[PHP-CVS-DAILY] cvs: php-src / ChangeLog
changelog Wed Sep 19 01:32:42 2007 UTC Modified files: /php-srcChangeLog Log: ChangeLog update http://cvs.php.net/viewvc.cgi/php-src/ChangeLog?r1=1.2812r2=1.2813diff_format=u Index: php-src/ChangeLog diff -u php-src/ChangeLog:1.2812 php-src/ChangeLog:1.2813 --- php-src/ChangeLog:1.2812Tue Sep 18 01:31:18 2007 +++ php-src/ChangeLog Wed Sep 19 01:32:38 2007 @@ -1,3 +1,62 @@ +2007-09-18 Rui Hirokawa [EMAIL PROTECTED] + +* (PHP_5_2) + ext/mbstring/config.m4 + ext/mbstring/oniguruma/php_onig_compat.h: + MFH: fixed bug #42502 va_* cannot detect. + +* ext/mbstring/config.m4 + ext/mbstring/oniguruma/php_onig_compat.h: + fixed bug #42502 va_* cannot detect. + +* (PHP_5_2) + ext/mbstring/libmbfl/nls/nls_ru.c + ext/mbstring/libmbfl/nls/nls_ru.h: + modified line end CR - CR+NL + +2007-09-18 Stanislav Malyshev [EMAIL PROTECTED] + +* (PHP_5_2) + NEWS: + add dl() limit patch + +* ext/standard/dl.c + ext/standard/dl.c: + limit dl() argument length (patch by Christian Hoffmann) + +2007-09-18 Ilia Alshanetsky [EMAIL PROTECTED] + +* ext/xmlrpc/xmlrpc-epi-php.c + ext/xmlrpc/libxmlrpc/xmlrpc.c + ext/xmlrpc/tests/bug42189.phpt: + + MFB: Fixed bug #42189 (xmlrpc_set_type() crashes php on invalid datetime + values). + +* ext/xmlrpc/tests/bug42189.phpt + ext/xmlrpc/tests/bug42189.phpt: + + file bug42189.phpt was initially added on branch PHP_5_2. + +* (PHP_5_2) + NEWS + ext/xmlrpc/xmlrpc-epi-php.c + ext/xmlrpc/libxmlrpc/xmlrpc.c: + + Fixed bug #42189 (xmlrpc_set_type() crashes php on invalid datetime +values). + +2007-09-18 Jani Taskinen [EMAIL PROTECTED] + +* (PHP_5_2) + NEWS: + BFN + +* ZendEngine2/zend_extensions.c + ZendEngine2/zend_extensions.c: + - Fixed bug #42629 (Dynamically loaded PHP extensions need symbols exported + on MacOSX) + 2007-09-17 Ilia Alshanetsky [EMAIL PROTECTED] * (PHP_5_2)
[PHP-CVS-DAILY] cvs: ZendEngine2 / ChangeLog
changelog Wed Sep 19 01:32:46 2007 UTC Modified files: /ZendEngine2ChangeLog Log: ChangeLog update http://cvs.php.net/viewvc.cgi/ZendEngine2/ChangeLog?r1=1.1168r2=1.1169diff_format=u Index: ZendEngine2/ChangeLog diff -u ZendEngine2/ChangeLog:1.1168 ZendEngine2/ChangeLog:1.1169 --- ZendEngine2/ChangeLog:1.1168Wed Sep 12 01:31:18 2007 +++ ZendEngine2/ChangeLog Wed Sep 19 01:32:46 2007 @@ -1,3 +1,10 @@ +2007-09-18 Jani Taskinen [EMAIL PROTECTED] + +* zend_extensions.c + zend_extensions.c: + - Fixed bug #42629 (Dynamically loaded PHP extensions need symbols exported + on MacOSX) + 2007-09-11 Dmitry Stogov [EMAIL PROTECTED] * zend_builtin_functions.c: @@ -18943,7 +18950,7 @@ 2003-06-10 Jani Taskinen [EMAIL PROTECTED] * zend_multiply.h: - - Missing $Id: ChangeLog,v 1.1168 2007/09/12 01:31:18 changelog Exp $ tag + - Missing $Id: ChangeLog,v 1.1169 2007/09/19 01:32:46 changelog Exp $ tag 2003-06-10 James Cox [EMAIL PROTECTED] @@ -20667,7 +20674,7 @@ zend_types.h zend_variables.c zend_variables.h: - - Added some missing CVS $Id: ChangeLog,v 1.1168 2007/09/12 01:31:18 changelog Exp $ tags, headers and footers. + - Added some missing CVS $Id: ChangeLog,v 1.1169 2007/09/19 01:32:46 changelog Exp $ tags, headers and footers. 2003-01-30 Ilia Alshanetsky [EMAIL PROTECTED]
[PHP-CVS] cvs: php-src(PHP_5_2) / NEWS
janiTue Sep 18 09:25:04 2007 UTC Modified files: (Branch: PHP_5_2) /php-srcNEWS Log: BFN http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.952r2=1.2027.2.547.2.953diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.2027.2.547.2.952 php-src/NEWS:1.2027.2.547.2.953 --- php-src/NEWS:1.2027.2.547.2.952 Mon Sep 17 12:44:16 2007 +++ php-src/NEWSTue Sep 18 09:25:03 2007 @@ -21,6 +21,8 @@ - Fixed imagerectangle regression with 1x1 rectangle (libgd #106). (Pierre) - Fixed bug #42643 (CLI segfaults if using ATTR_PERSISTENT). (Ilia) +- Fixed bug #42629 (Dynamically loaded PHP extensions need symbols exported + on MacOSX). (jdolecek at NetBSD dot org) - Fixed bug #42627 (bz2 extension fails to build with -fno-common). (dolecek at netbsd dot org) - Fixed Bug #42596 (session.save_path MODE option does not work). (Ilia) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) / NEWS /ext/xmlrpc xmlrpc-epi-php.c /ext/xmlrpc/libxmlrpc xmlrpc.c /ext/xmlrpc/tests bug42189.phpt
iliaa Tue Sep 18 19:49:54 2007 UTC
Added files: (Branch: PHP_5_2)
/php-src/ext/xmlrpc/tests bug42189.phpt
Modified files:
/php-src/ext/xmlrpc xmlrpc-epi-php.c
/php-src/ext/xmlrpc/libxmlrpc xmlrpc.c
/php-srcNEWS
Log:
Fixed bug #42189 (xmlrpc_set_type() crashes php on invalid datetime
values).
