summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* set versions for releasephp-7.1.29PHP-7.1.29Joe Watkins2019-05-013-4/+4
|
* Fix bug #77950 - Heap-buffer-overflow in _estrndup via exif_process_IFD_TAGStanislav Malyshev2019-04-304-3/+22
| | | | | | I do not completely understand what is going on there, but I am pretty sure dir_entry <= offset_base if not a normal situation, so we better not to rely on such dir_entry.
* Fix #77821: Potential heap corruption in TSendMail()Christoph M. Becker2019-04-291-6/+7
| | | | | | | | `zend_string_tolower()` returns a copy (not a duplicate) of the given string, if it is already in lower case. In this case we must not not `zend_string_free()` both strings. The cleanest solution is to call ` zend_string_release()` on both strings, which properly handles the refcount.
* Always use ZEND_SECURE_ZERO() when cleaning up dataStanislav Malyshev2019-04-065-5/+7
| | | | | | Optimizing compilers have an annoying tendency to throw out memsets over data that they think aren't used anymore. Apply secure zero-out in cases where this has potential to happen.
* bump versions after releaseJoe Watkins2019-04-023-5/+9
|
* fix paste issueRemi Collet2019-04-021-1/+1
|
* Pointer arithmetic on void pointers is illegalChristoph M. Becker2019-04-021-2/+2
| | | | | We quick-fix this by casting to char*; it might be more appropriate to use char pointers in the first place.
* Fixed bug #77831 - Heap-buffer-overflow in exif_iif_add_value in EXIFStanislav Malyshev2019-04-024-15/+42
|
* Update NEWSStanislav Malyshev2019-03-311-0/+3
|
* Fix bug #77753 - Heap-buffer-overflow in php_ifd_get32sStanislav Malyshev2019-03-313-0/+20
|
* Validate subject encoding in mb_split and mb_ereg_matchNikita Popov2019-03-272-5/+12
| | | | | We were already validating the subject encoding in most functions, but not these two.
* Validate pattern against mbregex encodingNikita Popov2019-03-276-15/+31
| | | | | | Oniguruma does not consistently perform this validation itself (at least on older versions), so make sure we check pattern encoding validity on the PHP side.
* SQLite3: add DEFENSIVE config for SQLite >= 3.26.0 as a mitigation strategy ↵bohwaz2019-03-116-1/+74
| | | | against potential security flaws
* Sync with behavior change in OpenSSL 1.1.1bAnatol Belski2019-03-081-1/+1
| | | | | | | | | A behavior change in revealed by some openssl_decrypt() based test, where an encrypt API is used with a decrypt context. The EVP_Cipher* functions will automatically choose the right operation depending on the context passed. (cherry picked from commit 19a44ffb7be91344550fa700830b8e62a73031ba)
* fix newsJoe Watkins2019-03-051-2/+2
|
* bump versions after releaseJoe Watkins2019-03-053-5/+9
|
* Fix bug #77630 - safer rename() procedureStanislav Malyshev2019-03-041-17/+34
| | | | | | | In order to rename safer, we do the following: - set umask to 077 (unfortunately, not TS, so excluding ZTS) - chown() first, to set proper group before allowing group access - chmod() after, even if chown() fails
* Fix bug #77586 - phar_tar_writeheaders_int() buffer overflowStanislav Malyshev2019-03-035-8/+37
|
* Update NEWSStanislav Malyshev2019-03-031-0/+16
|
* Fix test error messageStanislav Malyshev2019-03-031-1/+1
|
* Fix bug #77563 - Uninitialized read in exif_process_IFD_in_MAKERNOTEStanislav Malyshev2019-03-033-1/+18
| | | | Also fix for bug #77659
* Fix bug #77540 - Invalid Read on exif_process_SOFnStanislav Malyshev2019-03-033-2/+24
|
* Fix integer overflows on 32-bitsStanislav Malyshev2019-03-031-7/+7
|
* Fix #77431 SplFileInfo::__construct() accepts NUL bytesChristoph M. Becker2019-03-032-1/+10
| | | | | `SplFileInfo::__construct()` has to expect a path instead of a string, analogous to `SplFileObject::__construct()`.
