summaryrefslogtreecommitdiff
path: root/Zend/zend_virtual_cwd.c
Commit message (Collapse)AuthorAgeFilesLines
...
| * | Fixed bug #73962 bug with symlink related to cyrillic directoryAnatol Belski2017-01-201-3/+5
| | |
* | | Merge branch 'PHP-7.1'Anatol Belski2017-01-071-1/+2
|\ \ \ | |/ / | | | | | | | | | * PHP-7.1: fix edge case leak
| * | fix edge case leakAnatol Belski2017-01-071-1/+2
| | |
* | | Merge branch 'PHP-7.1'Anatol Belski2017-01-071-30/+22
|\ \ \ | |/ / | | | | | | | | | * PHP-7.1: Fixed bug #73877 readlink() returns garbage for UTF-8 paths
| * | Fixed bug #73877 readlink() returns garbage for UTF-8 pathsAnatol Belski2017-01-071-30/+22
| | |
| * | Update copyright headers to 2017Sammy Kaye Powers2017-01-041-1/+1
| | |
* | | Update copyright headers to 2017Sammy Kaye Powers2017-01-021-1/+1
| | |
* | | Path handling related refactoringsAnatol Belski2016-12-221-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Primarily related to the path handling datatypes, to avoid unnecessary casts, where possible. Also some rework to avoid code dup. Probably more places are to go, even not path related, primarily to have less casts and unsigned integers where possible. That way, we've not only less warnings and casts, but are also safer with regard to the integer overflows. OFC it's not a panacea, but still significantly reduces the vulnerability potential.
* | | reduce realpath_cache_bucket size by 8 bytes on 64-bitAnatol Belski2016-11-131-1/+1
| | | | | | | | | | | | | | | | | | This limits the path length to 64kb which is already far above the use case. In return, the whole path cache storage size is reduced by 8kb.
* | | Remove Netware supportKalle Sommer Nielsen2016-11-121-69/+7
| | | | | | | | | | | | If this does not break the Unix system somehow, I'll be amazed. This should get most of it out, apologies for any errors this may cause on non-Windows ends which I cannot test atm.
* | | remove dead codeAnatol Belski2016-10-261-51/+0
| | |
* | | reset also the cwd_length, when cwd is free'dAnatol Belski2016-10-261-1/+2
| | |
* | | Merge branch 'PHP-7.1'Christoph M. Becker2016-09-061-1/+1
|\ \ \ | |/ /
| * | Merge branch 'PHP-7.0' into PHP-7.1Christoph M. Becker2016-09-061-1/+1
| |\ \ | | |/
| | * Merge branch 'PHP-5.6' into PHP-7.0Christoph M. Becker2016-09-061-1/+1
| | |\
| | | * Fix #73025: Heap Buffer Overflow in virtual_popen of zend_virtual_cwd.cChristoph M. Becker2016-09-061-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `command_length` is retrieved via strlen() and later passed to emalloc() and memcpy(), so the appropriate type is `size_t`. We don't add a regression test, because that would need to allocate a string of at least 2 GiB.
| | | * Merge branch 'PHP-5.5' into PHP-5.6Stanislav Malyshev2016-07-191-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.5: fix #72519, possible OOB using imagegif fix #72512, invalid read or write for palette image when invalid transparent index is used Apparently some envs miss SIZE_MAX Fix tests Fix bug #72618: NULL Pointer Dereference in exif_process_user_comment Partial fix for bug #72613 - do not treat negative returns from bz2 as size_t Fix bug #72606: heap-buffer-overflow (write) simplestring_addn simplestring.c Fix for bug #72558, Integer overflow error within _gdContributionsAlloc() Fix bug #72603: Out of bound read in exif_process_IFD_in_MAKERNOTE Fix bug #72562 - destroy var_hash properly Fix bug #72533 (locale_accept_from_http out-of-bounds access) Fix fir bug #72520 Fix for bug #72513 CS fix and comments with bug ID Fix for HTTP_PROXY issue. add tests for bug #72512 Fixed bug #72512 gdImageTrueColorToPaletteBody allows arbitrary write/read access Fixed bug #72479 - same as #72434 Conflicts: ext/bz2/bz2.c main/SAPI.c main/php_variables.c
| | | * Fix for bug #72513Stanislav Malyshev2016-07-121-1/+1
| | | |
* | | | Merge branch 'PHP-7.1'Anatol Belski2016-09-011-25/+10
|\ \ \ \ | |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-7.1: fix useless assignment avoid needless function call remove useless assignment remove unused assignment rewrite the getcwd part fix leak fix unused assignment remove duplicated symbol
| * | | remove unused assignmentAnatol Belski2016-09-011-3/+1
| | | |
| * | | rewrite the getcwd partAnatol Belski2016-09-011-22/+9
| | | | | | | | | | | | | | | | | | | | | | | | Also fixes a possible memory leak. Still not ideal, as seems CWD longer than MAX_PATH is still not supported. But a heap allocation is not needed anyway, as MAXPATHLEN value is the maximum supported.