http://cvs.php.net/viewvc.cgi/php-src/ext/xmlrpc/xmlrpc-epi-php.c?r1=1.39.2.5.2.5r2=1.39.2.5.2.6diff_format=u
Index: php-src/ext/xmlrpc/xmlrpc-epi-php.c
diff -u php-src/ext/xmlrpc/xmlrpc-epi-php.c:1.39.2.5.2.5
php-src/ext/xmlrpc/xmlrpc-epi-php.c:1.39.2.5.2.6
--- php-src/ext/xmlrpc/xmlrpc-epi-php.c:1.39.2.5.2.5Fri Jan 12 12:32:15 2007
+++ php-src/ext/xmlrpc/xmlrpc-epi-php.c Tue Sep 18 19:49:53 2007
@@ -51,7 +51,7 @@
+--+
*/
-/* $Id: xmlrpc-epi-php.c,v 1.39.2.5.2.5 2007/01/12 12:32:15 tony2001 Exp $ */
+/* $Id: xmlrpc-epi-php.c,v 1.39.2.5.2.6 2007/09/18 19:49:53 iliaa Exp $ */
/**
* BUGS: *
@@ -1325,9 +1325,13 @@
if(SUCCESS == zend_hash_update(Z_OBJPROP_P(value),
OBJECT_TYPE_ATTR, sizeof(OBJECT_TYPE_ATTR), (void *) type, sizeof(zval *),
NULL)) {
bSuccess = zend_hash_update(Z_OBJPROP_P(value),
OBJECT_VALUE_TS_ATTR, sizeof(OBJECT_VALUE_TS_ATTR), (void *) ztimestamp,
sizeof(zval *), NULL);
}
- }
+ } else {
+ zval_ptr_dtor(type);
+ }
XMLRPC_CleanupValue(v);
-}
+} else {
+ zval_ptr_dtor(type);
+ }
}
else {
convert_to_object(value);
http://cvs.php.net/viewvc.cgi/php-src/ext/xmlrpc/libxmlrpc/xmlrpc.c?r1=1.8.4.2r2=1.8.4.3diff_format=u
Index: php-src/ext/xmlrpc/libxmlrpc/xmlrpc.c
diff -u php-src/ext/xmlrpc/libxmlrpc/xmlrpc.c:1.8.4.2
php-src/ext/xmlrpc/libxmlrpc/xmlrpc.c:1.8.4.3
--- php-src/ext/xmlrpc/libxmlrpc/xmlrpc.c:1.8.4.2 Thu Jun 7 09:07:36 2007
+++ php-src/ext/xmlrpc/libxmlrpc/xmlrpc.c Tue Sep 18 19:49:53 2007
@@ -31,7 +31,7 @@
*/
-static const char rcsid[] = #(@) $Id: xmlrpc.c,v 1.8.4.2 2007/06/07 09:07:36
tony2001 Exp $;
+static const char rcsid[] = #(@) $Id: xmlrpc.c,v 1.8.4.3 2007/09/18 19:49:53
iliaa Exp $;
/h* ABOUT/xmlrpc
@@ -43,6 +43,11 @@
* 9/1999 - 10/2000
* HISTORY
* $Log: xmlrpc.c,v $
+ * Revision 1.8.4.3 2007/09/18 19:49:53 iliaa
+ *
+ * Fixed bug #42189 (xmlrpc_set_type() crashes php on invalid datetime
+ * values).
+ *
* Revision 1.8.4.2 2007/06/07 09:07:36 tony2001
* MFH: php_localtime_r() checks
*
@@ -176,7 +181,7 @@
}
p++;
}
- text = buf;
+ text = buf;
}
@@ -186,15 +191,19 @@
return -1;
}
+#define XMLRPC_IS_NUMBER(x) if (x '0' || x '9') return -1;
+
n = 1000;
tm.tm_year = 0;
for(i = 0; i 4; i++) {
+ XMLRPC_IS_NUMBER(text[i])
tm.tm_year += (text[i]-'0')*n;
n /= 10;
}
n = 10;
tm.tm_mon = 0;
for(i = 0; i 2; i++) {
+ XMLRPC_IS_NUMBER(text[i])
tm.tm_mon += (text[i+4]-'0')*n;
n /= 10;
}
@@ -203,6 +212,7 @@
n = 10;
tm.tm_mday = 0;
for(i = 0; i 2; i++) {
+ XMLRPC_IS_NUMBER(text[i])
tm.tm_mday += (text[i+6]-'0')*n;
n /= 10;
}
@@ -210,6 +220,7 @@
n = 10;
tm.tm_hour = 0;
for(i = 0; i 2; i++) {
+ XMLRPC_IS_NUMBER(text[i])
tm.tm_hour += (text[i+9]-'0')*n;
n /= 10;
}
@@ -217,6 +228,7 @@
n = 10;
tm.tm_min = 0;
for(i = 0; i 2; i++) {
+ XMLRPC_IS_NUMBER(text[i])
tm.tm_min += (text[i+12]-'0')*n;
n /= 10;
}
@@ -224,6 +236,7 @@
n = 10;
tm.tm_sec = 0;
for(i = 0; i 2; i++) {
+ XMLRPC_IS_NUMBER(text[i])
tm.tm_sec += (text[i+15]-'0')*n;
n /= 10;
}
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.953r2=1.2027.2.547.2.954diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.2027.2.547.2.953 php-src/NEWS:1.2027.2.547.2.954
--- php-src/NEWS:1.2027.2.547.2.953 Tue Sep 18 09:25:03 2007
+++ php-src/NEWSTue Sep 18 19:49:53 2007
@@ -50,6 +50,8 @@
- Fixed bug #42359 (xsd:list type not parsed). (Dmitry)
- Fixed bug #42326 (SoapServer crash). (Dmitry)
- Fixed bug #42214 (SoapServer sends clients internal PHP errors). (Dmitry)
+- Fixed bug #42189 (xmlrpc_set_type() crashes php on invalid datetime
+ values). (Ilia)
- Fixed bug #42086 (SoapServer return Procedure '' not present for WSIBasic
compliant wsdl). (Dmitry)
- Fixed bug #41561 (Values set with php_admin_* in httpd.conf can be
overwritten
http://cvs.php.net/viewvc.cgi/php-src/ext/xmlrpc/tests/bug42189.phpt?view=markuprev=1.1
Index:
[PHP-CVS] cvs: php-src /ext/xmlrpc xmlrpc-epi-php.c /ext/xmlrpc/libxmlrpc xmlrpc.c /ext/xmlrpc/tests bug42189.phpt
iliaa Tue Sep 18 19:52:28 2007 UTC
Modified files:
/php-src/ext/xmlrpc xmlrpc-epi-php.c
/php-src/ext/xmlrpc/libxmlrpc xmlrpc.c
/php-src/ext/xmlrpc/tests bug42189.phpt
Log:
MFB: Fixed bug #42189 (xmlrpc_set_type() crashes php on invalid datetime
values).
http://cvs.php.net/viewvc.cgi/php-src/ext/xmlrpc/xmlrpc-epi-php.c?r1=1.50r2=1.51diff_format=u
Index: php-src/ext/xmlrpc/xmlrpc-epi-php.c
diff -u php-src/ext/xmlrpc/xmlrpc-epi-php.c:1.50
php-src/ext/xmlrpc/xmlrpc-epi-php.c:1.51
--- php-src/ext/xmlrpc/xmlrpc-epi-php.c:1.50Thu Jul 12 10:04:42 2007
+++ php-src/ext/xmlrpc/xmlrpc-epi-php.c Tue Sep 18 19:52:27 2007
@@ -51,7 +51,7 @@
+--+
*/
-/* $Id: xmlrpc-epi-php.c,v 1.50 2007/07/12 10:04:42 tony2001 Exp $ */
+/* $Id: xmlrpc-epi-php.c,v 1.51 2007/09/18 19:52:27 iliaa Exp $ */
/**
* BUGS: *
@@ -1313,8 +1313,12 @@
if(SUCCESS ==
zend_hash_update(Z_OBJPROP_P(value), OBJECT_TYPE_ATTR,
sizeof(OBJECT_TYPE_ATTR), (void *) type, sizeof(zval *), NULL)) {
bSuccess =
zend_hash_update(Z_OBJPROP_P(value), OBJECT_VALUE_TS_ATTR,
sizeof(OBJECT_VALUE_TS_ATTR), (void *) ztimestamp, sizeof(zval *), NULL);
}
+ } else {
+ zval_ptr_dtor(type);
}
XMLRPC_CleanupValue(v);
+ } else {
+ zval_ptr_dtor(type);
}
}
else {
http://cvs.php.net/viewvc.cgi/php-src/ext/xmlrpc/libxmlrpc/xmlrpc.c?r1=1.11r2=1.12diff_format=u
Index: php-src/ext/xmlrpc/libxmlrpc/xmlrpc.c
diff -u php-src/ext/xmlrpc/libxmlrpc/xmlrpc.c:1.11
php-src/ext/xmlrpc/libxmlrpc/xmlrpc.c:1.12
--- php-src/ext/xmlrpc/libxmlrpc/xmlrpc.c:1.11 Thu Jun 7 09:07:12 2007
+++ php-src/ext/xmlrpc/libxmlrpc/xmlrpc.c Tue Sep 18 19:52:27 2007
@@ -31,7 +31,7 @@
*/
-static const char rcsid[] = #(@) $Id: xmlrpc.c,v 1.11 2007/06/07 09:07:12
tony2001 Exp $;
+static const char rcsid[] = #(@) $Id: xmlrpc.c,v 1.12 2007/09/18 19:52:27
iliaa Exp $;
/h* ABOUT/xmlrpc
@@ -43,6 +43,11 @@
* 9/1999 - 10/2000
* HISTORY
* $Log: xmlrpc.c,v $
+ * Revision 1.12 2007/09/18 19:52:27 iliaa
+ *
+ * MFB: Fixed bug #42189 (xmlrpc_set_type() crashes php on invalid datetime
+ * values).
