext/iconv/tests/iconv_set_encoding-charset-length-cve-2007-4840.phpt Wed Sep 19 00:42:20 2007 @@ -0,0 +1,21 @@ +--TEST-- +iconv_set_encoding() charset parameter length checks (CVE-2007-4840) +--SKIPIF-- +?php extension_loaded('iconv') or die('skip iconv extension is not available'); ? +--FILE-- +?php +$a = str_repeat(/, 900); +var_dump(iconv_set_encoding(input_encoding, $a)); +var_dump(iconv_set_encoding(output_encoding, $a)); +var_dump(iconv_set_encoding(internal_encoding, $a)); +? +--EXPECTF-- + +Warning: iconv_set_encoding(): Charset parameter exceeds the maximum allowed length of %d characters in %s on line %d +bool(false) + +Warning: iconv_set_encoding(): Charset parameter exceeds the maximum allowed length of %d characters in %s on line %d +bool(false) + +Warning: iconv_set_encoding(): Charset parameter exceeds the maximum allowed length of %d characters in %s on line %d +bool(false) http://cvs.php.net/viewvc.cgi/php-src/ext/iconv/tests/iconv_strlen-charset-length-cve-2007-4840.phpt?r1=1.1r2=1.2diff_format=u
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/iconv/tests ob_iconv_handler-charset-length-cve-2007-4840.phpt
stasWed Sep 19 00:49:02 2007 UTC Added files: (Branch: PHP_5_2) /php-src/ext/iconv/tests ob_iconv_handler-charset-length-cve-2007-4840.phpt Log: one more test http://cvs.php.net/viewvc.cgi/php-src/ext/iconv/tests/ob_iconv_handler-charset-length-cve-2007-4840.phpt?view=markuprev=1.1 Index: php-src/ext/iconv/tests/ob_iconv_handler-charset-length-cve-2007-4840.phpt +++ php-src/ext/iconv/tests/ob_iconv_handler-charset-length-cve-2007-4840.phpt -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/iconv/tests ob_iconv_handler-charset-length-cve-2007-4840.phpt
stasWed Sep 19 00:49:25 2007 UTC Modified files: /php-src/ext/iconv/tests ob_iconv_handler-charset-length-cve-2007-4840.phpt Log: MFB one more test http://cvs.php.net/viewvc.cgi/php-src/ext/iconv/tests/ob_iconv_handler-charset-length-cve-2007-4840.phpt?r1=1.1r2=1.2diff_format=u Index: php-src/ext/iconv/tests/ob_iconv_handler-charset-length-cve-2007-4840.phpt diff -u /dev/null php-src/ext/iconv/tests/ob_iconv_handler-charset-length-cve-2007-4840.phpt:1.2 --- /dev/null Wed Sep 19 00:49:25 2007 +++ php-src/ext/iconv/tests/ob_iconv_handler-charset-length-cve-2007-4840.phpt Wed Sep 19 00:49:25 2007 @@ -0,0 +1,12 @@ +--TEST-- +ob_iconv_handler() charset parameter length checks (CVE-2007-4840) +--SKIPIF-- +?php extension_loaded('iconv') or die('skip iconv extension is not available'); ? +--FILE-- +?php +ini_set(iconv.output_encoding, str_repeat(a, 900)); +ob_start(ob_iconv_handler); +print done; +? +--EXPECT-- +done -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/xmlrpc/libxmlrpc encodings.c
stasWed Sep 19 00:33:43 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/xmlrpc/libxmlrpc encodings.c Log: limit iconv parameters here too http://cvs.php.net/viewvc.cgi/php-src/ext/xmlrpc/libxmlrpc/encodings.c?r1=1.7r2=1.7.6.1diff_format=u Index: php-src/ext/xmlrpc/libxmlrpc/encodings.c diff -u php-src/ext/xmlrpc/libxmlrpc/encodings.c:1.7 php-src/ext/xmlrpc/libxmlrpc/encodings.c:1.7.6.1 --- php-src/ext/xmlrpc/libxmlrpc/encodings.c:1.7Mon Mar 8 23:04:33 2004 +++ php-src/ext/xmlrpc/libxmlrpc/encodings.cWed Sep 19 00:33:43 2007 @@ -41,7 +41,7 @@ #include stdlib.h #endif -static const