* Fix bug #77396 - Null Pointer Dereference in phar_create_or_parse_filenameStanislav Malyshev2019-03-032-0/+18
|
* Use pkg-config for ICU, as the old icu-config has been deprecatedDerick Rethans2019-02-071-32/+66
|
* Bump for 7.1.27Sara Golemon2019-01-083-5/+8
|
* Still leaking for some reason, XFAIL for now, I'll look into it later.Stanislav Malyshev2019-01-071-0/+2
|
* Merge branch 'PHP-5.6' into PHP-7.1Stanislav Malyshev2019-01-066-2/+22
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.6: Fix bug #77418 - Heap overflow in utf32be_mbc_to_code [ci skip] Add NEWS Fix more issues with encodilng length Fix #77270: imagecolormatch Out Of Bounds Write on Heap Fix bug #77380 (Global out of bounds read in xmlrpc base64 code) Fix bug #77371 (heap buffer overflow in mb regex functions - compile_string_node) Fix bug #77370 - check that we do not read past buffer end when parsing multibytes Fix #77269: Potential unsigned underflow in gdImageScale Fix bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext) Fix bug #77242 (heap out of bounds read in xmlrpc_decode()) Regenerate certs for openssl tests
| * Fix bug #77418 - Heap overflow in utf32be_mbc_to_codeStanislav Malyshev2019-01-066-5/+25
| |
| * [ci skip] Add NEWSStanislav Malyshev2019-01-061-0/+22
| |
| * Fix more issues with encodilng lengthStanislav Malyshev2019-01-066-14/+38
| | | | | | | | Should fix bug #77381, bug #77382, bug #77385, bug #77394.
| * Fix #77270: imagecolormatch Out Of Bounds Write on HeapChristoph M. Becker2019-01-062-2/+20
| | | | | | | | | | | | | | At least some of the image reading functions may return images which use color indexes greater than or equal to im->colorsTotal. We cater to this by always using a buffer size which is sufficient for `gdMaxColors` in `gdImageColorMatch()`.
| * Fix bug #77380 (Global out of bounds read in xmlrpc base64 code)Stanislav Malyshev2019-01-062-2/+19
| |
| * Fix bug #77371 (heap buffer overflow in mb regex functions - ↵Stanislav Malyshev2019-01-062-0/+11
| | | | | | | | compile_string_node)
| * Fix bug #77370 - check that we do not read past buffer end when parsing ↵Stanislav Malyshev2019-01-062-0/+22
| | | | | | | | multibytes
| * Fix #77269: Potential unsigned underflow in gdImageScaleChristoph M. Becker2019-01-062-9/+30
| | | | | | | | | | | | Belatedly, we're porting the respective upstream patch[1]. [1] <https://github.com/libgd/libgd/commit/60bfb401ad5a4a8ae995dcd36372fe15c71e1a35>
| * Fix bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext)Stanislav Malyshev2019-01-062-1/+15
| |
| * Fix bug #77242 (heap out of bounds read in xmlrpc_decode())Stanislav Malyshev2019-01-062-0/+13
| |
| * Regenerate certs for openssl testsAlexander Kurilo2019-01-025-44/+91
| |
* | Add NEWSStanislav Malyshev2019-01-061-0/+25
| |
* | Fix testStanislav Malyshev2019-01-061-0/+2
| |
* | Fix #77369 - memcpy with negative length via crafted DNS responseStanislav Malyshev2019-01-061-0/+7
| |
* | Fix more issues with encodilng lengthStanislav Malyshev2019-01-066-14/+38
| | | | | | | | Should fix bug #77381, bug #77382, bug #77385, bug #77394.
* | Fix #77270: imagecolormatch Out Of Bounds Write on HeapChristoph M. Becker2019-01-062-2/+20
| | | | | | | | | | | | | | At least some of the image reading functions may return images which use color indexes greater than or equal to im->colorsTotal. We cater to this by always using a buffer size which is sufficient for `gdMaxColors` in `gdImageColorMatch()`.
* | Fix bug #77380 (Global out of bounds read in xmlrpc base64 code)Stanislav Malyshev2019-01-062-2/+19
| |
* | Fix bug #77371 (heap buffer overflow in mb regex functions - ↵Stanislav Malyshev2019-01-062-0/+11
| | | | | | | | compile_string_node)
* | Fix bug #77370 - check that we do not read past buffer end when parsing ↵Stanislav Malyshev2019-01-062-0/+22
| | | | | | | | multibytes
* | Fix #77269: Potential unsigned underflow in gdImageScaleChristoph M. Becker2019-01-062-9/+30
| | | | | | | | | | | | Belatedly, we're porting the respective upstream patch[1]. [1] <https://github.com/libgd/libgd/commit/60bfb401ad5a4a8ae995dcd36372fe15c71e1a35>
* | Fix bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext)Stanislav Malyshev2019-01-062-1/+15
| |
View Lorry Controller Status