+ *
* Revision 1.11 2007/06/07 09:07:12 tony2001
* php_localtime_r() checks
*
@@ -179,7 +184,7 @@
}
p++;
}
- text = buf;
+ text = buf;
}
@@ -189,15 +194,19 @@
return -1;
}
+#define XMLRPC_IS_NUMBER(x) if (x '0' || x '9') return -1;
+
n = 1000;
tm.tm_year = 0;
for(i = 0; i 4; i++) {
+ XMLRPC_IS_NUMBER(text[i])
tm.tm_year += (text[i]-'0')*n;
n /= 10;
}
n = 10;
tm.tm_mon = 0;
for(i = 0; i 2; i++) {
+ XMLRPC_IS_NUMBER(text[i])
tm.tm_mon += (text[i+4]-'0')*n;
n /= 10;
}
@@ -206,6 +215,7 @@
n = 10;
tm.tm_mday = 0;
for(i = 0; i 2; i++) {
+ XMLRPC_IS_NUMBER(text[i])
tm.tm_mday += (text[i+6]-'0')*n;
n /= 10;
}
@@ -213,6 +223,7 @@
n = 10;
tm.tm_hour = 0;
for(i = 0; i 2; i++) {
+ XMLRPC_IS_NUMBER(text[i])
tm.tm_hour += (text[i+9]-'0')*n;
n /= 10;
}
@@ -220,6 +231,7 @@
n = 10;
tm.tm_min = 0;
for(i = 0; i 2; i++) {
+ XMLRPC_IS_NUMBER(text[i])
tm.tm_min += (text[i+12]-'0')*n;
n /= 10;
}
@@ -227,6 +239,7 @@
n = 10;
tm.tm_sec = 0;
for(i = 0; i 2; i++) {
+ XMLRPC_IS_NUMBER(text[i])
tm.tm_sec += (text[i+15]-'0')*n;
n /= 10;
}
http://cvs.php.net/viewvc.cgi/php-src/ext/xmlrpc/tests/bug42189.phpt?r1=1.1r2=1.2diff_format=u
Index: php-src/ext/xmlrpc/tests/bug42189.phpt
diff -u /dev/null php-src/ext/xmlrpc/tests/bug42189.phpt:1.2
--- /dev/null Tue Sep 18 19:52:28 2007
+++ php-src/ext/xmlrpc/tests/bug42189.phpt Tue Sep 18 19:52:27 2007
@@ -0,0 +1,15 @@
+--TEST--
+Bug #42189 (xmlrpc_get_type() crashes PHP on invalid dates)
+--SKIPIF--
+?php if (!extension_loaded(xmlrpc)) print skip; ?
+--FILE--
+?php
+$a = '~~';
+$ok = xmlrpc_set_type($a, 'datetime');
+var_dump($ok);
+
+echo Done\n;
+?
+--EXPECT--
+bool(false)
+Done
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/standard dl.c
stasTue Sep 18 20:19:34 2007 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/standard dl.c
Log:
limit dl() argument length (patch by Christian Hoffmann)
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dl.c?r1=1.106.2.1.2.4r2=1.106.2.1.2.5diff_format=u
Index: php-src/ext/standard/dl.c
diff -u php-src/ext/standard/dl.c:1.106.2.1.2.4
php-src/ext/standard/dl.c:1.106.2.1.2.5
--- php-src/ext/standard/dl.c:1.106.2.1.2.4 Thu Sep 13 07:42:12 2007
+++ php-src/ext/standard/dl.c Tue Sep 18 20:19:34 2007
@@ -18,7 +18,7 @@
+--+
*/
-/* $Id: dl.c,v 1.106.2.1.2.4 2007/09/13 07:42:12 jani Exp $ */
+/* $Id: dl.c,v 1.106.2.1.2.5 2007/09/18 20:19:34 stas Exp $ */
#include php.h
#include dl.h
@@ -73,6 +73,11 @@
RETURN_FALSE;
}
+ if (Z_STRLEN_PP(file) = MAXPATHLEN) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, File name exceeds
the maximum allowed length of %d characters, MAXPATHLEN);
+ RETURN_FALSE;
+ }
+
if ((strncmp(sapi_module.name, cgi, 3)!=0)
(strcmp(sapi_module.name, cli)!=0)
(strncmp(sapi_module.name, embed, 5)!=0)) {
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/standard dl.c
stasTue Sep 18 20:21:04 2007 UTC
Modified files:
/php-src/ext/standard dl.c
Log:
limit dl() argument length (patch by Christian Hoffmann)
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dl.c?r1=1.116r2=1.117diff_format=u
Index: php-src/ext/standard/dl.c
diff -u php-src/ext/standard/dl.c:1.116 php-src/ext/standard/dl.c:1.117
--- php-src/ext/standard/dl.c:1.116 Thu Sep 13 07:41:59 2007
+++ php-src/ext/standard/dl.c Tue Sep 18 20:21:04 2007
@@ -18,7 +18,7 @@
+--+
*/
-/* $Id: dl.c,v 1.116 2007/09/13 07:41:59 jani Exp $ */
+/* $Id: dl.c,v 1.117 2007/09/18 20:21:04 stas Exp $ */
#include php.h
#include dl.h
@@ -63,6 +63,11 @@
return;
}
+ if (Z_STRLEN_PP(file) = MAXPATHLEN) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, File name exceeds
the maximum allowed length of %d characters, MAXPATHLEN);
+ RETURN_FALSE;
+ }
+
php_dl(filename, MODULE_TEMPORARY, return_value, 0 TSRMLS_CC);
EG(full_tables_cleanup) = 1;
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) / NEWS
stasTue Sep 18 20:25:08 2007 UTC Modified files: (Branch: PHP_5_2) /php-srcNEWS Log: add dl() limit patch http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.954r2=1.2027.2.547.2.955diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.2027.2.547.2.954 php-src/NEWS:1.2027.2.547.2.955 --- php-src/NEWS:1.2027.2.547.2.954 Tue Sep 18 19:49:53 2007 +++ php-src/NEWSTue Sep 18 20:25:07 2007 @@ -10,6 +10,8 @@ (Stas) - Fixed PDO crash when driver returns empty LOB stream. (Stas) - Fixed dl() to only accept filenames - reported by Laurent Gaffie. (Stas) +- Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887). + (Christian Hoffmann) - Fixed missing brackets leading to build warning and error in the log. Win32 code). (Andrey) - Fixed leaks with multiple connects on one mysqli object. (Andrey) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/mbstring/libmbfl/nls nls_ru.c nls_ru.h
hirokawaTue Sep 18 21:33:30 2007 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/mbstring/libmbfl/nls nls_ru.c nls_ru.h
Log:
modified line end CR - CR+NL
http://cvs.php.net/viewvc.cgi/php-src/ext/mbstring/libmbfl/nls/nls_ru.c?r1=1.1r2=1.1.8.1diff_format=u
Index: php-src/ext/mbstring/libmbfl/nls/nls_ru.c
diff -u php-src/ext/mbstring/libmbfl/nls/nls_ru.c:1.1
php-src/ext/mbstring/libmbfl/nls/nls_ru.c:1.1.8.1
--- php-src/ext/mbstring/libmbfl/nls/nls_ru.c:1.1 Sat Aug 23 06:18:39 2003
+++ php-src/ext/mbstring/libmbfl/nls/nls_ru.c Tue Sep 18 21:33:29 2007
@@ -1,20 +1,22 @@
-#ifdef HAVE_CONFIG_H
-#include config.h
-#endif
-
-#ifdef HAVE_STDDEF_H
-#include stddef.h
-#endif
-
-#include mbfilter.h
-#include nls_ru.h
-
-const mbfl_language mbfl_language_russian = {