char rcsid[] = #(@) $Id: encodings.c,v 1.7 2004/03/08 23:04:33 abies Exp $; +static const char rcsid[] = #(@) $Id: encodings.c,v 1.7.6.1 2007/09/19 00:33:43 stas Exp $; #include errno.h @@ -53,6 +53,10 @@ #include encodings.h +#ifndef ICONV_CSNMAXLEN +#define ICONV_CSNMAXLEN 64 +#endif + static char* convert(const char* src, int src_len, int *new_len, const char* from_enc, const char* to_enc) { char* outbuf = 0; @@ -60,9 +64,13 @@ size_t outlenleft = src_len; size_t inlenleft = src_len; int outlen = src_len; - iconv_t ic = iconv_open(to_enc, from_enc); + iconv_t ic; char* out_ptr = 0; + if(strlen(to_enc) = ICONV_CSNMAXLEN || strlen(from_enc) = ICONV_CSNMAXLEN) { + return NULL; + } + ic = iconv_open(to_enc, from_enc); if(ic != (iconv_t)-1) { size_t st; outbuf = (char*)malloc(outlen + 1); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/iconv iconv.c php_iconv.h
stasWed Sep 19 00:30:53 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/iconv iconv.c php_iconv.h Log: limit iconv parameter sizes - workaround for glibc bug http://cvs.php.net/viewvc.cgi/php-src/ext/iconv/iconv.c?r1=1.124.2.8.2.16r2=1.124.2.8.2.17diff_format=u Index: php-src/ext/iconv/iconv.c diff -u php-src/ext/iconv/iconv.c:1.124.2.8.2.16 php-src/ext/iconv/iconv.c:1.124.2.8.2.17 --- php-src/ext/iconv/iconv.c:1.124.2.8.2.16Sat May 19 17:52:30 2007 +++ php-src/ext/iconv/iconv.c Wed Sep 19 00:30:52 2007 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: iconv.c,v 1.124.2.8.2.16 2007/05/19 17:52:30 iliaa Exp $ */ +/* $Id: iconv.c,v 1.124.2.8.2.17 2007/09/19 00:30:52 stas Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -233,12 +233,21 @@ #define GENERIC_SUPERSET_NBYTES 4 /* }}} */ +static PHP_INI_MH(OnUpdateStringIconvCharset) +{ + if(new_value_length = ICONV_CSNMAXLEN) { + return FAILURE; + } + OnUpdateString(entry, new_value, new_value_length, mh_arg1, mh_arg2, mh_arg3, stage TSRMLS_CC); + return SUCCESS; +} + /* {{{ PHP_INI */ PHP_INI_BEGIN() - STD_PHP_INI_ENTRY(iconv.input_encoding,ICONV_INPUT_ENCODING, PHP_INI_ALL, OnUpdateString, input_encoding,zend_iconv_globals, iconv_globals) - STD_PHP_INI_ENTRY(iconv.output_encoding, ICONV_OUTPUT_ENCODING, PHP_INI_ALL, OnUpdateString, output_encoding, zend_iconv_globals, iconv_globals) - STD_PHP_INI_ENTRY(iconv.internal_encoding, ICONV_INTERNAL_ENCODING, PHP_INI_ALL, OnUpdateString, internal_encoding, zend_iconv_globals, iconv_globals) + STD_PHP_INI_ENTRY(iconv.input_encoding,ICONV_INPUT_ENCODING, PHP_INI_ALL, OnUpdateStringIconvCharset, input_encoding,zend_iconv_globals, iconv_globals) + STD_PHP_INI_ENTRY(iconv.output_encoding, ICONV_OUTPUT_ENCODING, PHP_INI_ALL, OnUpdateStringIconvCharset, output_encoding, zend_iconv_globals, iconv_globals) + STD_PHP_INI_ENTRY(iconv.internal_encoding, ICONV_INTERNAL_ENCODING, PHP_INI_ALL, OnUpdateStringIconvCharset, internal_encoding, zend_iconv_globals, iconv_globals) PHP_INI_END() /* }}} */ @@ -1858,7 +1867,7 @@ PHP_FUNCTION(iconv_strlen) { char *charset; - int charset_len; + int charset_len = 0; char *str; int str_len; @@ -1873,6 +1882,11 @@ RETURN_FALSE; } + if (charset_len = ICONV_CSNMAXLEN) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, Charset parameter exceeds the maximum allowed length of %d characters, ICONV_CSNMAXLEN); + RETURN_FALSE; + } + err = _php_iconv_strlen(retval, str, str_len, charset); _php_iconv_show_error(err, GENERIC_SUPERSET_NAME, charset TSRMLS_CC); if (err == PHP_ICONV_ERR_SUCCESS) { @@ -1888,7 +1902,7 @@ PHP_FUNCTION(iconv_substr) { char *charset; - int charset_len; + int charset_len = 0; char *str; int str_len; long offset, length; @@ -1905,6 +1919,11 @@ RETURN_FALSE; } + if (charset_len = ICONV_CSNMAXLEN) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, Charset parameter exceeds the maximum allowed length of %d characters, ICONV_CSNMAXLEN); + RETURN_FALSE; + } + if (ZEND_NUM_ARGS() 3) { length = str_len; } @@ -1925,7 +1944,7 @@ PHP_FUNCTION(iconv_strpos) { char *charset; - int charset_len; + int charset_len = 0; char *haystk; int haystk_len; char *ndl; @@ -1945,6 +1964,11 @@ RETURN_FALSE; } + if (charset_len = ICONV_CSNMAXLEN) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, Charset parameter exceeds the maximum allowed length of %d characters, ICONV_CSNMAXLEN); + RETURN_FALSE; + } + if (offset 0) { php_error_docref(NULL TSRMLS_CC, E_WARNING, Offset not contained in string.); RETURN_FALSE; @@ -1971,7 +1995,7 @@ PHP_FUNCTION(iconv_strrpos) { char *charset; - int charset_len; + int charset_len = 0; char *haystk; int haystk_len; char *ndl; @@ -1993,6 +2017,11 @@ RETURN_FALSE; } + if (charset_len = ICONV_CSNMAXLEN) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, Charset parameter exceeds the maximum allowed length of %d characters, ICONV_CSNMAXLEN); + RETURN_FALSE; + } + err = _php_iconv_strpos(retval, haystk, haystk_len, ndl, ndl_len, -1, charset); _php_iconv_show_error(err, GENERIC_SUPERSET_NAME, charset TSRMLS_CC); @@ -2049,6 +2078,11 @@ } if (zend_hash_find(Z_ARRVAL_P(pref), input-charset, sizeof(input-charset), (void
[PHP-CVS] cvs: php-src /ext/standard dl.c
stasWed Sep 19 00:06:06 2007 UTC Modified files: /php-src/ext/standard dl.c Log: use right variable name http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dl.c?r1=1.117r2=1.118diff_format=u Index: php-src/ext/standard/dl.c diff -u php-src/ext/standard/dl.c:1.117 php-src/ext/standard/dl.c:1.118 --- php-src/ext/standard/dl.c:1.117 Tue Sep 18 20:21:04 2007 +++ php-src/ext/standard/dl.c Wed Sep 19 00:06:05 2007 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: dl.c,v 1.117 2007/09/18 20:21:04 stas Exp $ */ +/* $Id: dl.c,v 1.118 2007/09/19 00:06:05 stas Exp $ */ #include php.h #include dl.h @@ -63,7 +63,7 @@ return; } - if (Z_STRLEN_PP(file) = MAXPATHLEN) { + if (Z_STRLEN_PP(filename) = MAXPATHLEN) { php_error_docref(NULL TSRMLS_CC, E_WARNING, File name exceeds the maximum allowed length of %d characters, MAXPATHLEN); RETURN_FALSE; } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/iconv/tests iconv-charset-length-cve-2007-4840.phpt iconv_mime_decode-charset-length-cve-2007-4840.phpt iconv_mime_decode_headers-charset-length-cve-2007-4840.phpt