* | | | Merge branch 'PHP-7.1'Anatol Belski2016-08-271-0/+1
|\ \ \ \ | |/ / / | | | | | | | | | | | | | | | | | | | | | | | | * PHP-7.1: fix leak add parentheses fix clang compat fix leak
| * | | fix leakAnatol Belski2016-08-271-0/+1
| | | |
| * | | Fixed 7.1 build, decls first please!Kalle Sommer Nielsen2016-08-171-1/+1
| | | |
* | | | Fix build on WindowsKalle Sommer Nielsen2016-07-301-1/+1
|/ / /
* | | Merge branch 'PHP-7.0'Anatol Belski2016-07-191-1/+1
|\ \ \ | |/ / | | | | | | | | | * PHP-7.0: Fix for bug #72513
| * | Fix for bug #72513Stanislav Malyshev2016-07-191-1/+1
| | | | | | | | | | | | This is applicable to 7 as well, but was somehow missing from the merge.
* | | silence compiler noiseAnatol Belski2016-07-111-1/+1
| | |
* | | Fixed the UTF-8 and long path support in the streams on Windows.Anatol Belski2016-06-201-80/+165
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since long the default PHP charset is UTF-8, however the Windows part is out of step with this important point. The current implementation in PHP doesn't technically permit to handle UTF-8 filepath and several other things. Till now, only the ANSI compatible APIs are being used. Here is more about it https://msdn.microsoft.com/en-us/library/windows/desktop/dd317752%28v=vs.85%29.aspx The patch fixes not only issues with multibyte filenames under incompatible codepages, but indirectly also issues with some other multibyte encodings like BIG5, Shift-JIS, etc. by providing a clean way to access filenames in UTF-8. Below is a small list of issues from the bug tracker, that are getting fixed: https://bugs.php.net/63401 https://bugs.php.net/41199 https://bugs.php.net/50203 https://bugs.php.net/71509 https://bugs.php.net/64699 https://bugs.php.net/64506 https://bugs.php.net/30195 https://bugs.php.net/65358 https://bugs.php.net/61315 https://bugs.php.net/70943 https://bugs.php.net/70903 https://bugs.php.net/63593 https://bugs.php.net/54977 https://bugs.php.net/54028 https://bugs.php.net/43148 https://bugs.php.net/30730 https://bugs.php.net/33350 https://bugs.php.net/35300 https://bugs.php.net/46990 https://bugs.php.net/61309 https://bugs.php.net/69333 https://bugs.php.net/45517 https://bugs.php.net/70551 https://bugs.php.net/50197 https://bugs.php.net/72200 https://bugs.php.net/37672 Yet more related tickets can for sure be found - on bugs.php.net, Stackoverflow and Github. Some of the bugs are pretty recent, some descend to early 2000th, but the user comments in there last even till today. Just for example, bug #30195 was opened in 2004, the latest comment in there was made in 2014. It is certain, that these bugs descend not only to pure PHP use cases, but get also redirected from the popular PHP based projects. Given the modern systems (and those supported by PHP) are always based on NTFS, there is no excuse to keep these issues unresolved. The internalization approach on Windows is in many ways different from UNIX and Linux, while it supports and is based on Unicode. It depends on the current system code page, APIs used and exact kind how the binary was compiled The locale doesn't affect the way Unicode or ANSI API work. PHP in particular is being compiled without _UNICODE defined and this is conditioned by the way we handle strings. Here is more about it https://msdn.microsoft.com/en-us/library/tsbaswba.aspx However, with any system code page ANSI functions automatically convert paths to UTF-16. Paths in some encodings incompatible with the current system code page, won't work correctly with ANSI APIs. PHP till now only uses the ANSI Windows APIs. For example, on a system with the current code page 1252, the paths in cp1252 are supported and transparently converted to UTF-16 by the ANSI functions. Once one wants to handle a filepath encoded with cp932 on that particular system, an ANSI or a POSIX compatible function used in PHP will produce an erroneous result. When trying to convert that cp932 path to UTF-8 and passing to the ANSI functions, an ANSI function would likely interpret the UTF-8 string as some string in the current code page and create a filepath that represents every single byte of the UTF-8 string. These behaviors are not only broken but also disregard the documented INI settings. This patch solves the issies with the