- mbfl_no_language_russian,
- Russian,
- ru,
- NULL,
- mbfl_no_encoding_koi8r,
- mbfl_no_encoding_qprint,
- mbfl_no_encoding_8bit
-};
+#ifdef HAVE_CONFIG_H
+#include config.h
+#endif
+
+
+#ifdef HAVE_STDDEF_H
+#include stddef.h
+#endif
+
+
+#include mbfilter.h
+#include nls_ru.h
+
+const mbfl_language mbfl_language_russian = {
+ mbfl_no_language_russian,
+ Russian,
+ ru,
+ NULL,
+ mbfl_no_encoding_koi8r,
+ mbfl_no_encoding_qprint,
+ mbfl_no_encoding_8bit
+};
http://cvs.php.net/viewvc.cgi/php-src/ext/mbstring/libmbfl/nls/nls_ru.h?r1=1.1r2=1.1.8.1diff_format=u
Index: php-src/ext/mbstring/libmbfl/nls/nls_ru.h
diff -u php-src/ext/mbstring/libmbfl/nls/nls_ru.h:1.1
php-src/ext/mbstring/libmbfl/nls/nls_ru.h:1.1.8.1
--- php-src/ext/mbstring/libmbfl/nls/nls_ru.h:1.1 Sat Aug 23 06:18:39 2003
+++ php-src/ext/mbstring/libmbfl/nls/nls_ru.h Tue Sep 18 21:33:29 2007
@@ -1,9 +1,9 @@
-#ifndef MBFL_NLS_RU_H
-#define MBFL_NLS_RU_H
-
-#include mbfilter.h
-#include nls_ru.h
-
-extern const mbfl_language mbfl_language_russian;
-
-#endif /* MBFL_NLS_RU_H */
+#ifndef MBFL_NLS_RU_H
+#define MBFL_NLS_RU_H
+
+#include mbfilter.h
+#include nls_ru.h
+
+extern const mbfl_language mbfl_language_russian;
+
+#endif /* MBFL_NLS_RU_H */
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/mbstring config.m4 /ext/mbstring/oniguruma php_onig_compat.h
hirokawaTue Sep 18 21:35:13 2007 UTC Modified files: /php-src/ext/mbstring config.m4 /php-src/ext/mbstring/oniguruma php_onig_compat.h Log: fixed bug #42502 va_* cannot detect. http://cvs.php.net/viewvc.cgi/php-src/ext/mbstring/config.m4?r1=1.66r2=1.67diff_format=u Index: php-src/ext/mbstring/config.m4 diff -u php-src/ext/mbstring/config.m4:1.66 php-src/ext/mbstring/config.m4:1.67 --- php-src/ext/mbstring/config.m4:1.66 Tue Jul 31 12:23:42 2007 +++ php-src/ext/mbstring/config.m4 Tue Sep 18 21:35:12 2007 @@ -1,5 +1,5 @@ dnl -dnl $Id: config.m4,v 1.66 2007/07/31 12:23:42 tony2001 Exp $ +dnl $Id: config.m4,v 1.67 2007/09/18 21:35:12 hirokawa Exp $ dnl AC_DEFUN([PHP_MBSTRING_ADD_SOURCES], [ @@ -75,7 +75,7 @@ ], [cv_php_mbstring_stdarg=yes], [cv_php_mbstring_stdarg=no], [cv_php_mbstring_stdarg=no]) ]) -AC_CHECK_HEADERS([stdlib.h string.h strings.h unistd.h sys/time.h sys/times.h]) +AC_CHECK_HEADERS([stdlib.h string.h strings.h unistd.h sys/time.h sys/times.h stdarg.h]) AC_CHECK_SIZEOF(int, 4) AC_CHECK_SIZEOF(short, 2) AC_CHECK_SIZEOF(long, 4) @@ -84,9 +84,6 @@ AC_FUNC_ALLOCA AC_FUNC_MEMCMP -if test $cv_php_mbstring_stdarg = yes; then - AC_DEFINE([HAVE_STDARG_PROTOTYPES], 1, [Define if stdarg.h is available]) -fi AC_DEFINE([HAVE_MBREGEX], 1, [whether to have multibyte regex support]) PHP_MBSTRING_ADD_CFLAG([-DNOT_RUBY]) http://cvs.php.net/viewvc.cgi/php-src/ext/mbstring/oniguruma/php_onig_compat.h?r1=1.2r2=1.3diff_format=u Index: php-src/ext/mbstring/oniguruma/php_onig_compat.h diff -u php-src/ext/mbstring/oniguruma/php_onig_compat.h:1.2 php-src/ext/mbstring/oniguruma/php_onig_compat.h:1.3 --- php-src/ext/mbstring/oniguruma/php_onig_compat.h:1.2Mon Feb 21 09:43:55 2005 +++ php-src/ext/mbstring/oniguruma/php_onig_compat.hTue Sep 18 21:35:13 2007 @@ -5,4 +5,10 @@ #define regex_t php_mb_regex_t #define re_registersphp_mb_re_registers +#ifdef HAVE_STDARG_H +#ifndef HAVE_STDARG_PROTOTYPES +#define HAVE_STDARG_PROTOTYPES 1 +#endif +#endif + #endif /* _PHP_MBREGEX_COMPAT_H */ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/mbstring config.m4 /ext/mbstring/oniguruma php_onig_compat.h
hirokawaTue Sep 18 21:35:39 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/mbstring config.m4 /php-src/ext/mbstring/oniguruma php_onig_compat.h Log: MFH: fixed bug #42502 va_* cannot detect. http://cvs.php.net/viewvc.cgi/php-src/ext/mbstring/config.m4?r1=1.58.2.4.2.10r2=1.58.2.4.2.11diff_format=u Index: php-src/ext/mbstring/config.m4 diff -u php-src/ext/mbstring/config.m4:1.58.2.4.2.10 php-src/ext/mbstring/config.m4:1.58.2.4.2.11 --- php-src/ext/mbstring/config.m4:1.58.2.4.2.10Tue Jul 31 12:23:50 2007 +++ php-src/ext/mbstring/config.m4 Tue Sep 18 21:35:39 2007 @@ -1,5 +1,5 @@ dnl -dnl $Id: config.m4,v 1.58.2.4.2.10 2007/07/31 12:23:50 tony2001 Exp $ +dnl $Id: config.m4,v 1.58.2.4.2.11 2007/09/18 21:35:39 hirokawa Exp $ dnl AC_DEFUN([PHP_MBSTRING_ADD_SOURCES], [ @@ -87,7 +87,7 @@ ) ]) -AC_CHECK_HEADERS([stdlib.h string.h strings.h unistd.h sys/time.h sys/times.h]) +AC_CHECK_HEADERS([stdlib.h string.h strings.h unistd.h sys/time.h sys/times.h stdarg.h]) AC_CHECK_SIZEOF(int, 4) AC_CHECK_SIZEOF(short, 2) AC_CHECK_SIZEOF(long, 4) @@ -96,9 +96,6 @@ AC_FUNC_ALLOCA AC_FUNC_MEMCMP -if test $cv_php_mbstring_stdarg = yes; then - AC_DEFINE([HAVE_STDARG_PROTOTYPES], 1, [Define if stdarg.h is available]) -fi AC_DEFINE([HAVE_MBREGEX], 1, [whether to have multibyte regex support]) http://cvs.php.net/viewvc.cgi/php-src/ext/mbstring/oniguruma/php_onig_compat.h?r1=1.2r2=1.2.4.1diff_format=u Index: php-src/ext/mbstring/oniguruma/php_onig_compat.h diff -u php-src/ext/mbstring/oniguruma/php_onig_compat.h:1.2 php-src/ext/mbstring/oniguruma/php_onig_compat.h:1.2.4.1 --- php-src/ext/mbstring/oniguruma/php_onig_compat.h:1.2Mon Feb 21 09:43:55 2005 +++ php-src/ext/mbstring/oniguruma/php_onig_compat.hTue Sep 18 21:35:39 2007 @@ -5,4 +5,10 @@ #define regex_t php_mb_regex_t #define re_registersphp_mb_re_registers +#ifdef HAVE_STDARG_H +#ifndef HAVE_STDARG_PROTOTYPES +#define HAVE_STDARG_PROTOTYPES 1 +#endif +#endif + #endif /* _PHP_MBREGEX_COMPAT_H */ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/iconv iconv.c php_iconv.h
