]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | combined (merge: 01f42b8 ee76a5a)
Merge branch 'PHP-5.6' into PHP-7.0
authorStanislav Malyshev <stas@php.net>
Tue, 24 Apr 2018 04:59:50 +0000 (21:59 -0700)
committerStanislav Malyshev <stas@php.net>
Tue, 24 Apr 2018 04:59:57 +0000 (21:59 -0700)
* PHP-5.6:
  Fix tsrm_ls
  Fix #76129 - remove more potential unfiltered outputs for phar
  Fix test
  Fix bug #76248 - Malicious LDAP-Server Response causes Crash
  Fix bug #76249 - fail on invalid sequences
  Fix #76130: Heap Buffer Overflow (READ: 1786) in exif_iif_add_value
  Fix bug #75981: prevent reading beyond buffer start

1  2 
ext/exif/exif.c patch | diff1 | diff2 | blob | history
ext/iconv/iconv.c patch | diff1 | diff2 | blob | history
ext/ldap/ldap.c patch | diff1 | diff2 | blob | history
ext/phar/phar_object.c patch | diff1 | diff2 | blob | history

diff --cc ext/exif/exif.c
Simple merge
diff --cc ext/iconv/iconv.c
index 47aa983ab120c587de40c4622380df90ef75897b,335dbd17e98c0182284867726d2cd0d5133a2065..ea619aa2274fc0d7295871a763ffe3e921c8d41b
--- 1/ext/iconv/iconv.c
--- 2/ext/iconv/iconv.c
+++ b/ext/iconv/iconv.c
@@@ -2648,6 -2672,9 +2648,9 @@@ static int php_iconv_stream_filter_appe
                                                                tcnt = 0;
                                                                break;
                                                        }
 -                                                  php_error_docref(NULL TSRMLS_CC, E_WARNING, "iconv stream filter (\"%s\"=>\"%s\"): invalid multibyte sequence", self->from_charset, self->to_charset);
+                                               } else {
++                                                  php_error_docref(NULL, E_WARNING, "iconv stream filter (\"%s\"=>\"%s\"): invalid multibyte sequence", self->from_charset, self->to_charset);
+                                                   goto out_failure;
                                                }
                                                break;
  
diff --cc ext/ldap/ldap.c
index cec20da3ccaa477662b8667bef021291fb5bf6f4,03ca03d3adee59787d58cd342d8f864c5d96252a..1c9340c77777426d718a7cb098b59b2827d2c21e
--- 1/ext/ldap/ldap.c
--- 2/ext/ldap/ldap.c
+++ b/ext/ldap/ldap.c
@@@ -1119,9 -1101,13 +1119,13 @@@ PHP_FUNCTION(ldap_get_entries
                }
  #endif
  
 -              add_assoc_long(tmp1, "count", num_attrib);
 +              add_assoc_long(&tmp1, "count", num_attrib);
                dn = ldap_get_dn(ldap, ldap_result_entry);
-               add_assoc_string(&tmp1, "dn", dn);
+               if (dn) {
 -                      add_assoc_string(tmp1, "dn", dn, 1);
++                      add_assoc_string(&tmp1, "dn", dn);
+               } else {
 -                      add_assoc_null(tmp1, "dn");
++                      add_assoc_null(&tmp1, "dn");
+               }
  #if (LDAP_API_VERSION > 2000) || HAVE_NSLDAP || HAVE_ORALDAP || WINDOWS
                ldap_memfree(dn);
  #else
diff --cc ext/phar/phar_object.c
index 3afe8599b638efeccc1b3351639c7077ca58eb41,a6f56ac8af298302d9d87bddff0a7bea2e813a10..bfbbd1479b0e99e0192d0a8ec67a6d9953716645
--- 1/ext/phar/phar_object.c
--- 2/ext/phar/phar_object.c
+++ b/ext/phar/phar_object.c
@@@ -314,11 -337,10 +314,10 @@@ static void phar_do_403(char *entry, in
        ctr.response_code = 403;
        ctr.line_len = sizeof("HTTP/1.0 403 Access Denied")-1;
        ctr.line = "HTTP/1.0 403 Access Denied";
 -      sapi_header_op(SAPI_HEADER_REPLACE, &ctr TSRMLS_CC);
 -      sapi_send_headers(TSRMLS_C);
 +      sapi_header_op(SAPI_HEADER_REPLACE, &ctr);
 +      sapi_send_headers();
        PHPWRITE("<html>\n <head>\n  <title>Access Denied</title>\n </head>\n <body>\n  <h1>403 - File ", sizeof("<html>\n <head>\n  <title>Access Denied</title>\n </head>\n <body>\n  <h1>403 - File ") - 1);
-       PHPWRITE(entry, entry_len);
-       PHPWRITE(" Access Denied</h1>\n </body>\n</html>", sizeof(" Access Denied</h1>\n </body>\n</html>") - 1);
+       PHPWRITE("Access Denied</h1>\n </body>\n</html>", sizeof("Access Denied</h1>\n </body>\n</html>") - 1);
  }
  /* }}} */
  
@@@ -339,11 -361,10 +338,10 @@@ static void phar_do_404(phar_archive_da
        ctr.response_code = 404;
        ctr.line_len = sizeof("HTTP/1.0 404 Not Found")-1;
        ctr.line = "HTTP/1.0 404 Not Found";
 -      sapi_header_op(SAPI_HEADER_REPLACE, &ctr TSRMLS_CC);
 -      sapi_send_headers(TSRMLS_C);
 +      sapi_header_op(SAPI_HEADER_REPLACE, &ctr);
 +      sapi_send_headers();
        PHPWRITE("<html>\n <head>\n  <title>File Not Found</title>\n </head>\n <body>\n  <h1>404 - File ", sizeof("<html>\n <head>\n  <title>File Not Found</title>\n </head>\n <body>\n  <h1>404 - File ") - 1);
-       PHPWRITE(entry, entry_len);
-       PHPWRITE(" Not Found</h1>\n </body>\n</html>",  sizeof(" Not Found</h1>\n </body>\n</html>") - 1);
+       PHPWRITE("Not Found</h1>\n </body>\n</html>",  sizeof("Not Found</h1>\n </body>\n</html>") - 1);
  }
  /* }}} */
  
Unnamed repository; edit this file 'description' to name the repository.