multibyte paths on Windows by intelligently enforcing the usage of the Unicode aware APIs. For functions expect Unicode (fe CreateFileW, FindFirstFileW, etc.), arguments will be converted to UTF-16 wide chars. For functions returning Unicode aware data (fe GetCurrentDirectoryW, etc.), resulting wide string is converted back to char's depending on the current PHP charset settings, either to the current ANSI codepage (this is the behavior prior to this patch) or to UTF-8 (the default behavior). In a particular case, users might have to explicitly set internal_encoding or default_charset, if filenames in ANSI codepage are necessary. Current tests show no regressions and witness that this will be an exotic case, the current default UTF-8 encoding is compatible with any supported system. The dependency libraries are long switching to Unicode APIs, so some tests were also added for extensions not directly related to streams. At large, the patch brings over 150 related tests into the core. Those target and was run on various environments with European, Asian, etc. codepages. General PHP frameworks was tested and showed no regressions. The impact on the current C code base is low, the most places affected are the Windows only places in the three files tsrm_win32.c, zend_virtual_cwd.c and plain_wrapper.c. The actual implementation of the most of the wide char supporting functionality is in win32/ioutil.* and win32/codepage.*, several low level functionsare extended in place to avoid reimplementation for now. No performance impact was sighted. As previously mentioned, the ANSI APIs used prior the patch perform Unicode conversions internally. Using the Unicode APIs directly while doing custom conversions just retains the status quo. The ways to optimize it are open (fe. by implementing caching for the strings converted to wide variants). The long path implementation is user transparent. If a path exceeds the length of _MAX_PATH, it'll be automatically prefixed with \\?\. The MAXPATHLEN is set to 2048 bytes. Appreciation to Pierre Joye, Matt Ficken, @algo13 and others for tips, ideas and testing. Thanks.
* | Merge branch 'PHP-5.6' into PHP-7.0Anatol Belski2016-05-101-0/+1
|\ \ | |/ | | | | | | * PHP-5.6: fix handle leak
| * fix handle leakAnatol Belski2016-05-101-0/+1
| |
| * tsrm_win32_get_path_sid_key might returns NULL (Partially fix bug #71752)Xinchen Hui2016-03-101-1/+3
| | | | | | | | cherry-picked from 7d5f71b0b125c89211e5a2a6d925deba938abd41
| * Happy new year (Update copyright to 2016)Lior Kaplan2016-01-011-1/+1
| |
| * Merge branch 'PHP-5.5' into PHP-5.6Anatol Belski2015-04-281-1/+1
| | | | | | | | | | * PHP-5.5: backported patch for bug #69472
| * bump yearXinchen Hui2015-01-151-1/+1
| |
* | tsrm_win32_get_path_sid_key might returns NULL (Partially fix bug #71752)Xinchen Hui2016-03-101-1/+2
| |
* | bump year which is missed in rev 49493a2Xinchen Hui2016-01-021-1/+1
| |
* | don't get invalid chmod mode throughAnatol Belski2015-11-051-0/+14
| |
* | zero cwd buffer before passing to chmodAnatol Belski2015-11-051-0/+3
| |
* | Replace references to PHP_WIN32 and TSRM_WIN32 with ZEND_WIN32 in Zend/, ↵Kalle Sommer Nielsen2015-07-041-42/+29
| | | | | | | | this also fixes 1 instance of where fflush(stderr) was misplaced (zend_extensions.c)
* | Fix bug #69814 Enabling php_curl, php_mysqli, and php_openssl causes php-cgi ↵Anatol Belski2015-06-131-0/+8
| | | | | | | | to crash
* | move S_IFLNK define into headerAnatol Belski2015-05-251-4/+0
| |
* | further cleanups with S_IF* macros generalized declarationsAnatol Belski2015-05-251-8/+0
| |
* | Fixed bug #69511 Off-by-one bufferoverflow in php_sys_readlinkAnatol Belski2015-05-191-2/+12
| |
* | Fixed bug #69472 php_sys_readlink ignores misc errors from ↵Jan Starke2015-04-281-1/+1
| | | | | | | | GetFinalPathNameByHandleA
* | Drop old VC support in Zend Engine, this also kills the remaining MessageBox ↵Kalle Sommer Nielsen2015-03-291-4/+0
| | | | | | | | fix for Windows 9x that Anatol changed a while back
* | bump yearXinchen Hui2015-01-151-1/+1
| |
* | trailing whitespace removalStanislav Malyshev2015-01-101-3/+3
| |
* | first shot remove TSRMLS_* thingsAnatol Belski2014-12-131-81/+81
| |
* | Fixed compilation warningsDmitry Stogov2014-12-121-1/+1
| |
View Lorry Controller Status