stasWed Sep 19 00:37:43 2007 UTC
Modified files:
/php-src/ext/iconv iconv.c php_iconv.h
Log:
limit iconv parameter sizes - workaround for libc bug
http://cvs.php.net/viewvc.cgi/php-src/ext/iconv/iconv.c?r1=1.153r2=1.154diff_format=u
Index: php-src/ext/iconv/iconv.c
diff -u php-src/ext/iconv/iconv.c:1.153 php-src/ext/iconv/iconv.c:1.154
--- php-src/ext/iconv/iconv.c:1.153 Mon May 28 23:52:13 2007
+++ php-src/ext/iconv/iconv.c Wed Sep 19 00:37:43 2007
@@ -18,7 +18,7 @@
+--+
*/
-/* $Id: iconv.c,v 1.153 2007/05/28 23:52:13 iliaa Exp $ */
+/* $Id: iconv.c,v 1.154 2007/09/19 00:37:43 stas Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -230,12 +230,21 @@
#define GENERIC_SUPERSET_NBYTES 4
/* }}} */
+static PHP_INI_MH(OnUpdateStringIconvCharset)
+{
+ if(new_value_length = ICONV_CSNMAXLEN) {
+ return FAILURE;
+ }
+ OnUpdateString(entry, new_value, new_value_length, mh_arg1, mh_arg2,
mh_arg3, stage TSRMLS_CC);
+ return SUCCESS;
+}
+
/* {{{ PHP_INI
*/
PHP_INI_BEGIN()
- STD_PHP_INI_ENTRY(iconv.input_encoding,ICONV_INPUT_ENCODING,
PHP_INI_ALL, OnUpdateString, input_encoding,zend_iconv_globals,
iconv_globals)
- STD_PHP_INI_ENTRY(iconv.output_encoding, ICONV_OUTPUT_ENCODING,
PHP_INI_ALL, OnUpdateString, output_encoding, zend_iconv_globals,
iconv_globals)
- STD_PHP_INI_ENTRY(iconv.internal_encoding, ICONV_INTERNAL_ENCODING,
PHP_INI_ALL, OnUpdateString, internal_encoding, zend_iconv_globals,
iconv_globals)
+ STD_PHP_INI_ENTRY(iconv.input_encoding,ICONV_INPUT_ENCODING,
PHP_INI_ALL, OnUpdateStringIconvCharset, input_encoding,zend_iconv_globals,
iconv_globals)
+ STD_PHP_INI_ENTRY(iconv.output_encoding, ICONV_OUTPUT_ENCODING,
PHP_INI_ALL, OnUpdateStringIconvCharset, output_encoding, zend_iconv_globals,
iconv_globals)
+ STD_PHP_INI_ENTRY(iconv.internal_encoding, ICONV_INTERNAL_ENCODING,
PHP_INI_ALL, OnUpdateStringIconvCharset, internal_encoding, zend_iconv_globals,
iconv_globals)
PHP_INI_END()
/* }}} */
@@ -1921,7 +1930,7 @@
PHP_FUNCTION(iconv_strlen)
{
char *charset;
- int charset_len;
+ int charset_len = 0;
char *str;
int str_len;
@@ -1936,6 +1945,11 @@
RETURN_FALSE;
}
+ if (charset_len = ICONV_CSNMAXLEN) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, Charset parameter
exceeds the maximum allowed length of %d characters, ICONV_CSNMAXLEN);
+ RETURN_FALSE;
+ }
+
err = _php_iconv_strlen(retval, str, str_len, charset);
_php_iconv_show_error(err, GENERIC_SUPERSET_NAME, charset TSRMLS_CC);
if (err == PHP_ICONV_ERR_SUCCESS) {
@@ -1951,7 +1965,7 @@
PHP_FUNCTION(iconv_substr)
{
char *charset;
- int charset_len;
+ int charset_len = 0;
char *str;
int str_len;
long offset, length;
@@ -1968,6 +1982,11 @@
RETURN_FALSE;
}
+ if (charset_len = ICONV_CSNMAXLEN) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, Charset parameter
exceeds the maximum allowed length of %d characters, ICONV_CSNMAXLEN);
+ RETURN_FALSE;
+ }
+
if (ZEND_NUM_ARGS() 3) {
length = str_len;
}
@@ -1993,7 +2012,7 @@
PHP_FUNCTION(iconv_strpos)
{
char *charset;
- int charset_len;
+ int charset_len = 0;
char *haystk;
int haystk_len;
char *ndl;
@@ -2013,6 +2032,11 @@
RETURN_FALSE;
}
+ if (charset_len = ICONV_CSNMAXLEN) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, Charset parameter
exceeds the maximum allowed length of %d characters, ICONV_CSNMAXLEN);
+ RETURN_FALSE;
+ }
+
if (offset 0) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, Offset not
contained in string);
RETURN_FALSE;
@@ -2039,7 +2063,7 @@
PHP_FUNCTION(iconv_strrpos)
{
char *charset;
- int charset_len;
+ int charset_len = 0;
char *haystk;
int haystk_len;
char *ndl;
@@ -2061,6 +2085,11 @@
RETURN_FALSE;
}
+ if (charset_len = ICONV_CSNMAXLEN) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, Charset parameter
exceeds the maximum allowed length of %d characters, ICONV_CSNMAXLEN);
+ RETURN_FALSE;
+ }
+
err = _php_iconv_strpos(retval, haystk, haystk_len, ndl, ndl_len,
-1, charset);
_php_iconv_show_error(err, GENERIC_SUPERSET_NAME, charset TSRMLS_CC);
@@ -2117,6 +2146,11 @@
}
if (zend_hash_find(Z_ARRVAL_P(pref), input-charset,
sizeof(input-charset), (void **)ppval) == SUCCESS) {
+ if (Z_STRLEN_PP(ppval) =
[PHP-CVS] cvs: php-src /ext/xmlrpc/libxmlrpc encodings.c
stasWed Sep 19 00:38:48 2007 UTC
Modified files:
/php-src/ext/xmlrpc/libxmlrpc encodings.c
Log:
MFB: limit iconv parameters here too
http://cvs.php.net/viewvc.cgi/php-src/ext/xmlrpc/libxmlrpc/encodings.c?r1=1.7r2=1.8diff_format=u
Index: php-src/ext/xmlrpc/libxmlrpc/encodings.c
diff -u php-src/ext/xmlrpc/libxmlrpc/encodings.c:1.7
php-src/ext/xmlrpc/libxmlrpc/encodings.c:1.8
--- php-src/ext/xmlrpc/libxmlrpc/encodings.c:1.7Mon Mar 8 23:04:33 2004
+++ php-src/ext/xmlrpc/libxmlrpc/encodings.cWed Sep 19 00:38:48 2007
@@ -41,7 +41,7 @@
#include stdlib.h
#endif
-static const char rcsid[] = #(@) $Id: encodings.c,v 1.7 2004/03/08 23:04:33
abies Exp $;
+static const char rcsid[] = #(@) $Id: encodings.c,v 1.8 2007/09/19 00:38:48
stas Exp $;
#include errno.h
@@ -53,6 +53,10 @@
#include encodings.h
+#ifndef ICONV_CSNMAXLEN
+#define ICONV_CSNMAXLEN 64
+#endif
+
static char* convert(const char* src, int src_len, int *new_len, const char*
from_enc, const char* to_enc) {
char* outbuf = 0;
@@ -60,9 +64,13 @@
size_t outlenleft = src_len;
size_t inlenleft = src_len;
int outlen = src_len;
- iconv_t ic = iconv_open(to_enc, from_enc);
+ iconv_t ic;
char* out_ptr = 0;
+ if(strlen(to_enc) = ICONV_CSNMAXLEN || strlen(from_enc) =