stasWed Sep 19 00:18:01 2007 UTC Added files: (Branch: PHP_5_2) /php-src/ext/iconv/testsiconv-charset-length-cve-2007-4840.phpt iconv_mime_decode-charset-length-cve-2007-4840.phpt iconv_mime_decode_headers-charset-length-cve-2007-4840.phpt iconv_set_encoding-charset-length-cve-2007-4840.phpt iconv_strlen-charset-length-cve-2007-4840.phpt iconv_strpos-charset-length-cve-2007-4840.phpt iconv_strrpos-charset-length-cve-2007-4840.phpt iconv_substr-charset-length-cve-2007-4783.phpt Log: add length tests for iconv functions http://cvs.php.net/viewvc.cgi/php-src/ext/iconv/tests/iconv-charset-length-cve-2007-4840.phpt?view=markuprev=1.1 Index: php-src/ext/iconv/tests/iconv-charset-length-cve-2007-4840.phpt +++ php-src/ext/iconv/tests/iconv-charset-length-cve-2007-4840.phpt http://cvs.php.net/viewvc.cgi/php-src/ext/iconv/tests/iconv_mime_decode-charset-length-cve-2007-4840.phpt?view=markuprev=1.1 Index: php-src/ext/iconv/tests/iconv_mime_decode-charset-length-cve-2007-4840.phpt +++ php-src/ext/iconv/tests/iconv_mime_decode-charset-length-cve-2007-4840.phpt http://cvs.php.net/viewvc.cgi/php-src/ext/iconv/tests/iconv_mime_decode_headers-charset-length-cve-2007-4840.phpt?view=markuprev=1.1 Index: php-src/ext/iconv/tests/iconv_mime_decode_headers-charset-length-cve-2007-4840.phpt +++ php-src/ext/iconv/tests/iconv_mime_decode_headers-charset-length-cve-2007-4840.phpt http://cvs.php.net/viewvc.cgi/php-src/ext/iconv/tests/iconv_set_encoding-charset-length-cve-2007-4840.phpt?view=markuprev=1.1 Index: php-src/ext/iconv/tests/iconv_set_encoding-charset-length-cve-2007-4840.phpt +++ php-src/ext/iconv/tests/iconv_set_encoding-charset-length-cve-2007-4840.phpt http://cvs.php.net/viewvc.cgi/php-src/ext/iconv/tests/iconv_strlen-charset-length-cve-2007-4840.phpt?view=markuprev=1.1 Index: php-src/ext/iconv/tests/iconv_strlen-charset-length-cve-2007-4840.phpt +++ php-src/ext/iconv/tests/iconv_strlen-charset-length-cve-2007-4840.phpt http://cvs.php.net/viewvc.cgi/php-src/ext/iconv/tests/iconv_strpos-charset-length-cve-2007-4840.phpt?view=markuprev=1.1 Index: php-src/ext/iconv/tests/iconv_strpos-charset-length-cve-2007-4840.phpt +++ php-src/ext/iconv/tests/iconv_strpos-charset-length-cve-2007-4840.phpt http://cvs.php.net/viewvc.cgi/php-src/ext/iconv/tests/iconv_strrpos-charset-length-cve-2007-4840.phpt?view=markuprev=1.1 Index: php-src/ext/iconv/tests/iconv_strrpos-charset-length-cve-2007-4840.phpt +++ php-src/ext/iconv/tests/iconv_strrpos-charset-length-cve-2007-4840.phpt http://cvs.php.net/viewvc.cgi/php-src/ext/iconv/tests/iconv_substr-charset-length-cve-2007-4783.phpt?view=markuprev=1.1 Index: php-src/ext/iconv/tests/iconv_substr-charset-length-cve-2007-4783.phpt +++ php-src/ext/iconv/tests/iconv_substr-charset-length-cve-2007-4783.phpt -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/standard dl.c
johannesWed Sep 19 01:08:39 2007 UTC Modified files: /php-src/ext/standard dl.c Log: - Fix build (filename is a zval * here, not a zval** like in 5_2) http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dl.c?r1=1.118r2=1.119diff_format=u Index: php-src/ext/standard/dl.c diff -u php-src/ext/standard/dl.c:1.118 php-src/ext/standard/dl.c:1.119 --- php-src/ext/standard/dl.c:1.118 Wed Sep 19 00:06:05 2007 +++ php-src/ext/standard/dl.c Wed Sep 19 01:08:38 2007 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: dl.c,v 1.118 2007/09/19 00:06:05 stas Exp $ */ +/* $Id: dl.c,v 1.119 2007/09/19 01:08:38 johannes Exp $ */ #include php.h #include dl.h @@ -63,7 +63,7 @@ return; } - if (Z_STRLEN_PP(filename) = MAXPATHLEN) { + if (Z_STRLEN_P(filename) = MAXPATHLEN) { php_error_docref(NULL TSRMLS_CC, E_WARNING, File name exceeds the maximum allowed length of %d characters, MAXPATHLEN); RETURN_FALSE; } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php