ICONV_CSNMAXLEN) {
+ return NULL;
+ }
+ ic = iconv_open(to_enc, from_enc);
if(ic != (iconv_t)-1) {
size_t st;
outbuf = (char*)malloc(outlen + 1);
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) / NEWS
stasWed Sep 19 00:41:11 2007 UTC Modified files: (Branch: PHP_5_2) /php-srcNEWS Log: report iconv fix http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.955r2=1.2027.2.547.2.956diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.2027.2.547.2.955 php-src/NEWS:1.2027.2.547.2.956 --- php-src/NEWS:1.2027.2.547.2.955 Tue Sep 18 20:25:07 2007 +++ php-src/NEWSWed Sep 19 00:41:10 2007 @@ -12,6 +12,8 @@ - Fixed dl() to only accept filenames - reported by Laurent Gaffie. (Stas) - Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887). (Christian Hoffmann) +- Fixed iconv_*() functions to limit argument sizes as workaround to libc + bug (CVE-2007-4783, CVE-2007-4840). (Christian Hoffmann, Stas) - Fixed missing brackets leading to build warning and error in the log. Win32 code). (Andrey) - Fixed leaks with multiple connects on one mysqli object. (Andrey) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/iconv/tests iconv-charset-length-cve-2007-4840.phpt iconv_mime_decode-charset-length-cve-2007-4840.phpt iconv_mime_decode_headers-charset-length-cve-2007-4840.phpt iconv_se
stasWed Sep 19 00:42:20 2007 UTC
Modified files:
/php-src/ext/iconv/testsiconv-charset-length-cve-2007-4840.phpt
iconv_mime_decode-charset-length-cve-2007-4840.phpt
iconv_mime_decode_headers-charset-length-cve-2007-4840.phpt
iconv_set_encoding-charset-length-cve-2007-4840.phpt
iconv_strlen-charset-length-cve-2007-4840.phpt
iconv_strpos-charset-length-cve-2007-4840.phpt
iconv_strrpos-charset-length-cve-2007-4840.phpt
iconv_substr-charset-length-cve-2007-4783.phpt
Log:
MFB length tests
http://cvs.php.net/viewvc.cgi/php-src/ext/iconv/tests/iconv-charset-length-cve-2007-4840.phpt?r1=1.1r2=1.2diff_format=u
Index: php-src/ext/iconv/tests/iconv-charset-length-cve-2007-4840.phpt
diff -u /dev/null
php-src/ext/iconv/tests/iconv-charset-length-cve-2007-4840.phpt:1.2
--- /dev/null Wed Sep 19 00:42:20 2007
+++ php-src/ext/iconv/tests/iconv-charset-length-cve-2007-4840.phpt Wed Sep
19 00:42:20 2007
@@ -0,0 +1,17 @@
+--TEST--
+iconv() charset parameter length checks (CVE-2007-4840)
+--SKIPIF--
+?php extension_loaded('iconv') or die('skip iconv extension is not
available'); ?
+--FILE--
+?php
+$a = str_repeat(/, 900);
+var_dump(iconv($a, b, test));
+var_dump(iconv(x, $a, test));
+?
+--EXPECTF--
+
+Warning: iconv(): Charset parameter exceeds the maximum allowed length of %d
characters in %s on line %d
+bool(false)
+
+Warning: iconv(): Charset parameter exceeds the maximum allowed length of %d
characters in %s on line %d
+bool(false)
http://cvs.php.net/viewvc.cgi/php-src/ext/iconv/tests/iconv_mime_decode-charset-length-cve-2007-4840.phpt?r1=1.1r2=1.2diff_format=u
Index:
php-src/ext/iconv/tests/iconv_mime_decode-charset-length-cve-2007-4840.phpt
diff -u /dev/null
php-src/ext/iconv/tests/iconv_mime_decode-charset-length-cve-2007-4840.phpt:1.2
--- /dev/null Wed Sep 19 00:42:20 2007
+++ php-src/ext/iconv/tests/iconv_mime_decode-charset-length-cve-2007-4840.phpt
Wed Sep 19 00:42:20 2007
@@ -0,0 +1,13 @@
+--TEST--
+iconv_mime_decode() charset parameter length checks (CVE-2007-4840)
+--SKIPIF--
+?php extension_loaded('iconv') or die('skip iconv extension is not
available'); ?
+--FILE--
+?php
+$a = str_repeat(/, 900);
+var_dump(iconv_mime_decode(a, null, $a));
+?
+--EXPECTF--
+
+Warning: iconv_mime_decode(): Charset parameter exceeds the maximum allowed
length of %d characters in %s on line %d
+bool(false)
http://cvs.php.net/viewvc.cgi/php-src/ext/iconv/tests/iconv_mime_decode_headers-charset-length-cve-2007-4840.phpt?r1=1.1r2=1.2diff_format=u
Index:
php-src/ext/iconv/tests/iconv_mime_decode_headers-charset-length-cve-2007-4840.phpt
diff -u /dev/null
php-src/ext/iconv/tests/iconv_mime_decode_headers-charset-length-cve-2007-4840.phpt:1.2
--- /dev/null Wed Sep 19 00:42:20 2007
+++
php-src/ext/iconv/tests/iconv_mime_decode_headers-charset-length-cve-2007-4840.phpt
Wed Sep 19 00:42:20 2007
@@ -0,0 +1,13 @@
+--TEST--
+iconv_mime_decode_headers() charset parameter length checks (CVE-2007-4840)
+--SKIPIF--
+?php extension_loaded('iconv') or die('skip iconv extension is not
available'); ?
+--FILE--
+?php
+$a = str_repeat(/, 900);
+var_dump(iconv_mime_decode_headers(a, null, $a));
+?
+--EXPECTF--
+
+Warning: iconv_mime_decode_headers(): Charset parameter exceeds the maximum
allowed length of %d characters in %s on line %d
+bool(false)
http://cvs.php.net/viewvc.cgi/php-src/ext/iconv/tests/iconv_set_encoding-charset-length-cve-2007-4840.phpt?r1=1.1r2=1.2diff_format=u
Index:
php-src/ext/iconv/tests/iconv_set_encoding-charset-length-cve-2007-4840.phpt
diff -u /dev/null
php-src/ext/iconv/tests/iconv_set_encoding-charset-length-cve-2007-4840.phpt:1.2
--- /dev/null Wed Sep 19 00:42:20 2007
+++
php-src/ext/iconv/tests/iconv_set_encoding-charset-length-cve-2007-4840.phpt
Wed Sep 19 00:42:20 2007
@@ -0,0 +1,21 @@
+--TEST--
+iconv_set_encoding() charset parameter length checks (CVE-2007-4840)
+--SKIPIF--
+?php extension_loaded('iconv') or die('skip iconv extension is not
available'); ?
+--FILE--
+?php
+$a = str_repeat(/, 900);
+var_dump(iconv_set_encoding(input_encoding, $a));
+var_dump(iconv_set_encoding(output_encoding, $a));
+var_dump(iconv_set_encoding(internal_encoding, $a));
+?
+--EXPECTF--
+
+Warning: iconv_set_encoding(): Charset parameter exceeds the maximum allowed
length of %d characters in %s on line %d
+bool(false)
+
+Warning: iconv_set_encoding(): Charset parameter exceeds the maximum allowed
length of %d characters in %s on line %d
+bool(false)
+
+Warning: iconv_set_encoding(): Charset parameter exceeds the maximum allowed
length of %d characters in %s on line %d
+bool(false)
http://cvs.php.net/viewvc.cgi/php-src/ext/iconv/tests/iconv_strlen-charset-length-cve-2007-4840.phpt?r1=1.1r2=1.2diff_format=u
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/iconv/tests ob_iconv_handler-charset-length-cve-2007-4840.phpt
stasWed Sep 19 00:49:02 2007 UTC Added files: (Branch: PHP_5_2) /php-src/ext/iconv/tests ob_iconv_handler-charset-length-cve-2007-4840.phpt Log: one more test http://cvs.php.net/viewvc.cgi/php-src/ext/iconv/tests/ob_iconv_handler-charset-length-cve-2007-4840.phpt?view=markuprev=1.1 Index: php-src/ext/iconv/tests/ob_iconv_handler-charset-length-cve-2007-4840.phpt +++ php-src/ext/iconv/tests/ob_iconv_handler-charset-length-cve-2007-4840.phpt -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/iconv/tests ob_iconv_handler-charset-length-cve-2007-4840.phpt
stasWed Sep 19 00:49:25 2007 UTC
Modified files:
/php-src/ext/iconv/tests
ob_iconv_handler-charset-length-cve-2007-4840.phpt
Log:
MFB one more test
http://cvs.php.net/viewvc.cgi/php-src/ext/iconv/tests/ob_iconv_handler-charset-length-cve-2007-4840.phpt?r1=1.1r2=1.2diff_format=u
Index:
php-src/ext/iconv/tests/ob_iconv_handler-charset-length-cve-2007-4840.phpt
diff -u /dev/null
php-src/ext/iconv/tests/ob_iconv_handler-charset-length-cve-2007-4840.phpt:1.2
--- /dev/null Wed Sep 19 00:49:25 2007
+++ php-src/ext/iconv/tests/ob_iconv_handler-charset-length-cve-2007-4840.phpt
Wed Sep 19 00:49:25 2007
@@ -0,0 +1,12 @@
+--TEST--
+ob_iconv_handler() charset parameter length checks (CVE-2007-4840)
+--SKIPIF--
+?php extension_loaded('iconv') or die('skip iconv extension is not
available'); ?
+--FILE--
+?php
+ini_set(iconv.output_encoding, str_repeat(a, 900));
+ob_start(ob_iconv_handler);
+print done;
+?
+--EXPECT--
+done
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/xmlrpc/libxmlrpc encodings.c
stasWed Sep 19 00:33:43 2007 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/xmlrpc/libxmlrpc encodings.c
Log:
limit iconv parameters here too
http://cvs.php.net/viewvc.cgi/php-src/ext/xmlrpc/libxmlrpc/encodings.c?r1=1.7r2=1.7.6.1diff_format=u
Index: php-src/ext/xmlrpc/libxmlrpc/encodings.c
diff -u php-src/ext/xmlrpc/libxmlrpc/encodings.c:1.7
php-src/ext/xmlrpc/libxmlrpc/encodings.c:1.7.6.1
--- php-src/ext/xmlrpc/libxmlrpc/encodings.c:1.7Mon Mar 8 23:04:33 2004
+++ php-src/ext/xmlrpc/libxmlrpc/encodings.cWed Sep 19 00:33:43 2007
@@ -41,7 +41,7 @@
#include stdlib.h
#endif
-static const char rcsid[] = #(@) $Id: encodings.c,v 1.7 2004/03/08 23:04:33
abies Exp $;
+static const char rcsid[] = #(@) $Id: encodings.c,v 1.7.6.1 2007/09/19
00:33:43 stas Exp $;
#include errno.h
@@ -53,6 +53,10 @@
#include encodings.h
+#ifndef ICONV_CSNMAXLEN
+#define ICONV_CSNMAXLEN 64
+#endif
+
static char* convert(const char* src, int src_len, int *new_len, const char*
from_enc, const char* to_enc) {
char* outbuf = 0;
@@ -60,9 +64,13 @@
size_t outlenleft = src_len;
size_t inlenleft = src_len;
int outlen = src_len;
- iconv_t ic = iconv_open(to_enc, from_enc);
+ iconv_t ic;
char* out_ptr = 0;
+ if(strlen(to_enc) = ICONV_CSNMAXLEN || strlen(from_enc) =
ICONV_CSNMAXLEN) {
+ return NULL;
+ }
+ ic = iconv_open(to_enc, from_enc);
if(ic != (iconv_t)-1) {
size_t st;
outbuf = (char*)malloc(outlen + 1);
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/iconv iconv.c php_iconv.h
stasWed Sep 19 00:30:53 2007 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/iconv iconv.c php_iconv.h
Log:
limit iconv parameter sizes - workaround for glibc bug
http://cvs.php.net/viewvc.cgi/php-src/ext/iconv/iconv.c?r1=1.124.2.8.2.16r2=1.124.2.8.2.17diff_format=u
Index: php-src/ext/iconv/iconv.c
diff -u php-src/ext/iconv/iconv.c:1.124.2.8.2.16
php-src/ext/iconv/iconv.c:1.124.2.8.2.17
--- php-src/ext/iconv/iconv.c:1.124.2.8.2.16Sat May 19 17:52:30 2007
+++ php-src/ext/iconv/iconv.c Wed Sep 19 00:30:52 2007
@@ -18,7 +18,7 @@
+--+
*/
-/* $Id: iconv.c,v 1.124.2.8.2.16 2007/05/19 17:52:30 iliaa Exp $ */
+/* $Id: iconv.c,v 1.124.2.8.2.17 2007/09/19 00:30:52 stas Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -233,12 +233,21 @@
#define GENERIC_SUPERSET_NBYTES 4
/* }}} */
+static PHP_INI_MH(OnUpdateStringIconvCharset)
+{
+ if(new_value_length = ICONV_CSNMAXLEN) {
+ return FAILURE;
+ }
+ OnUpdateString(entry, new_value, new_value_length, mh_arg1, mh_arg2,
mh_arg3, stage TSRMLS_CC);
+ return SUCCESS;
+}
+
/* {{{ PHP_INI
*/
PHP_INI_BEGIN()
- STD_PHP_INI_ENTRY(iconv.input_encoding,ICONV_INPUT_ENCODING,
PHP_INI_ALL, OnUpdateString, input_encoding,zend_iconv_globals,
iconv_globals)
- STD_PHP_INI_ENTRY(iconv.output_encoding, ICONV_OUTPUT_ENCODING,
PHP_INI_ALL, OnUpdateString, output_encoding, zend_iconv_globals,
iconv_globals)
- STD_PHP_INI_ENTRY(iconv.internal_encoding, ICONV_INTERNAL_ENCODING,
PHP_INI_ALL, OnUpdateString, internal_encoding, zend_iconv_globals,
iconv_globals)
+ STD_PHP_INI_ENTRY(iconv.input_encoding,ICONV_INPUT_ENCODING,
PHP_INI_ALL, OnUpdateStringIconvCharset, input_encoding,zend_iconv_globals,
iconv_globals)
+ STD_PHP_INI_ENTRY(iconv.output_encoding, ICONV_OUTPUT_ENCODING,
PHP_INI_ALL, OnUpdateStringIconvCharset, output_encoding, zend_iconv_globals,
iconv_globals)
+ STD_PHP_INI_ENTRY(iconv.internal_encoding, ICONV_INTERNAL_ENCODING,
PHP_INI_ALL, OnUpdateStringIconvCharset, internal_encoding, zend_iconv_globals,
iconv_globals)
PHP_INI_END()
/* }}} */
@@ -1858,7 +1867,7 @@
PHP_FUNCTION(iconv_strlen)
{
char *charset;
- int charset_len;
+ int charset_len = 0;
char *str;
int str_len;
@@ -1873,6 +1882,11 @@
RETURN_FALSE;
}
+ if (charset_len = ICONV_CSNMAXLEN) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, Charset parameter
exceeds the maximum allowed length of %d characters, ICONV_CSNMAXLEN);
+ RETURN_FALSE;
+ }
+
err = _php_iconv_strlen(retval, str, str_len, charset);
_php_iconv_show_error(err, GENERIC_SUPERSET_NAME, charset TSRMLS_CC);
if (err == PHP_ICONV_ERR_SUCCESS) {
@@ -1888,7 +1902,7 @@
PHP_FUNCTION(iconv_substr)
{
char *charset;
- int charset_len;
+ int charset_len = 0;
char *str;
int str_len;
long offset, length;
@@ -1905,6 +1919,11 @@
RETURN_FALSE;
}
+ if (charset_len = ICONV_CSNMAXLEN) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, Charset parameter
exceeds the maximum allowed length of %d characters, ICONV_CSNMAXLEN);
+ RETURN_FALSE;
+ }
+
if (ZEND_NUM_ARGS() 3) {
length = str_len;
}
@@ -1925,7 +1944,7 @@
PHP_FUNCTION(iconv_strpos)
{
char *charset;
- int charset_len;
+ int charset_len = 0;
char *haystk;
int haystk_len;
char *ndl;
@@ -1945,6 +1964,11 @@
RETURN_FALSE;
}
+ if (charset_len = ICONV_CSNMAXLEN) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, Charset parameter
exceeds the maximum allowed length of %d characters, ICONV_CSNMAXLEN);
+ RETURN_FALSE;
+ }
+
if (offset 0) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, Offset not
contained in string.);
RETURN_FALSE;
@@ -1971,7 +1995,7 @@
PHP_FUNCTION(iconv_strrpos)
{
char *charset;
- int charset_len;
+ int charset_len = 0;
char *haystk;
int haystk_len;
char *ndl;
@@ -1993,6 +2017,11 @@
RETURN_FALSE;
}
+ if (charset_len = ICONV_CSNMAXLEN) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, Charset parameter
exceeds the maximum allowed length of %d characters, ICONV_CSNMAXLEN);
+ RETURN_FALSE;
+ }
+
err = _php_iconv_strpos(retval, haystk, haystk_len, ndl, ndl_len,
-1, charset);
_php_iconv_show_error(err, GENERIC_SUPERSET_NAME, charset TSRMLS_CC);
@@ -2049,6 +2078,11 @@
}
if (zend_hash_find(Z_ARRVAL_P(pref), input-charset,
sizeof(input-charset), (void
[PHP-CVS] cvs: php-src /ext/standard dl.c
stasWed Sep 19 00:06:06 2007 UTC
Modified files:
/php-src/ext/standard dl.c
Log:
use right variable name
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dl.c?r1=1.117r2=1.118diff_format=u
Index: php-src/ext/standard/dl.c
diff -u php-src/ext/standard/dl.c:1.117 php-src/ext/standard/dl.c:1.118
--- php-src/ext/standard/dl.c:1.117 Tue Sep 18 20:21:04 2007
+++ php-src/ext/standard/dl.c Wed Sep 19 00:06:05 2007
@@ -18,7 +18,7 @@
+--+
*/
-/* $Id: dl.c,v 1.117 2007/09/18 20:21:04 stas Exp $ */
+/* $Id: dl.c,v 1.118 2007/09/19 00:06:05 stas Exp $ */
#include php.h
#include dl.h
@@ -63,7 +63,7 @@
return;
}
- if (Z_STRLEN_PP(file) = MAXPATHLEN) {
+ if (Z_STRLEN_PP(filename) = MAXPATHLEN) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, File name exceeds
the maximum allowed length of %d characters, MAXPATHLEN);
RETURN_FALSE;
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/iconv/tests iconv-charset-length-cve-2007-4840.phpt iconv_mime_decode-charset-length-cve-2007-4840.phpt iconv_mime_decode_headers-charset-length-cve-2007-4840.phpt
stasWed Sep 19 00:18:01 2007 UTC Added files: (Branch: PHP_5_2) /php-src/ext/iconv/testsiconv-charset-length-cve-2007-4840.phpt iconv_mime_decode-charset-length-cve-2007-4840.phpt iconv_mime_decode_headers-charset-length-cve-2007-4840.phpt iconv_set_encoding-charset-length-cve-2007-4840.phpt iconv_strlen-charset-length-cve-2007-4840.phpt iconv_strpos-charset-length-cve-2007-4840.phpt iconv_strrpos-charset-length-cve-2007-4840.phpt iconv_substr-charset-length-cve-2007-4783.phpt Log: add length tests for iconv functions http://cvs.php.net/viewvc.cgi/php-src/ext/iconv/tests/iconv-charset-length-cve-2007-4840.phpt?view=markuprev=1.1 Index: php-src/ext/iconv/tests/iconv-charset-length-cve-2007-4840.phpt +++ php-src/ext/iconv/tests/iconv-charset-length-cve-2007-4840.phpt http://cvs.php.net/viewvc.cgi/php-src/ext/iconv/tests/iconv_mime_decode-charset-length-cve-2007-4840.phpt?view=markuprev=1.1 Index: php-src/ext/iconv/tests/iconv_mime_decode-charset-length-cve-2007-4840.phpt +++ php-src/ext/iconv/tests/iconv_mime_decode-charset-length-cve-2007-4840.phpt http://cvs.php.net/viewvc.cgi/php-src/ext/iconv/tests/iconv_mime_decode_headers-charset-length-cve-2007-4840.phpt?view=markuprev=1.1 Index: php-src/ext/iconv/tests/iconv_mime_decode_headers-charset-length-cve-2007-4840.phpt +++ php-src/ext/iconv/tests/iconv_mime_decode_headers-charset-length-cve-2007-4840.phpt http://cvs.php.net/viewvc.cgi/php-src/ext/iconv/tests/iconv_set_encoding-charset-length-cve-2007-4840.phpt?view=markuprev=1.1 Index: php-src/ext/iconv/tests/iconv_set_encoding-charset-length-cve-2007-4840.phpt +++ php-src/ext/iconv/tests/iconv_set_encoding-charset-length-cve-2007-4840.phpt http://cvs.php.net/viewvc.cgi/php-src/ext/iconv/tests/iconv_strlen-charset-length-cve-2007-4840.phpt?view=markuprev=1.1 Index: php-src/ext/iconv/tests/iconv_strlen-charset-length-cve-2007-4840.phpt +++ php-src/ext/iconv/tests/iconv_strlen-charset-length-cve-2007-4840.phpt http://cvs.php.net/viewvc.cgi/php-src/ext/iconv/tests/iconv_strpos-charset-length-cve-2007-4840.phpt?view=markuprev=1.1 Index: php-src/ext/iconv/tests/iconv_strpos-charset-length-cve-2007-4840.phpt +++ php-src/ext/iconv/tests/iconv_strpos-charset-length-cve-2007-4840.phpt http://cvs.php.net/viewvc.cgi/php-src/ext/iconv/tests/iconv_strrpos-charset-length-cve-2007-4840.phpt?view=markuprev=1.1 Index: php-src/ext/iconv/tests/iconv_strrpos-charset-length-cve-2007-4840.phpt +++ php-src/ext/iconv/tests/iconv_strrpos-charset-length-cve-2007-4840.phpt http://cvs.php.net/viewvc.cgi/php-src/ext/iconv/tests/iconv_substr-charset-length-cve-2007-4783.phpt?view=markuprev=1.1 Index: php-src/ext/iconv/tests/iconv_substr-charset-length-cve-2007-4783.phpt +++ php-src/ext/iconv/tests/iconv_substr-charset-length-cve-2007-4783.phpt -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/standard dl.c
johannesWed Sep 19 01:08:39 2007 UTC
Modified files:
/php-src/ext/standard dl.c
Log:
- Fix build (filename is a zval * here, not a zval** like in 5_2)
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dl.c?r1=1.118r2=1.119diff_format=u
Index: php-src/ext/standard/dl.c
diff -u php-src/ext/standard/dl.c:1.118 php-src/ext/standard/dl.c:1.119
--- php-src/ext/standard/dl.c:1.118 Wed Sep 19 00:06:05 2007
+++ php-src/ext/standard/dl.c Wed Sep 19 01:08:38 2007
@@ -18,7 +18,7 @@
+--+
*/
-/* $Id: dl.c,v 1.118 2007/09/19 00:06:05 stas Exp $ */
+/* $Id: dl.c,v 1.119 2007/09/19 01:08:38 johannes Exp $ */
#include php.h
#include dl.h
@@ -63,7 +63,7 @@
return;
}
- if (Z_STRLEN_PP(filename) = MAXPATHLEN) {
+ if (Z_STRLEN_P(filename) = MAXPATHLEN) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, File name exceeds
the maximum allowed length of %d characters, MAXPATHLEN);
RETURN_FALSE;
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
